zatusim.com Open in urlscan Pro
87.236.16.238 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Submission Tags: falconsandbox
Submission: On December 30 via api (December 30th 2021, 11:20:05 am UTC) from US — Scanned from DE

Summary HTTP 306 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 37 IPs in 7 countries across 30 domains to perform 306 HTTP transactions. The main IP is 87.236.16.238, located in Russian Federation and belongs to BEGET-AS, RU. The main domain is zatusim.com.
TLS certificate: Issued by R3 on November 2nd 2021. Valid for: 3 months.

This is the only time zatusim.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
23	87.236.16.238 87.236.16.238	198610 (BEGET-AS) (BEGET-AS)
1	2606:4700:303... 2606:4700:3034::6815:602c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
20	62.76.25.28 62.76.25.28	61400 (NETRACK-AS) (NETRACK-AS)
1	178.62.225.201 178.62.225.201	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2 41	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
13	2606:4700:303... 2606:4700:3030::6815:3ba3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
24	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
3 10	2a02:6b8::1:119 2a02:6b8::1:119	208722 (YNDX) (YNDX)
1	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
2 8	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2016	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
1 34	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
3	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a02:2638:1::11 2a02:2638:1::11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
21	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	178.250.2.135 178.250.2.135	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2620:116:800d... 2620:116:800d:21:fcb8:22d2:d390:5f1b	16509 (AMAZON-02) (AMAZON-02)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
13	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
4 4	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
6 6	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
1 1	54.171.63.239 54.171.63.239	16509 (AMAZON-02) (AMAZON-02)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8102:af9a:78a3:719c:55d1	16509 (AMAZON-02) (AMAZON-02)
306	37

23 87.236.16.238 (Russian Federation)

ASN198610 (BEGET-AS, RU)

zatusim.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::6815:602c (United States)

ASN13335 (CLOUDFLARENET, US)

rbtwo.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 62.76.25.28 (Moscow, Russian Federation)

ASN61400 (NETRACK-AS, RU)

pwxlqg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.62.225.201 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

greenklick.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:3030::6815:3ba3 (United States)

ASN13335 (CLOUDFLARENET, US)

rotarb.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:6b8::1:119 (Moscow, Russian Federation) 3 redirects

ASN208722 (YNDX, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:1::11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 178.250.2.135 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.am5.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:fcb8:22d2:d390:5f1b (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.215.191 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 198.47.127.19 (United States) 6 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.138 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.171.63.239 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-63-239.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8102:af9a:78a3:719c:55d1 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	googlesyndication.com 1 redirects pagead2.googlesyndication.com tpc.googlesyndication.com	561 KB
41	gstatic.com fonts.gstatic.com www.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn3.gstatic.com	918 KB
39	criteo.net static.criteo.net pix.eu.criteo.net csm.eu.criteo.net	879 KB
39	doubleclick.net 2 redirects googleads.g.doubleclick.net static.doubleclick.net cm.g.doubleclick.net	166 KB
23	zatusim.com zatusim.com	459 KB
20	pwxlqg.com pwxlqg.com	374 KB
18	youtube.com www.youtube.com	1 MB
13	rotarb.bid rotarb.bid	46 KB
11	criteo.com rtb.fr.eu.criteo.com ads.eu.criteo.com cat.nl.eu.criteo.com rtb.nl.eu.criteo.com	146 KB
10	google.com 2 redirects adservice.google.com www.google.com	28 KB
10	googleapis.com fonts.googleapis.com	7 KB
8	yandex.com 2 redirects mc.yandex.com	3 KB
7	googletagservices.com www.googletagservices.com	256 KB
6	pubmatic.com 6 redirects image6.pubmatic.com	3 KB
4	addthis.com 4 redirects e.dlx.addthis.com	3 KB
3	rubiconproject.com 3 redirects pixel.rubiconproject.com	1 KB
3	openx.net rtb.openx.net	618 B
3	quantserve.com cms.quantserve.com	1 KB
3	cloudflare.com cdnjs.cloudflare.com	15 KB
2	rlcdn.com 2 redirects id.rlcdn.com	886 B
2	ytimg.com i.ytimg.com	102 KB
2	ggpht.com yt3.ggpht.com	11 KB
2	google.de adservice.google.de	914 B
2	yandex.ru 1 redirects mc.yandex.ru	66 KB
1	innovid.com ag.innovid.com	296 B
1	everesttech.net 1 redirects pixel.everesttech.net	375 B
1	mookie1.com odr.mookie1.com	324 B
1	googleadservices.com partner.googleadservices.com	644 B
1	greenklick.biz greenklick.biz	20 KB
1	rbtwo.bid rbtwo.bid	673 B
306	30

	Domain	Requested by
34	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
24	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com www.youtube.com googleads.g.doubleclick.net zatusim.com www.googletagservices.com
24	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
23	zatusim.com	zatusim.com
21	static.criteo.net	ads.eu.criteo.com
20	pwxlqg.com	zatusim.com pwxlqg.com
18	www.youtube.com	zatusim.com www.youtube.com
16	pagead2.googlesyndication.com	zatusim.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
14	pix.eu.criteo.net	ads.eu.criteo.com
13	cm.g.doubleclick.net	googleads.g.doubleclick.net zatusim.com
13	rotarb.bid	zatusim.com
10	fonts.googleapis.com	zatusim.com tpc.googlesyndication.com cdnjs.cloudflare.com googleads.g.doubleclick.net
8	www.gstatic.com	www.youtube.com www.gstatic.com googleads.g.doubleclick.net
8	www.google.com	2 redirects www.youtube.com googleads.g.doubleclick.net tpc.googlesyndication.com
8	mc.yandex.com	2 redirects zatusim.com mc.yandex.ru
7	www.googletagservices.com	googleads.g.doubleclick.net
6	image6.pubmatic.com	6 redirects
4	e.dlx.addthis.com	4 redirects
4	encrypted-tbn1.gstatic.com	googleads.g.doubleclick.net
4	csm.eu.criteo.net	ads.eu.criteo.com
4	ads.eu.criteo.com	googleads.g.doubleclick.net
3	pixel.rubiconproject.com	3 redirects
3	rtb.openx.net	googleads.g.doubleclick.net
3	cms.quantserve.com	googleads.g.doubleclick.net
3	encrypted-tbn0.gstatic.com	googleads.g.doubleclick.net
3	cdnjs.cloudflare.com	ads.eu.criteo.com
3	cat.nl.eu.criteo.com	ads.eu.criteo.com
3	rtb.fr.eu.criteo.com	googleads.g.doubleclick.net
2	id.rlcdn.com	2 redirects
2	encrypted-tbn3.gstatic.com	googleads.g.doubleclick.net
2	i.ytimg.com	www.youtube.com
2	yt3.ggpht.com	www.youtube.com
2	static.doubleclick.net	www.youtube.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	mc.yandex.ru	1 redirects zatusim.com
1	ag.innovid.com	googleads.g.doubleclick.net
1	pixel.everesttech.net	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	rtb.nl.eu.criteo.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	greenklick.biz	zatusim.com
1	rbtwo.bid	zatusim.com
306	43

This site contains links to these domains. Also see Links.

Domain
gadanieprimeta.ru
pwxlqg.com

Subject Issuer	Validity	Valid
zatusim.com R3	`2021-11-02` - `2022-01-31`	3 months	crt.sh
*.rbtwo.bid R3	`2021-12-09` - `2022-03-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
pwxlqg.com R3	`2021-12-08` - `2022-03-08`	3 months	crt.sh
greenklick.biz R3	`2021-11-06` - `2022-02-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-10-11` - `2022-10-10`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
mc.yandex.ru Yandex CA	`2021-12-22` - `2022-06-03`	5 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-11-03` - `2022-01-31`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-11-03` - `2022-01-31`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-24`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-11-03` - `2022-01-31`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-25`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh

This page contains 27 frames:

Primary Page: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Frame ID: 5279C48C047059652EFAE21494C32D37
Requests: 102 HTTP requests in this frame

Frame: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed
Frame ID: 97A2AEAABDF2E779F971EAEE27DEB296
Requests: 19 HTTP requests in this frame

Frame: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed
Frame ID: 083D72EF6AB33B93185F575B73C9CF12
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Frame ID: 96CC4315D6DAE27885CD8F158683E60D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&slotname=2750588245&adk=2148637027&adf=1822546358&pi=t.ma~as.2750588245&w=1100&fwrn=4&fwrnh=100&lmt=1640863196&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863196437&bpp=4&bdt=353&idt=239&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=89095857355&frm=20&pv=2&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=f7OAy7ImjI&p=https%3A//zatusim.com&dtd=263
Frame ID: 82BA12979152B744FB99F480EDC8E0C4
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=600&slotname=2750588245&adk=2037619514&adf=2110228848&pi=t.ma~as.2750588245&w=300&fwrn=4&fwrnh=100&lmt=1640863196&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863196444&bpp=1&bdt=360&idt=314&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=1100x280&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=562&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=V9XQ53GgvS&p=https%3A//zatusim.com&dtd=316
Frame ID: 7067DEFA361C3B560B15D29652D0DEA1
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&adk=1812271804&adf=3025194257&lmt=1640863196&plat=3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863196457&bpp=1&bdt=373&idt=316&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600&nras=1&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&pvsid=305968837697233&pem=713&tmod=295&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=5&uci=a!5&fsb=1&dtd=336
Frame ID: 94B1225A370864DC9C147880205FFA5D
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yc2V3AALI6YGUIGXAAEpdpiFJuk0Xx5jyIsjjg&u=%7CP7F4ZwhlJnuadVWYyR7KylbDgbofWSn5emxKVkJb4LQ%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wfKC8Jaasunnb7lXej_Vvy690M-dIfyRdtrboGzSg7eVX37Zm1-SRnvx6KlxY1Y1Z5J3RirLYP2rptiTYqibHzA4YOPFyvRJno5bXrrRD94SDRGuPg-cTguDDT1bgOXFHgJkkiyx_qQnAJH3T9lxBkU5_2w5kiSXLJHjS0OQKul566o-NjrFxiI8g1TsDolSG382D7Qeu_1Zq_Oju03yKojj-91B3zAW3qU_ndaNPo0KZqX1wcTHbimCaEtknhkGEKChjOq9KwJBnCu0FBuwpe1tqZ-dAnrMv4OYhkujMmjEiAviPjovG3xPNcKDUkgHDKsBA1nT5u6Xbvkms-0wCdnEx2dASBup5Yj7sKb_DasedgvnP8X2yswkGF0O3e7rA7phjAfkcRcrN2eiiQZBFyWe3sHKyxMfnQw8PE2kp3jKafNOUAN8Semnf56VG0Hbmiy4oCv9J5tqg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCuKYX3JXNYabHLJeDwuIP9tKEoAbJntKxXIX-l_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTc2OTU4MDQ5NTgwMzcwOTegAdW20uoDyAEJqQJONYqLVgCzPqgDAaoE7wFP0EfFWi1KHck9QiqB21ZRwAV36sGcf1tBUS-mV4lQXK3WAdrQKkXGqMyy8FrrJYw3rmmLEsVT6d1XqL6gs4UvCiNsavAwneYBY4w2IMPjv5T7MAuqhfTDCDp3kPNnk2KAjZcDD_lvMZ9fBXhBwanafg2tbpeSuDQnaqzIo8AVDjJbRrv1gmEjfGhTOgi3h6oP5PaJcJjm4HKLBcNa3kdZroB3ohAkwJgXr1-0loEFA7a6nel2uajqIiC3kYH9K7T5dGNc8OP_6EjnankXtHE_JDENlP6iSWrue1l8Z_nzckaCm2Vv_KR8tBNCnYpX_IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2MVq3KLpDTETZuJl8bm77zDcVWpw%26client%3Dca-pub-7695804958037097%26adurl%3D
Frame ID: E37C53CDF6EE12F264B06591D9F0B413
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/index.html
Frame ID: 96635FE625F471B062DE3DAA527C5BAF
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 4CD9E48DCB02FDD33BB9782620EC65A1
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50
Frame ID: 032A565CBBC04DBA74CE9F7E05FF5810
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82
Frame ID: 38C17296A211F5ACD383E87234C87A9C
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=3072855283&pi=t.aa~a.3115621905~i.35~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=1&bdt=1776&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280%2C730x280&nras=4&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=4655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=cjUXKqOrcC&p=https%3A//zatusim.com&dtd=89
Frame ID: D22A82DB2BC29AC1757A9F990D4DE664
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: CE3E504D45A5E38EECE379112ABBD18F
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 985B9C648703DE7E170D4964737BBCFA
Requests: 22 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 5CA70DDB54D7BC5F8814A19BBFB413C7
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F512BFC2D8EE82AA19A23579AE42B963
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js
Frame ID: 9D877354627819654CAFBCD32C108AB3
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js
Frame ID: 504CA902A9564DC56599A62AB21B478B
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yc2V3gAAa9wH4_SfAAMQjdBpC37l6Gb-8LlubQ&u=%7CdGVh7OnjQKvUHoP3A%2FwtpUCBLMBI2CxaXeFBmk2%2BmWs%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wfKC8Jaasunnb7lXej_Vvy6EkBWqE9Z3NGfRuTXqpF2fqIPkjM227lRb5yTf7CiRlRI9UAX9rRBM5GPL9FZl46IXdrLXUm5WrJMMl1714OdBNxMtlpdF3ihSVP4xg1_1bIpCHWcW_hC6cjqg-f0uD_5zeMrHqXCuu9zQT1YRQxbxSJ2779lnFtArxiJ4Q1mnfsSVTVRZ5VFNuJ1YmrL3kgypwtwTUSIKsCghbWJRLISKkF_EOIvuasgw1-1n0Jz0X4cQ_HK2aLLT5OSkpKAjqLDeVmTZ1oLrXvQifrbjB43PVbSsOVwGjZxv0KO9JKB43ngDEGVYKwh6xguHySuVVhxxbz2ayv7UZ6zbIIBcEfKm5oWo8n1s2PiOybJuWJCcbVmvQA-d7AU_X1ptjKxnLj-fWZNfZ8htrWke-ppBCsXPGZjiSV5R15kXmmQB22rIyn8oiZt8w_VVg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAIE83pXNYdzXAZ_pj-8PjaGM2AbJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTc2OTU4MDQ5NTgwMzcwOTegAdW20uoDyAEJqQL0645VT_2yPqgDAaoE9AFP0PpEWKBBBRZioYsUxeLR1mpOAWG1pkN6IiSNLFP8zsg1h6ufTjpJJI_ZoHXCjZEuuLo7ec8TXSZZA66tcDYl6AaQSTyr6atYEtrxPth-QNXeLUuZxY6gcilfqq3IsjksYfCo-BIbfSqLBLAbZPlX7srvUUWuR8ljfD9Xfs4LpwJkHINdDnBiMZjqJJEt7XKQ1x_9_qXhnk3u9NEKLFtg3triWa6CZX3DNpOqiIPGFJUhoxn47yLGQF5bsxIih0VNPhcmsniYe0RwGuBh6M1-bevcWj9P6NW8p4FjkgbJV0nQKoaMXk6M49Qsh2rDxoDj8V0cgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_011UYQ7D9OaZuhqUCJTZOQFmzoBQ%26client%3Dca-pub-7695804958037097%26adurl%3D
Frame ID: CDBAC0B848A91572DF26C9605EC2D427
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 46FBFDE2D541E081D7458573F6532D67
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yc2V3gAAVgIAsxJhAAFeNyR-U1k9e8mwJStBVQ&u=%7CdGVh7OnjQKsfQspz%2BsHoAnbINBXuJM3LrMoVA0NS85M%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wfKC8Jaasunnb7lXej_Vvy6EkBWqE9Z3NGfRuTXqpF2fm6V52h-jlKrnt4pdWVouHrJ75NwpQD6FR6VsCKZe2p2KPzDbrAh0Q5nYRa2FBRP5WIWq50ibklhLQ7pEfeKEit6PYVwD5n2D7Ns0BPvbM3041MRSrE7mduaFgOBL4xpvJfkMoP3f_js-GUUz8XA66hA4nyuqEUzYsnfUogFou31KULnjrBuYb1h4aDRYemD1u5dK6jOuLGm_aMDKueiIcl_8E4fmBhDmYN92fjZsJTnig1YEfIQJwSR2RGBUuY9i91LBw3LJsz-UWd2dMTBZYsute8UkTTWrujvv2pnF4nF_EOotpR9ZpQQqoL6MQYEptFBqZiivUYMipzfKXRIGknDQ4yWT6zDDTR3KIGfi7YOSuRV9MoesVxtphZxQ5W2id-d6K6IgX396b5G76231-mpmNk_fgpNjg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCWHpE3pXNYYKsAeGkzLUPt7yF-ATJntKxXPXalvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTc2OTU4MDQ5NTgwMzcwOTegAdW20uoDyAEJqQJONYqLVgCzPqgDAaoE9AFP0Arn962HsdsoRpkgF4FiWiZ4nqlywLzQGXgIvxhtblLGLzwulzH39gmjNXPXIDZ7JagQc-sCKM1mB5xJSG8JW8b0w06FgN_B2yUJTEMEQ2IHIGQbzapqJX27KHDfdo4kCMLOENni9At199WGb_BKx1dtKmpZJqBr6RINlJPnI1etOjxInYjUgVh7ISehELdLPElJQ3BG6EW4XZBs7NhZGFXly4BsU4jOeisOmlFG8dL0_LpYPZtebDAsAitGW5eo6bSK-VfzusgbfpYbwZDGYfGDOXGQK_75ap6tw2_a98Rt6DvwE3N0J_FBdJIMPDCj8wONgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3CxbqpIVVJ1zifzNDGUXAUOqca2A%26client%3Dca-pub-7695804958037097%26adurl%3D
Frame ID: 8334D109BE9E4B207695BECF2A42F7AD
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9909A2C965D040EBE6842FA8731A64F4
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yc2V3gAARY0H4_uGAANpAwGqMjF9BVIpJ7pbYg&u=%7CdGVh7OnjQKso%2B1%2BSjNVXbkRZWOsE4%2BMQRY%2F9mNfkWbw%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wfKC8Jaasunnb7lXej_Vvy6EkBWqE9Z3NGfRuTXqpF2fmbHNfNTreU3NO_J0wJsHdZuPDRScViHHG2C4LOAqujIGEx87X87-s8O1cqsxf6NFXt-P0d97a3M0axHwz4BlgfS3DujbD1S3ia5IyeMvw1RfnL23T6CRoejlyc-tsvH6_X0_Sj8SJ8W7ALE9IzYd9ujiMbeigtHccVk0BvK-mcqThWQwpybpSK3rMUHCIEOJ8zdYn17y-aglO_zhuo8ni3csnrXS9SuZ_k1u-LJKOT-vBgKCiza1ICEyfX4D9ghZk6AOLfDgyMj_BtMVEG8ciAlvYVEmMOHo6wbz-J7L7F4fppYZa8WedvVfMp75U-F5rrJaZLbMepAHddPdofaE-PXUxQHQV8ANwsHjkXApdMcmrAmY4fCd2z9weV1SLYnYFi_dXxiGAoBSYOgJub36I3duNERg3Z5gpUUfQT5CPHH&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCswab3pXNYY2LAYb3j-8Pg9KNgAbJntKxXLWY49aTAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03Njk1ODA0OTU4MDM3MDk3oAHVttLqA8gBCakC9OuOVU_9sj6oAwGqBPQBT9BBTASqhFA2e-lr0Yqvyof0WqEPfXYEy9YuTanEBjzDAJIne8ePBMVnXZzuK1cORd3RgXYQljuO_RhL7v8bBC9q5bDEehvKX7zjDd4Oql5EwvH0Rz0v5fVLR1_SZeSdd5Hqova25erjek7rHTbJd1ypnSDkDIdCiP5rwKFAjcgDwWahqU6UXWA3EvlB9m7W0RM2Qv70FNmCyb-bcrJG8TNA8lmoeEv7279o5bQ3DO9UUHWKe9Nhh_f_tQs4DUhP6BFeELUU3UPq39ePJHfNbwLkZbXX2P6hHiQD5IiSCEQscyJv2mqNCCPBZ5fdlOkrb5YA04AG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0lhRjrVjjVJjgdtCDb3kfnJ7ExtQ%26client%3Dca-pub-7695804958037097%26adurl%3D
Frame ID: 3815C9F8A0D42D09160727B7F5A434E6
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1A0E2C581A7483926293826EDD218CAA
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 99F53881D547D466DC43D440105C217F
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9C812CC387F6862D1C3A852319266059
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Сценарий на Новый год для семьи: веселый праздник с играми, конкурсами и фильмами

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

306
Requests

94 %
HTTPS

63 %
IPv6

30
Domains

43
Subdomains

37
IPs

7
Countries

5486 kB
Transfer

12590 kB
Size

40
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://gadanieprimeta.ru/
Title: ГАДАНИЯ ПРИМЕТЫ

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=385053&c=mAYlUvKx4Etx3J7Gj6aSt3hLhQK0oEQ-lavZtPGSZ4Z4Rdc_xVK3fdd_nF1wgaZ4nL07A2qNYx4j_tB18UrkSRu2hCw3v-581fEoVHiEFVyY5mE4pkG2J4n0nSARYs-rYYCn4clagWl0MNAb1rZN4uRWAubcZIHzAcbE7r5CltOYW0KxQg86lo48cBcChc4KkYmKCSVapkVfHAZvNcUO6MtnGE3gEGKbLyubEKcOyBYr2WdiB_hTB87PIlto1ZxxS7a8IEyZ1Va2nUolJlvMjcvQHGHM8EtJN4xhexLol9y82W0I6BvS_wUHUAF9O8tPEsD329gCGEWOxf_A3Ygw5jCF6N-51v98XF45uJwg0Ce3buEnw7iabocv6ksluTcCjGw8oygQX8PfIMRFlz-XSQaJ1mRh9M7FBb5OgbRaN0HfvqLJdBCtWWtWjNo5ACpPnvMpjBgIOh_-b_DRzj2O95UMC1SuzZnMTucaaj8y
Title: Курьезы в спорте, к которым не все были готовы Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=307773&c=mAYG0p0K0KWgHA-GFB7nDogiZITrt5Ebdz_oX47Y-QxW6Oxgwvn3wVxLhPk-1GF-B51WEE-QQR-Q0inUsiqT4AvYPoPKjc4sbyAFyypePh50Tbd_0183wF9c-j0ZZbJVlJMxXPcAP0CHLbsT0tE_z9R6Jcm8oBTBsIdNWK1G8yDwjupJKRQzzumfSl0DThguRgGozpAG-nR-KZ3_KnQtaMMwAKNm0-8Tod2FUel0PHdHz8yaJESVsPVBFVZmZPBO51B8fJdplJiIvqzDJYs008mHpwD3m4MPglxNcAjH1_yzzlmRuHhgK7T8J5Zoyq8eaFLkp5hjsImlAxDzD1wTeeOKzjFXsnPzYd6_ZftkRzQhIL7uIjhyrCbX9m7z-5j_otr0BenNuO_v_VM7jUQUtEQYCxWB-3kaoidiY9SgbmUdv46l6w6g7GIHLjq4O9fRhpG4Ags92-bM0g0J0ej4sURUdYb60T8
Title: Мир содрогнулся, узнав тайну Меркель! Столько лет держали в секрете Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=385649&c=mAYG0ibPuO7YsOaNvmUeWs8hBOvenWw_JgOEE0Dz6LAwiqkVUg4uCdFe5RQleNJStGcwaKjYymbALO6MyAOzir7Z8dGrQ8lD_K6C3iI0gCl9XivhYchJEgoHSdEf_s8iBTh_3fs9S1Mp2OVDJToabeiU3avOTVn4A2D3II1s9SaJCZriYrTkA59RVtc_4LWH64oiwnBZDnKUqFAgl5XTS7Ag8Li8SPwnEoMWYAWQ2NwnB4HSuzO3V6vYl-g03C7jrON_kCJfw15IXH4OppnuOpAANR4E6p7FNbvUcC9fpCE8wQ0c9q6RWx5HXl7QH5bQVnWKOKlf2DG9ggCXzgnY0LwsCZ1oLZgohXXnoG9YUDNYMco5I4dkPeh9aXSmN7EAzuX5yJ9qCCikmwnYtO0ZPIo2X61mem2DjI1Ry-L0fv9xW_mOhZtMxGkjzL7swgJ_T5N6mURYH4VnF9YekJC1uglpXkvhvsS4Q6kGYiTSGpqxWIgGW7t5Z_fBDLOhb20U_w
Title: Ванга все знала: вот когда затихнет коронавирус Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=385271&c=mAYGX7OvhKDCoZOt9bEyLI7r6KdsVgag8E2G8YRhSmJM-u89AWh_sKkjEndits4SHrFy_mKWgU52TfUvrGlLlnUUtQLHtjukKmqHxeyjeBY3d2YQ7nOX29x9GjmD7P0QOENXQo2ubWejkdgMk1h9LhtRdh3mc1OkwAlYBcXKRB2vSvFumfDpSLGJKZtAmxjFnWOQaN0ccQuB9ZYVrYUh8-5UtgnCVClRFt3XFGiYuj7U-k_-GypaMijl1dCZlJQ9HA7608yDFkL2qLFVipgnTSrIfBdbuDmuCFHrTYGtCiLdy-P71Q7Gs_uOxB4Bc6xtUzYlrh_P1ojZf7d6nkSp08rv2YdMJ7Zs6MHkQTLgu_JmnkXU_AqCOVXGeMGb6lGrj2FR_KNnXuMSR1cCnsVgiJCKu-_y2Jnd2l0cJZJRGHQJyji9CEmDdLYrxa6g0-26PasYAe74NxrShxboOaAchAtqDf71XQ
Title: Что творит народ на пляже: скучно не будет никому Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=358599&c=mAYG0ibVT8U4CxExwCkMgIRN2g9SP3aSIuGn1XmtcH_EjCcQ_ppfT0-HDFJyy97Ooezz-jmwyadJ2dmsE1qMOQy1nhaANNGil4knwwLxUisyMS7X--zQsU2lOFwyYLeP2dcLmLnIEQ4VABOAjcbO4r0liUS5gQ9WdYAkfyHacMSTA2Y3UsIHeId0z8y9pbgsasKXhXXAQMfup0a3zXTJuKiciPVxs8uj-ybFUSJwUzLXClMXLpWhozhedd6-qMN2Q9BSSQHmGVyZ3SQuQ5HGrDByUr-EBmh46Nh4z0TMm9AIrobUkQYydnjsEO3CEV_DZM20VNlUMJcFTjum1-jst0IHhU1TPiA7VNZSn8Q7d5LU-Blh5p5xtQlYwM8skPnS9cLuphZJwvtZXUpvkq24pRKD6jzAXWNEfv92hIQ8b_WSbI6OpMK93gtLZz_JOAb1xEDq6LVS95839bQxupBvzb-mBHrdV9kNQxc5RTOXN873kcWYiBNf6Q
Title: Прогноз Ванги ошарашил Россию. В январе 2022 начнется Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=130692&c=mAYG0p_8D1wdDIJdsuC4r92Uw_5YMczzg2VoC3RAbYu_YHCwXXHL5dyc3z6IOFYBiaSAd7IWiYXV47Aq4h6L3NniBCxphGtHR9Hjl7cJJsnCmyBWTbjxHRtgDQvOhyfh94yeqCSJnxQaQJPlczRblCRNByXa_4dbwd-sIjEW9s1Sfa5tb4--ZZ8W_USgm4PWfgro-e-rYZ_qSuieQWwpexDUv_ieDZDeQuEUDT3Ag7SFr_1BJ7e5geIj9h09QyIKAXw8QYHR2Aaj90QThiWN_rejF9R-qLz7ZWSV0vzcHKsVg2cuax1yhltTEEd4rg1zbvuJ1Ea5Tzl2--NSFStSP6_ZPHFzcDYofVGIGFcZdHCKNhkgJJKUQoNMWj0Mmn3Nqu38-hqslaEIpfaa_Vanuh1Gv6EIW7ZB6GEFkpC88O7Vp7sPz3gecJ3KhotpK1OdUUqQL81eP1y-1UjqCIgMN9XbMKURHvSNBZ00A9JkBW1zo38DjxiiEsQhehS9bbHf
Title: Бесстыжая Максакова разделась при всех! Смотрите, пока не удалили Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=288122&c=mAYG0iZSC5YgTH4GeZGaPjl1T9LXKRdIN5tcLhWnIw9P5Ojd_7paQrk0HUr0WWYPuOIY1r8NTeCpLV0lXtCIApxMl-vkQApqP0zWP4LKOMzuzPouFTFKAoVKOI4p91K10h-NcFn5YCH6M43BREIe9M5Z9JjV_i6ZOmkxg1FVKGnJNqm8jN1fHGVxRazEGbaR9BRus38i_fhBlRNjQg4fytqmeuJwqABDj2f2Lkp1m3fin6MotMkmxRQfrvPhZojGjexbRK5jj5Jk_GiWLsYsdE9Id6s1dz44A2CoqOMs7V8eny0hO2lTmho2NItcTOBSPfa4fqsPlLu7NzZAt0K_8hmZSdV9RyAKJhy-YoDE8LzmeKUbysog-QQOiHflVOHKLS13lZf9FdWhBIoFU20zHOhDDDL6EXPEYJ-nt9FjoSKe990dLRqPYjBRH0EZ0g_YorQW6v7q0DWqmCwbzQxmkJm1jeHGkpO79zIn81bBYqowIIXy-8Zoh_iOpXUw
Title: Плохая новость для тех, кто привился от Covid Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=379529&c=mAYG0ibP-maDJZEplJesbTa0IYKUH3AlOGPIUF25LXZQnMMaI9HPtkCKg4C6CAp52f7XpNNqrXlY-czvyg6IrcL-eN6i74wD2xVuhwFi_2bzOxHPBVRgrnVE8DsTO_FP793qxVvBnGCifxoxm38OI7TQGEs8ooietIwkBZS_Cu1poEEMVwUbkjU1Mejp8tGx0VTAE2tikXIXvj4GIHX4KmN-ntOnFHt6ZcTkqXemvq04g6pmxEc3ZBykRoK4y1nB5L6TlVzUVuwPXtE1jwZXzfswiDhBml6bMzCXrTbBADKw16xAHPQ5YmePbE2qqiKcgd4JplClRu2h6V5i7EV00yoYB2XFgqPX6aAqo81PZlpNnipV-1N8p_QkqZP58hLNsThVFf92httd-hhDZFbrgTmtbeSSa2Q56FFw-748prYhBkBMbEo_X_VfMWyPQ5YLA1qgHUv1xUyIg25VseWmUNJVxlIyy9lu5JXj2U77ePWFCO3VutxZDefW
Title: Китай назвал преемника Путина, который поставит Америку на колени Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=348111&c=mAYG0ibVT8U4CxExwCkMgI-GnTvKlWvJwAsFiB_vhhjjXEhoxV3B97BDExSe-zba3H4fW1eOPXtZB6mwSeJ8Mo35iEnayS4FFj4z3JDAE3QYcbjlvuM659wk3rmj9XM93O4m-6Vced-cZ-wkqP3RaGUcnntRaAyd2EG-Hu4vi1kmnfW3WiRTBXoadOoGDiZ5mGAxBMcPxo29tSspjm4ale4sYpsbUglap33WyGSsNkQe9sNlh5D7lll63HlxP424EVdZi83tORa-B6G_xWbBHYGW2uYgiJpvCKt9ud461TsmHtqgHm6msmKdsIBP6iyH1nagC9S0sz9tV_19vRQZWnlZar9Igvm4Wplx3vJHTnrsl5jYhr44A6AX6TOZQBKYyFy6u5KJNMjGFVNGmU_kAlyoqj7d7VuvZnaW7nf0eCfUYdS9uBoJE2alQtqrmfXS8S32ereGfV2itICWiVtRye1p7KudAKOHtqm2zA
Title: Вы еще не всех свадебных чудил видели: тут настоящий огонь Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=385590&c=mAYG0iOhC2sBQ6785h1Ayr-DFqblgDbM4E4ndKxaFkJnUAlXSSnsw8K8q0940rfs8RFWfq-6Ds2yixghhwo9-m1oZQTvdh-2O-GEzLcOnPXOjUss6Mrl_U5udsu845jIjNNTL5x1uZGpr2xNvQcnnyW5r4-_qXpO5pWUfJyqhRjSsRhSxXPn1WSdZ9p2IYAGmuhhLdb1CAOkgoEw-N-uEWN2AgXWiS0H6vBIYdsGsIeirEcXRZb9cUviwobiMqQH-wqdvEafuSYQNveq22N4_oWzz9kuJ7LIeA-t1YlIewrcT_ZUCWmXkpNS2Ug8KVoaojLA_QBVa2H-W8Ax3pW1YyHzUMPiiu65GKtjmrEBbNCCH_zJUEWoaL3FnoGflCZo0qydlIrfs6JWH5vZLGE5MmjAq5-zJzIhfWtwDzhbg6wendhhwH4efYCFyZjNNCcd689v0JAIUK4Tj-mUFlrb5Vu2SCkFlG3zC0qpwW9vPlqvTw
Title: Дочь выдала страшную тайну Пугачевой: услышали все Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=286775&c=mAYGXz7DwTeZ4KIJlvVJyuynhi11mCEmxULhjfaUFVoQdeaoRIBmooGVp1Z7aQhbQs-Hjq-exdqcy0taC6DnDf_dtDR13RZwpng01vzng2TV8FaXCnE_7BscgpVreksU6AC-5iv3fhqHXXM8ZjXvIVkKRc23ItbZyc-MMKoZbCTCFH9cRTm9mYz0hvy_kkxONrvELFU8ToWnPUCbthOcKczzOIfGadu-31H5cLhTaPaf7QM8TBurWcXJyLr0sNtFK2f2quvoEKzclfF9lmpTg74btWq0SQmRvAfWs-HIrbC87DN9mOV3TSDKcIedtREoilRsBEgNKXmpx_EbGPKbg1-IZgERkxtJtskq06wFlM6qVD21cSUNL4TqIX5R504DoRt4rUi17IXFxaAT4G9SE8DXh8NmAcMQG3l4aJfYBncMEqRCeTXlAhhn0gTLV-qz-htJ6xihIY-U90wF2zTpDoaYISjyOs0Uz6HOHBVyCLtrgwOe4WJgc4pmABQ
Title: Плохая весть о тех, кто сделал Covid-вакцину: что у них находят Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=327172&c=mAYxTB4YKqkMHIc5YNXsfGrDijRo6D4OEs62AHVTanjxpFsu8J1B-hPmp8FDhSaEVzPdpWpiPJnaXurmofFInGRa1PePO0_VtglSdMapiyS8iD2k9aV7Rji75tAA4phSQWaZurDkZnosCea_tw3v2tfgL1GSRgACPmk3MLYAjhi-5S0bd7Hu8HBRAATyXo-qmjQUx99KU22I_TINiUFGhEy09FXWDXqKjjK_qkdkZqg5fQqOgM9prG2O9XUGXMpAHrPhM1bzmCpR71QvsAxsabZARRZsFWc9tOStp8IwsqQhkjoMXCg4_ses65YptujbBT717il9R_LFoJ80xA2aNq_LMURDGrmEK9GyW0A98ijrOxvk5GcBfjE4y90vqCu2CcJSzE1eBRz44gbkLKQanO3HGPgD6t4uyyF9GQvtBMN9teMc_hDfEF5A2urnWWR-sHAG1nKyZq9urfp0An78oC7hObEptzXCQiqeCAgBeQNeX6gR1UHB3mKIqhhiamod_PxauLGijAYTlz3Ee2NC
Title: Пенсионерка 120 лет: Ем 1 штуку в день и сосуды чистые, а давление 120\60. Рецепт еще от мой бабушки, смотрите Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=341563&c=mAYxTBmeiYQq4mUhqoYjC2JX_Vr1gOy9tCfGYU94KeXyBsJqmRr5kimPRKsqC9KNtc0oVGl2UWhVLWBko_K-yHe0OCZJ8Dzka8qQoY7_7LNREqpvxHKxdS1LStMdE_Qim7QRGIR_z1Eyzf2U0l1sybHAO8y73NV3sYB3NTxoUdl9Or3RBHOto4Lt6SGkcPAHcIPLelidirt7Rq3Gn2Y46qDM1Ec4BB-9BDLVsmhamxMsvGDFzbn7pMIPknwnXQmls0ri_PAvAmGeY9fZ240I3PsbD0PJTm9Yk8RaZmg8QeVutYAzceVBP7IwwfMQuBvJzJ_EjKJbpGQjYHmDdEVVqlVfXvZDcz11_YKuy8-solgyJ5dbqXlCzsLRR0bzZyonWrG_WCWhuCMF5fXLwCzIcCETKkRS5pw5JWZ338QfsRq5uTJ2Q9Kx2sU0wNEg17R6w3ADWQkf8A1ST1iXMzH4Q12lcU_YI0sJKmyuZZ1boOYrtXh5x1N8wXKpi6rnIqlbIteOrfjHjFswR7EVsLZ0DA
Title: Пенсионерка 125 лет: Ем по кусочку в день и сосуды такие чистые, что давление 120\70! Рецепт еще от моей бабки, смотрите Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=384685&c=mAYxTPj_q_uDL-9z9k0o_iNOi7cy6_K7b1av_dx5O-f7YObsTvQZOGHx1lYDck60VvdJAG4n_kXB6F479H38TNUd018-t7hFBdYwBrXaiLNa9hQRcpINBGyjx2o-G9VAYJhcZiFcUL-_OpEvt1XLX0WFSUJoIFWfafMzM8xyyL5DzyWc2NqR6Aoc2GU6MzPW0s47G-ZRW6xcmI30mX373KnD5JegQ3BnpSncU-YznSwdcchte9wWuDBOg2zbg1fiSpc1Fr-WwQ9LMmv8pGB1gCrLcURow0SVfhgt3SRyU4SCKxbJpOC1Fozyl91VCeOIawDlpO88mtWdvvwngb-WzQI-EiN13MJzd5yiK02mnnOHGq9ItUSxKkizTiPHTTGfh-Gf_iaRGpaUhtTqZQ5HN238eYCIRXYd67fb7dkld8g2eNdAbo2UIbQprhO6VCvYh4WVLY1vGjFTbDCpfH7W6D4mQ6s2gHnyKkUa47yAsO25xGUW8D3cozJtOmiluTvKv0G6osU4xqJmlZYkWF74Sg
Title: Бабушкин метод от гипертонии! Давление выровняеться, а тромбы вылетят пулей... Подробнее

Search URL Search Domain Scan URL

URL: https://pwxlqg.com/v2/click?media=380070&c=mAYxTP8rj5AiN2k9MWb7tVYAblnHt-qPY6YGWvcTJFNER7qtkee-4rdZILuDR5qnse_6ibjIEED8VGt6qG82OFkhWpYgDr8VJEoNO4jmBuAULuwGFo1xzfaS6z545IGJLzxU0HuTGERuo234ClHwOBKKWVmHYAP0Piin62RgxiG_eJLX2H-8Z53-Q5W4JDMng5YrbPpmodYgluODVO70qIwZEWfYp9j6i39x8c8zG6pT_XfJfuQfRWyOKSbxAnnG4dc2-GU4I7Gx5uqg56E75mV8ld7nG0cNUcp7iqkh475b-NpLSe1PYzLg9ZcL_gLOcp2U86HYm-iSPY87B3Uw0R5Y9tsjezxBrelrJ2sGIce18OHhncOoDI83IUJixYVNDtwqA39fFrZ56ukrjIOWz4z1ihoDixG2Qc-H5q-sweYG4bvWY9h8Oi0hzd_gnHQqV-8TedkqBQ9SBN2ChKuEoogBsTVJvsolymKpmniP57ZXjvCeLDJWDIXM8A-G9OHRQWBsX-KGe6MAW0TcrQy1
Title: Срочная новость: Израильская медицина избавила мир от гипертонии, лекарство раздают в городе Франкфурт , на улице ... Подробнее

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 72

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9503.WpQdShgnNIgtjqrdW_k1Cqmr0zI4-dm_ACN0lNV7U-1Xu4PfoeKe4L1B8SJebiaj.8TN-kd3fB0Q2_t3Jt_XrPUN_BTs%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9503.IDkKgNLmF5OP4lvXlVjR2R2gXZ4uQAGY4VSRqCJYwo8tnG3TyDAzCkfyIIXrmBQnXiaEBqD8S1Ua2DbFGXvkTQ%2C%2C.ziiH8F88Dyd8SId7XDkiU6QDmO4%2C

Request Chain 81

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 83

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 105

https://mc.yandex.com/watch/32613780?wmode=7&page-url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfph1z85b6in%3Afp%3A553%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A722%3Acn%3A1%3Adp%3A0%3Als%3A1513566998031%3Ahid%3A680550492%3Az%3A0%3Ai%3A20211230111956%3Aet%3A1640863197%3Ac%3A1%3Arn%3A756576893%3Arqn%3A1%3Au%3A1640863197963239161%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1640863195712%3Ads%3A40%2C112%2C217%2C3%2C0%2C0%2C%2C318%2C0%2C%2C%2C%2C690%3Adsn%3A40%2C112%2C217%2C3%2C0%2C0%2C%2C317%2C0%2C%2C%2C%2C690%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1640863197%3At%3A%D0%A1%D1%86%D0%B5%D0%BD%D0%B0%D1%80%D0%B8%D0%B9%20%D0%BD%D0%B0%20%D0%9D%D0%BE%D0%B2%D1%8B%D0%B9%20%D0%B3%D0%BE%D0%B4%20%D0%B4%D0%BB%D1%8F%20%D1%81%D0%B5%D0%BC%D1%8C%D0%B8%3A%20%D0%B2%D0%B5%D1%81%D0%B5%D0%BB%D1%8B%D0%B9%20%D0%BF%D1%80%D0%B0%D0%B7%D0%B4%D0%BD%D0%B8%D0%BA%20%D1%81%20%D0%B8%D0%B3%D1%80%D0%B0%D0%BC%D0%B8%2C%20%D0%BA%D0%BE%D0%BD%D0%BA%D1%83%D1%80%D1%81%D0%B0%D0%BC%D0%B8%20%D0%B8%20%D1%84%D0%B8%D0%BB%D1%8C%D0%BC%D0%B0%D0%BC%D0%B8&t=gdpr(14)aw(1)ti(2) HTTP 302
https://mc.yandex.com/watch/32613780/1?wmode=7&page-url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfph1z85b6in%3Afp%3A553%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A722%3Acn%3A1%3Adp%3A0%3Als%3A1513566998031%3Ahid%3A680550492%3Az%3A0%3Ai%3A20211230111956%3Aet%3A1640863197%3Ac%3A1%3Arn%3A756576893%3Arqn%3A1%3Au%3A1640863197963239161%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1640863195712%3Ads%3A40%2C112%2C217%2C3%2C0%2C0%2C%2C318%2C0%2C%2C%2C%2C690%3Adsn%3A40%2C112%2C217%2C3%2C0%2C0%2C%2C317%2C0%2C%2C%2C%2C690%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1640863197%3At%3A%D0%A1%D1%86%D0%B5%D0%BD%D0%B0%D1%80%D0%B8%D0%B9%20%D0%BD%D0%B0%20%D0%9D%D0%BE%D0%B2%D1%8B%D0%B9%20%D0%B3%D0%BE%D0%B4%20%D0%B4%D0%BB%D1%8F%20%D1%81%D0%B5%D0%BC%D1%8C%D0%B8%3A%20%D0%B2%D0%B5%D1%81%D0%B5%D0%BB%D1%8B%D0%B9%20%D0%BF%D1%80%D0%B0%D0%B7%D0%B4%D0%BD%D0%B8%D0%BA%20%D1%81%20%D0%B8%D0%B3%D1%80%D0%B0%D0%BC%D0%B8%2C%20%D0%BA%D0%BE%D0%BD%D0%BA%D1%83%D1%80%D1%81%D0%B0%D0%BC%D0%B8%20%D0%B8%20%D1%84%D0%B8%D0%BB%D1%8C%D0%BC%D0%B0%D0%BC%D0%B8&t=gdpr%2814%29aw%281%29ti%282%29

Request Chain 166

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 208

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCr6PbFiwEQnQkYnQkyCKuj71APLB1M HTTP 301
https://tpc.googlesyndication.com/simgad/16954104317476786032

Request Chain 219

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 245

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPI42KNrGfTWMM9SL-SpkXWo0qy_HDCMyN5SLKmNp-fGpBhIV6lGZx2Tq3ur3JL_XjdTjJ8gp8ZwI09S2jJgugdU0wUurA&google_gid=CAESEA9KePgAsLtx0pI8iqP-pvg&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCN6rto4GEgUI6AcQAEIASm5nb29nbGVfcHVzaD1BWWc1cVBJNDJLTnJHZlRXTU05U0wtU3BrWFdvMHF5X0hEQ015TjVTTEttTnAtZkdwQmhJVjZsR1p4MlRxM3VyM0pMX1hqZFRqSjhncDhad0kwOVMyakpndWdkVTB3VXVyQQ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwNzNlM1lNTXJMQi1MN1JMaFpTRVlIck96RlhNMUcwc3JwUEtNVVFGWk8xYw==&google_push

Request Chain 246

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPK7mJpCZi1L1XfQTegjzhhlaAgCX64Exv43wbwm84Ib0oJJmLyjQEKLJ3cZdhnJ-vbRy1MSFKtbtGKINyd9P6xX8bbjwiU&google_gid=CAESEBizgEYfVGSJ-fZaqXyAsdA&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPK7mJpCZi1L1XfQTegjzhhlaAgCX64Exv43wbwm84Ib0oJJmLyjQEKLJ3cZdhnJ-vbRy1MSFKtbtGKINyd9P6xX8bbjwiU&google_gid=CAESEBizgEYfVGSJ-fZaqXyAsdA&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMzAxMTE5NTkwMDA1MjkzNjc0NjA0NA%3D%3D&google_push=AYg5qPK7mJpCZi1L1XfQTegjzhhlaAgCX64Exv43wbwm84Ib0oJJmLyjQEKLJ3cZdhnJ-vbRy1MSFKtbtGKINyd9P6xX8bbjwiU

Request Chain 248

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEL9w9SRmUe--zdMRPU7HVdQ&google_cver=1&google_push=AYg5qPKdzbUuaoKxR8FmdBfMFwR33g8pY1jfy-t0z8Qx3W2ReQU7Uo19ZTGNapWvdijRnye1XQ_kkkI_A4_n46u6pk4iQoyVDMg HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEL9w9SRmUe--zdMRPU7HVdQ&google_cver=1&google_push=AYg5qPKdzbUuaoKxR8FmdBfMFwR33g8pY1jfy-t0z8Qx3W2ReQU7Uo19ZTGNapWvdijRnye1XQ_kkkI_A4_n46u6pk4iQoyVDMg&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=jdXEA-ozSVqy27KuvXPZHQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKdzbUuaoKxR8FmdBfMFwR33g8pY1jfy-t0z8Qx3W2ReQU7Uo19ZTGNapWvdijRnye1XQ_kkkI_A4_n46u6pk4iQoyVDMg

Request Chain 249

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENsKZBekkIOAoZ7OPcevdAU&google_cver=1&google_push=AYg5qPKqcfZ6eMOBXNE5u2JYVwyyUZEpxl4UpSW4VHTIg7srvKTl18-hLLM4D0OSDa7nh_xpvav4wEv8p5etRnzoV5rITG5n1Hs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hTVktaNTctVC03VUVJ&google_push=AYg5qPKqcfZ6eMOBXNE5u2JYVwyyUZEpxl4UpSW4VHTIg7srvKTl18-hLLM4D0OSDa7nh_xpvav4wEv8p5etRnzoV5rITG5n1Hs

Request Chain 250

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8

Request Chain 253

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIosaGSnK_Ray7PVT-5oDrGlc4Ums_DbPkEXZOfNbz55qkmsoYyxSr2O68LU-Cu2sVPtMvlCxySWu4m3Ua3Xs6T8PF7C1g&google_gid=CAESEBizgEYfVGSJ-fZaqXyAsdA&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIosaGSnK_Ray7PVT-5oDrGlc4Ums_DbPkEXZOfNbz55qkmsoYyxSr2O68LU-Cu2sVPtMvlCxySWu4m3Ua3Xs6T8PF7C1g&google_gid=CAESEBizgEYfVGSJ-fZaqXyAsdA&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMzAxMTE5NTkwMDAzODA0MDM3NjQyOA%3D%3D&google_push=AYg5qPIosaGSnK_Ray7PVT-5oDrGlc4Ums_DbPkEXZOfNbz55qkmsoYyxSr2O68LU-Cu2sVPtMvlCxySWu4m3Ua3Xs6T8PF7C1g

Request Chain 256

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEL9w9SRmUe--zdMRPU7HVdQ&google_cver=1&google_push=AYg5qPJl6TYrkv-haVr4YDv6RkDT_1Pj6sDMqnKtS76Mqj68jYkKpiRqp4qhO6houqQSmjrRCJqKJ4NlvrpF5VT5dL-Mh9ELdg HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEL9w9SRmUe--zdMRPU7HVdQ&google_cver=1&google_push=AYg5qPJl6TYrkv-haVr4YDv6RkDT_1Pj6sDMqnKtS76Mqj68jYkKpiRqp4qhO6houqQSmjrRCJqKJ4NlvrpF5VT5dL-Mh9ELdg&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=iT-hPPCuTPmRFVEwwWoDPw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJl6TYrkv-haVr4YDv6RkDT_1Pj6sDMqnKtS76Mqj68jYkKpiRqp4qhO6houqQSmjrRCJqKJ4NlvrpF5VT5dL-Mh9ELdg

Request Chain 257

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENsKZBekkIOAoZ7OPcevdAU&google_cver=1&google_push=AYg5qPLKlHMiGDrwwORrDcNmYg2bC9BHEPYaIP26prqqS6HZNA0b0cST5eD4iMQDBbJNsqSxkjEiPOMEevoXuro12NJv845-Cgw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hTVktaNUItQS1KMDc2&google_push=AYg5qPLKlHMiGDrwwORrDcNmYg2bC9BHEPYaIP26prqqS6HZNA0b0cST5eD4iMQDBbJNsqSxkjEiPOMEevoXuro12NJv845-Cgw

Request Chain 258

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c

Request Chain 265

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPK6_vG9W2kzg0N5CfbXK4xZbKUcc64rdbsNv7uRV9eFHnNZ6ivqAw3qQ79JYlfBJ7jP5uGILcTt1WxkJv90TAzSAVqcJj0&google_gid=CAESEIklVDnX5QLNa9i5ZP17vxs&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWMyVjNnQUFBRUNjVHg5cg&google_push=AYg5qPK6_vG9W2kzg0N5CfbXK4xZbKUcc64rdbsNv7uRV9eFHnNZ6ivqAw3qQ79JYlfBJ7jP5uGILcTt1WxkJv90TAzSAVqcJj0

Request Chain 267

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEL9w9SRmUe--zdMRPU7HVdQ&google_cver=1&google_push=AYg5qPLrtLjr4U3oBt-RjxIHz69lOEC1bsRWKdTyxrMX1ND10isRXnQNbJakUOAfAY536vVaR7aYuut2T6yZhNjlQDhCBFCl_Ow HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEL9w9SRmUe--zdMRPU7HVdQ&google_cver=1&google_push=AYg5qPLrtLjr4U3oBt-RjxIHz69lOEC1bsRWKdTyxrMX1ND10isRXnQNbJakUOAfAY536vVaR7aYuut2T6yZhNjlQDhCBFCl_Ow&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=osZeMcYYSoaI7jkNj8wYYA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLrtLjr4U3oBt-RjxIHz69lOEC1bsRWKdTyxrMX1ND10isRXnQNbJakUOAfAY536vVaR7aYuut2T6yZhNjlQDhCBFCl_Ow

Request Chain 268

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENsKZBekkIOAoZ7OPcevdAU&google_cver=1&google_push=AYg5qPLPJN6ZADuU7bG62m98Uua6XkG0ADFoqHO-PxbE3IU_NuMUTwlUEPcb6scLGE6nDWm0ITDuu8whH0uAp8ekvJD5FUkrVoM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hTVktaNlUtSy03VjBG&google_push=AYg5qPLPJN6ZADuU7bG62m98Uua6XkG0ADFoqHO-PxbE3IU_NuMUTwlUEPcb6scLGE6nDWm0ITDuu8whH0uAp8ekvJD5FUkrVoM

Request Chain 269

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1

306 HTTP transactions
20 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request scenariy-novogo-goda-dlya-semi.html Show response
zatusim.com/celebration/clbr_ny/ 187 KB
37 KB 369ms
217ms Document
text/html 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 / PHP/7.1.33
Resource Hash: 5b793fbe2751f1240cadd43d5356c310e242c5a45d9dbdfed1789a1cfffd571b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx-reuseport/1.21.1
date: Thu, 30 Dec 2021 11:19:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding,Cookie
x-powered-by: PHP/7.1.33
cache-control: max-age=3, must-revalidate
content-encoding: gzip

GET
H2 200 zcom.js Show response
zatusim.com/wp-content/ 66 KB
19 KB 63ms
60ms Script
application/x-javascript 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-content/zcom.js?ver=0.3.9
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 0c429f0038b0a3803b5dec5c0885ce647519c58b3c25825d44fafb92c561cf89

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 11:12:42 GMT
server: nginx-reuseport/1.21.1
etag: W/"61cd942a-1077b"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 752ae9829086115cb67119e560de4044.js Show response
rbtwo.bid/pjs/ 1 B
673 B 87ms
25ms Script
application/javascript 2606:4700:3034::6815:602c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rbtwo.bid/pjs/752ae9829086115cb67119e560de4044.js
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:602c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 420
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1
last-modified: Fri, 05 Nov 2021 12:13:59 GMT
server: cloudflare
etag: "61852007-1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ae8vHSbBWkkQkCcy8CFQQNefi%2FCkWbjaS9NCpXacCa9rCk6yywiB8Xo5MoFRwgSldW6GEjOSwuxuIxekXFB8xTM%2BP78o1cFoBOndRtLPv75LKzCZlXA4yrnAXhO8QkGsig3%2B3CE5XaY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=14400, must_revalidate
accept-ranges: bytes
cf-ray: 6c5ae0400bd04e5b-FRA
expires: Thu, 30 Dec 2021 11:22:56 GMT

GET
H2 200 bbspoiler.css
zatusim.com/wp-content/plugins/bbspoiler/inc/ 5 KB
1 KB 63ms
60ms Stylesheet
text/css 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-content/plugins/bbspoiler/inc/bbspoiler.css
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 32d7ac20bdf26912533a17f4b33710ae866a89eed6cac9169623c2006ef0a7ef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Thu, 30 Apr 2020 06:03:27 GMT
server: nginx-reuseport/1.21.1
etag: W/"5eaa6a2f-1423"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 swipebox.min.css
zatusim.com/wp-content/plugins/responsive-lightbox/assets/swipebox/ 4 KB
1 KB 63ms
61ms Stylesheet
text/css 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-content/plugins/responsive-lightbox/assets/swipebox/swipebox.min.css
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 8348fe66b515449f719cb7b8278e1c84009bdaa96e18981641bc1e77d9e4cf1a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Fri, 12 Mar 2021 11:09:15 GMT
server: nginx-reuseport/1.21.1
etag: W/"604b4bdb-1080"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 css
fonts.googleapis.com/ 12 KB
1 KB 65ms
22ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C400i%2C700%7CExo+2%3A400%2C400i%2C700&subset=cyrillic

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

be16ecbe182accc8a393d324b6bf9ecd89d491371a5e367663e59282784382cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 11:19:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 11:19:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 11:19:56 GMT

GET
H2 200 style.min.css
zatusim.com/wp-content/themes/reboot/assets/css/ 217 KB
38 KB 63ms
61ms Stylesheet
text/css 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-content/themes/reboot/assets/css/style.min.css
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: b230fc7c7ccd6092be70de1c2cad05d787d53bbf444542dbc72ea4488625fb65

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Thu, 21 Nov 2019 14:01:56 GMT
server: nginx-reuseport/1.21.1
etag: W/"5dd698d4-36315"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 jquery.min.js Show response
zatusim.com/wp-includes/js/jquery/ 87 KB
30 KB 63ms
61ms Script
application/x-javascript 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-includes/js/jquery/jquery.min.js
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Fri, 08 Oct 2021 08:42:31 GMT
server: nginx-reuseport/1.21.1
etag: W/"61600477-15db1"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 bbspoiler.js Show response
zatusim.com/wp-content/plugins/bbspoiler/inc/ 765 B
462 B 63ms
61ms Script
application/x-javascript 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-content/plugins/bbspoiler/inc/bbspoiler.js
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 45c1f0c0ead16f4994622152d4386a4a31abdba59e6338dd9b7a348c764efea0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Thu, 30 Apr 2020 06:03:27 GMT
server: nginx-reuseport/1.21.1
etag: W/"5eaa6a2f-2fd"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 jquery.swipebox.min.js Show response
zatusim.com/wp-content/plugins/responsive-lightbox/assets/swipebox/ 13 KB
4 KB 63ms
61ms Script
application/x-javascript 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-content/plugins/responsive-lightbox/assets/swipebox/jquery.swipebox.min.js
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 926d1ab3abf48cf01377caf6adbed8c8a5e9dd1726e174c945af41137661404d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Fri, 12 Mar 2021 11:09:15 GMT
server: nginx-reuseport/1.21.1
etag: W/"604b4bdb-3275"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 underscore.min.js Show response
zatusim.com/wp-includes/js/ 19 KB
7 KB 63ms
61ms Script
application/x-javascript 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-includes/js/underscore.min.js
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Fri, 08 Oct 2021 08:42:31 GMT
server: nginx-reuseport/1.21.1
etag: W/"61600477-4a84"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 infinite-scroll.pkgd.min.js Show response
zatusim.com/wp-content/plugins/responsive-lightbox/assets/infinitescroll/ 25 KB
7 KB 63ms
62ms Script
application/x-javascript 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-content/plugins/responsive-lightbox/assets/infinitescroll/infinite-scroll.pkgd.min.js
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 378f79bc8e52dc7c86332d048c8b8f57ad672c3c917ca54b08630bb487b99d3f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Fri, 12 Mar 2021 11:09:15 GMT
server: nginx-reuseport/1.21.1
etag: W/"604b4bdb-64e6"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 front.js Show response
zatusim.com/wp-content/plugins/responsive-lightbox/js/ 26 KB
6 KB 63ms
62ms Script
application/x-javascript 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-content/plugins/responsive-lightbox/js/front.js
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 3c8ba982e1a7629cb5be1c6e7ac909bb494b895a63affce2f6306e5cd244505a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Fri, 12 Mar 2021 11:09:14 GMT
server: nginx-reuseport/1.21.1
etag: W/"604b4bda-68e8"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 8qh687vuq678pykl3o.php Show response
pwxlqg.com/16p71l291lvi0mp30y/ 58 KB
19 KB 254ms
111ms Script
application/javascript 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pwxlqg.com/16p71l291lvi0mp30y/8qh687vuq678pykl3o.php
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 33d33233fa304cba9ad1dac86ba996e277c70ccc98ba40bc8108870947581357

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Thu, 21 Oct 2021 11:24:02 GMT
server: nginx/1.14.2
etag: "61714dd2-4abc"
content-type: application/javascript; charset=utf-8
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
content-length: 19132

GET
H2 200 / Show response
greenklick.biz/ 20 KB
20 KB 79ms
28ms Script
application/javascript 178.62.225.201
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://greenklick.biz/?pu=gnrtqolfhe5ha3ddf42tenrw

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.62.225.201 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

a1987f4a0e4826c81d5061f35a8368e518680bff5d86d04b25d9499ca0eecafe

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 30 Dec 2021 11:19:56 GMT
server: nginx
content-security-policy: img-src https: data:; upgrade-insecure-requests
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=UTF-8

GET
H2 200 vesenniy_mix-scaled.jpg
zatusim.com/wp-content/uploads/2019/11/ 34 KB
35 KB 71ms
70ms Image
image/jpeg 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zatusim.com/wp-content/uploads/2019/11/vesenniy_mix-scaled.jpg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 05d81fe053dd120f05f2665adc6de367189b9482443d7d5c48ece70b123c2daa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
last-modified: Thu, 21 Nov 2019 15:03:56 GMT
server: nginx-reuseport/1.21.1
etag: "5dd6a75c-8986"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 35206
expires: Sat, 29 Jan 2022 11:19:56 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
51 KB 56ms
32ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bee0a228fc9e233408681ed2e6c649ec08139d1efa4766b9de24a38995e460ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51751
x-xss-protection: 0
server: cafe
etag: 13191245144089715262
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:19:56 GMT

GET
H2 200 zcom.json Show response
rotarb.bid/ 59 B
341 B 163ms
95ms XHR
application/json 2606:4700:3030::6815:3ba3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rotarb.bid/zcom.json
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:3ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45531218adb3139b5217b17e9d444ba9e4b3d364d9191818a3bc3b8ebde7be8e

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a7bd7dMNZ24TKbgHOBrQnCFLm%2FN2j7FTtwlB01t1Pv9BbhqE1GaS6ixQfJ2BFPbKoOczT3BF96IJCUfi78Ng1ODy6Hylx91PzZFUyTWRgXUTG67rjbZz81%2FY9%2BKKrLT0lB3ciO%2BW1tM2"}],"group":"cf-nel","max_age":604800}
cf-ray: 6c5ae0402f15374e-MXP
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 zcom.min.js Show response
rotarb.bid/ 66 KB
20 KB 341ms
274ms XHR
text/javascript 2606:4700:3030::6815:3ba3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rotarb.bid/zcom.min.js
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:3ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c429f0038b0a3803b5dec5c0885ce647519c58b3c25825d44fafb92c561cf89

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
duration: 305362
access-control-allow-methods: POST, GET, OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 30 Dec 2021 11:06:43 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oAjm9stRvTr8aLl5ntA3Q5iFPPqct0WL3o2wfpkIIZUqJERK0EE5ENm9GbwqL8fj95h3UcR0eFkiLKJK6UmRpJnS0v9gP%2F0KONVLQSzYCUfCV3FU7a134%2B02aH4clHdWGEEI4m9ZHpMr"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6c5ae0402f18374e-MXP
access-control-allow-headers: *
expires: Thu, 30-Dec-2021 13:22:45 EET

GET
H2 200 zcom.min.js Show response
rotarb.bid/ 66 KB
20 KB 261ms
243ms Script
text/javascript 2606:4700:3030::6815:3ba3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rotarb.bid/zcom.min.js
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:3ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c429f0038b0a3803b5dec5c0885ce647519c58b3c25825d44fafb92c561cf89

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
duration: 349102
access-control-allow-methods: POST, GET, OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 30 Dec 2021 10:54:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l7VmdTah5Cf25jdu3phoKoIWGNYdoA7Hj6TGKVC1%2FNmHcZ4dhgKQRGaFA4joq4ILmupGbBROgXYo7gNYTfwp7lNaKxNXJ%2Fo31RArEKyDQ%2FU1%2Fo4wQv00DCOsFsU72p4qH%2B67SsShPc9v"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6c5ae0409f0ddffb-FRA
access-control-allow-headers: *
expires: Thu, 30-Dec-2021 13:22:45 EET

GET
H2 200 mediaelementplayer-legacy.min.css
zatusim.com/wp-includes/js/mediaelement/ 11 KB
3 KB 55ms
55ms Stylesheet
text/css 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Fri, 08 Oct 2021 08:42:31 GMT
server: nginx-reuseport/1.21.1
etag: W/"61600477-2bf8"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 wp-mediaelement.min.css
zatusim.com/wp-includes/js/mediaelement/ 4 KB
1 KB 55ms
55ms Stylesheet
text/css 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-includes/js/mediaelement/wp-mediaelement.min.css
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Thu, 21 Nov 2019 13:53:41 GMT
server: nginx-reuseport/1.21.1
etag: W/"5dd696e5-105a"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 all.min.js Show response
zatusim.com/wp-content/themes/reboot/assets/js/ 192 KB
44 KB 63ms
62ms Script
application/x-javascript 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-content/themes/reboot/assets/js/all.min.js
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 9a40d86d09f10717cf26aa41821239e13b92a9fa8da4fbdf510137df2110308c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Thu, 21 Nov 2019 14:01:56 GMT
server: nginx-reuseport/1.21.1
etag: W/"5dd698d4-30069"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 mediaelement-and-player.min.js Show response
zatusim.com/wp-includes/js/mediaelement/ 154 KB
38 KB 71ms
70ms Script
application/x-javascript 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Fri, 08 Oct 2021 08:42:31 GMT
server: nginx-reuseport/1.21.1
etag: W/"61600477-267aa"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 mediaelement-migrate.min.js Show response
zatusim.com/wp-includes/js/mediaelement/ 1 KB
749 B 71ms
70ms Script
application/x-javascript 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 7f34b768792b90cf0b04fced2470e43d8fab7644f6565d5178fbfb49c4859cee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2021 05:45:17 GMT
server: nginx-reuseport/1.21.1
etag: W/"6077d2ed-4a9"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

GET
H2 200 wp-mediaelement.min.js Show response
zatusim.com/wp-includes/js/mediaelement/ 906 B
680 B 72ms
70ms Script
application/x-javascript 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-includes/js/mediaelement/wp-mediaelement.min.js
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 3e6131330963c472b950b8aaf544ba3829735b8ccb103d614ba7793e3a786550

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2021 05:45:17 GMT
server: nginx-reuseport/1.21.1
etag: W/"6077d2ed-38a"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

POST
H2 200 zcom.json Show response
rotarb.bid/ 59 B
689 B 87ms
87ms XHR
application/json 2606:4700:3030::6815:3ba3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rotarb.bid/zcom.json
Requested by: Host: zatusim.com
URL: https://zatusim.com/wp-content/zcom.js?ver=0.3.9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:3ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b901708cd72a6ddfea26aa2b83a351d12f7f7b9a752238e4bf8d8b5a73658e0a

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RPJKFq2nwkT1wt8kRjEfUTBChqplUO%2BlFi9oqL0rgCgpZXGGBxLfeN7G0kOhGvrcFnHyAyIgxqdbKlRxuKARxSnqFV1qoOalg6sVHy%2BjwZ7bCr64SL0OCl2ESvrKVdnpIxr3%2BF0WsKY5"}],"group":"cf-nel","max_age":604800}
cf-ray: 6c5ae0402f2e374e-MXP
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 33ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C400i%2C700%7CExo+2%3A400%2C400i%2C700&subset=cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zatusim.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:52:02 GMT
x-content-type-options: nosniff
age: 509274
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:52:02 GMT

GET
H2 200 7cHmv4okm5zmbtYoK-4.woff2
fonts.gstatic.com/s/exo2/v15/ 39 KB
39 KB 46ms
21ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/exo2/v15/7cHmv4okm5zmbtYoK-4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C400i%2C700%7CExo+2%3A400%2C400i%2C700&subset=cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c24bc7315491b40d6c76e38a35a651b5c195047ef49561af875cae752505d507

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zatusim.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 17:04:17 GMT
x-content-type-options: nosniff
age: 152139
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40016
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 17:21:09 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 17:04:17 GMT

GET
H2 200 7cHmv4okm5zmbtYsK-4E4Q.woff2
fonts.gstatic.com/s/exo2/v15/ 20 KB
20 KB 43ms
18ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/exo2/v15/7cHmv4okm5zmbtYsK-4E4Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C400i%2C700%7CExo+2%3A400%2C400i%2C700&subset=cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

081630680ce61abc6643ed93f68be35ebe49cc60cc05ef34611d04fa24f27b31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zatusim.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:11:09 GMT
x-content-type-options: nosniff
age: 162527
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20092
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 17:27:48 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 14:11:09 GMT

GET
H2 200 wpshop-core.ttf
zatusim.com/wp-content/themes/reboot/assets/fonts/ 57 KB
58 KB 68ms
68ms Font
application/octet-stream 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zatusim.com/wp-content/themes/reboot/assets/fonts/wpshop-core.ttf?bz30xv
Requested by: Host: zatusim.com
URL: https://zatusim.com/wp-content/themes/reboot/assets/css/style.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 973408bd1a1da181c7eaa9293c0cd095f3836a76b626bc76af21e1cd96b5dcde

Request headers

Referer: https://zatusim.com/wp-content/themes/reboot/assets/css/style.min.css
Origin: https://zatusim.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
last-modified: Thu, 21 Nov 2019 14:01:56 GMT
server: nginx-reuseport/1.21.1
etag: "5dd698d4-e52c"
content-type: application/octet-stream
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 58668
expires: Sat, 29 Jan 2022 11:19:56 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
fonts.gstatic.com/s/opensans/v27/ 24 KB
24 KB 20ms
20ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C400i%2C700%7CExo+2%3A400%2C400i%2C700&subset=cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcbd587432f5e88fc926d1cde0d375084b7f3e711f9ff34571dec52f70fb27cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zatusim.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:30:03 GMT
x-content-type-options: nosniff
age: 510593
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24756
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:39 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:30:03 GMT

GET
H2 200 memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
fonts.gstatic.com/s/opensans/v27/ 17 KB
17 KB 22ms
22ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C400i%2C700%7CExo+2%3A400%2C400i%2C700&subset=cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f27408b033a0195d0f29b0ecbc143f470c4fbb0807472a688b2f9e66403651e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zatusim.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:26:25 GMT
x-content-type-options: nosniff
age: 161611
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17768
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:32:14 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 14:26:25 GMT

GET
H2 200 memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVQewJER.woff2
fonts.gstatic.com/s/opensans/v27/ 11 KB
11 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVQewJER.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C400i%2C700%7CExo+2%3A400%2C400i%2C700&subset=cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94a7e03b1bfe0cf4630f937365bf49eda71e8639b4120757a1f2aaedd6c6f6a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zatusim.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 03:07:04 GMT
x-content-type-options: nosniff
age: 115972
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11548
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:32:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 03:07:04 GMT

POST
H2 200 zcom.json Show response
rotarb.bid/ 59 B
337 B 74ms
74ms XHR
application/json 2606:4700:3030::6815:3ba3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rotarb.bid/zcom.json
Requested by: Host: zatusim.com
URL: https://zatusim.com/wp-content/zcom.js?ver=0.3.9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:3ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 683d53b67d39c9f2acd22cea83dc3a30aa1f16b930b2c4e4eef159faa92eea4f

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7b9S3JeHTNpo5tH8K%2Fg4F0UgA1wQM7QdYB71S%2Bg93njthsrX8ghzSiBxf2KXjcq6WlMQ4yClNaffrKkP6ugoacHXUN2569pFwa4N1xbUjQSuTp3eMGXXs4FPsa3aQepAS83lz%2BaQcZ0w"}],"group":"cf-nel","max_age":604800}
cf-ray: 6c5ae040f90e374e-MXP
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
DATA 200
OK truncated
/ 382 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b4f80028ddc6dc380c89927fb2d2d3dd9c580a24f99db9b93e32ce0b607d5c88

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 XQ2Q0226giU Show response
www.youtube.com/embed/ Frame 97A2 61 KB
26 KB 82ms
57ms Document
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6cb9bb69c743e19d1317bee8fef1c93e69b72296e6b7dc6962c34cfd93bf45c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 30 Dec 2021 11:19:56 GMT
strict-transport-security: max-age=31536000
report-to: {"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 maskarad-e1460103209396-1.jpg
zatusim.com/wp-content/uploads/2017/11/ 87 KB
87 KB 58ms
56ms Image
image/jpeg 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zatusim.com/wp-content/uploads/2017/11/maskarad-e1460103209396-1.jpg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 7de44a700cc2360c4a57665af07e80c2c0faed4ac3c1499f51af332d00976a18

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
last-modified: Wed, 14 Nov 2018 08:25:42 GMT
server: nginx-reuseport/1.21.1
etag: "5bebdc06-15ba9"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 89001
expires: Sat, 29 Jan 2022 11:19:56 GMT

GET
H2 200 s30.jpg
zatusim.com/wp-content/uploads/2017/11/ 40 KB
40 KB 69ms
67ms Image
image/jpeg 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zatusim.com/wp-content/uploads/2017/11/s30.jpg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: 4a1af7bec4a563494574f27b233347dc0ac8eb8cde22dc57588a0eb47b34d962

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
last-modified: Wed, 14 Nov 2018 08:25:42 GMT
server: nginx-reuseport/1.21.1
etag: "5bebdc06-9e7e"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 40574
expires: Sat, 29 Jan 2022 11:19:56 GMT

GET
H2 200 2CTwfZjXsao Show response
www.youtube.com/embed/ Frame 083D 60 KB
25 KB 88ms
63ms Document
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

466185b790014e9e4672eb6a03a90cf6fc9e1bde957f197319ea4c6c7b40a48f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 30 Dec 2021 11:19:56 GMT
strict-transport-security: max-age=31536000
report-to: {"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 zcom.json Show response
rotarb.bid/ 163 B
700 B 76ms
75ms XHR
application/json 2606:4700:3030::6815:3ba3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rotarb.bid/zcom.json
Requested by: Host: zatusim.com
URL: https://zatusim.com/wp-content/zcom.js?ver=0.3.9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:3ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7173522d7dbce713e80185410c048855df8c450bcc41673e2b2958634a35fea1

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZVLtKw2oXSkr1loyX4O0pbJO0zQn9J9me%2FAT7p0%2FmAnvC7CsEaA9L1UbgsKQHjaOl3poQIX5%2FX8xnI4%2FRQtPGuxizeRlIySozZB9nr9kEv7qKNNO%2BC6DSrakfMs0uRnLT3k74u%2Bru9lT"}],"group":"cf-nel","max_age":604800}
cf-ray: 6c5ae041397c3742-MXP
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
DATA 200
OK truncated
/ 180 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cf4ddc728ae2116b65b72832d21cdf33961c094ce95ea8a5b676b7d71212f82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 354 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77fc7e2cee3f1b71326ab2d9e121017b176205d0c8bbb013dfe7ebfccb2c5cab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 969 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 401503518894f575673732c689a7885c78bb615900c0c3f726765eb4ce6aa799

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 290 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d5aab9ecebd2bc2f003980fdde59b97aad0fd105312d99fa50fcab580099aaf3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 442 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17df1f2891553baf6c74c4eef8cd0dd9fb73a5669f9f89d67183a8bfe41acfd2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 626 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6e9cca040634f071c068f7f483dfeef82d8589b4082c8cbdc5301951647ba71b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 544 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 255df06063ef8b4f994c1ae9d232d7c4f27c95b853a68fd9c03e31f4dd6b0031

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4192547933c47032776c86cc04805a86655e4580d0c82b46787a120fcd96c146

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25fa9bf2ced6f5df0685361a305417396c115e3254b6795d12a89b43bb2dd196

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3f3db2e6ac9e2b19172879a80a8605f4db7a179745be21a0828e3c1e49510ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 194 KB
66 KB 160ms
72ms Script
application/javascript 2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

7dd8628b76c6beda76cf46db9ac1e54437ac90edc487c7f8e08b0c1f716656ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: br
last-modified: Tue, 28 Dec 2021 12:05:22 GMT
etag: "61cad352-10765"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 67429
expires: Thu, 30 Dec 2021 12:19:56 GMT

POST
H3 200 zcom.json Show response
rotarb.bid/ 59 B
595 B 79ms
79ms XHR
application/json 2606:4700:3030::6815:3ba3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rotarb.bid/zcom.json
Requested by: Host: zatusim.com
URL: https://zatusim.com/wp-content/zcom.js?ver=0.3.9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:3ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f119e918a084d1fdabf00a04f10f5773343416df802b72315d0de816dbd92434

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ekhnLtDliGByqDALqtzHgf5cj0VWEbCIsXhAkLAD6emjOeCvGytPootCpaWsEk6EsqUI%2BUj9VgsVntBJl2sXTX5Lkr3lBeDpbsOgTI4pt6GZqQOp%2FFsiHuEJ1GW6jEJxUd9BtFH23BA"}],"group":"cf-nel","max_age":604800}
cf-ray: 6c5ae0419a423742-MXP
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 276 KB
99 KB 51ms
35ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7695804958037097&plah=zatusim.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101734
x-xss-protection: 0
server: cafe
etag: 4507154694380913909
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:19:56 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/ Frame 96CC 11 KB
5 KB 9ms
8ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 29 Dec 2021 18:36:45 GMT
expires: Wed, 12 Jan 2022 18:36:45 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 60191
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 mejs-controls.svg
zatusim.com/wp-includes/js/mediaelement/ 4 KB
2 KB 73ms
70ms Image
image/svg+xml 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zatusim.com/wp-includes/js/mediaelement/mejs-controls.svg
Requested by: Host: zatusim.com
URL: https://zatusim.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
Software: nginx-reuseport/1.21.1 /
Resource Hash: ad55816ac6c62f214e60a1913ff4f0215ab329034cbc7436a5514941449ca7b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
last-modified: Mon, 29 Oct 2018 11:47:26 GMT
server: nginx-reuseport/1.21.1
etag: W/"5bd6f34e-11f6"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800
expires: Thu, 06 Jan 2022 11:19:56 GMT

POST
H2 200 admin-ajax.php Show response
zatusim.com/wp-admin/ 1 B
384 B 611ms
611ms XHR
text/html 87.236.16.238
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://zatusim.com/wp-admin/admin-ajax.php

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.236.16.238 , Russian Federation, ASN198610 (BEGET-AS, RU),

Reverse DNS

Software

nginx-reuseport/1.21.1 / PHP/7.1.33

Resource Hash

5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: nginx-reuseport/1.21.1
x-powered-by: PHP/7.1.33
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://zatusim.com
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-robots-tag: noindex
vary: Accept-Encoding
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H3 200 zcom.json Show response
rotarb.bid/ 715 B
894 B 75ms
74ms XHR
application/json 2606:4700:3030::6815:3ba3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rotarb.bid/zcom.json
Requested by: Host: zatusim.com
URL: https://zatusim.com/wp-content/zcom.js?ver=0.3.9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:3ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a6659bedfa7dc21f0256e8cc571baf95327935c3320b6357a4f47113711b310

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YNF5kOrMPYQVdeua6%2FpDYwkbRgiKrgMP8kADWI3uIj1OeWXdsiH5gXxGMIi2%2FiCofToQSHbn6Ay3aejbNe%2FHWFXTVNFH4y9e9vq9DyPyVx76lq%2Bq0oy%2BrB%2Bg%2B8BHfBk9V09MzNrDgn5V"}],"group":"cf-nel","max_age":604800}
cf-ray: 6c5ae0430d6c3742-MXP
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H3 200 zcom.json Show response
rotarb.bid/ 60 B
602 B 79ms
79ms XHR
application/json 2606:4700:3030::6815:3ba3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rotarb.bid/zcom.json
Requested by: Host: zatusim.com
URL: https://zatusim.com/wp-content/zcom.js?ver=0.3.9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:3ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7057dc6c22654c0f172a36455ae3d84e221d17b17ec4869edb3722f133427fb5

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lvfj6dUYsX59a0TWz8E1U9CTMrwqDMldM%2B2fhW3kS98PNyUcNA3qTDqaR%2F%2FW42PwyGZWvs7mTuynUzafH0G6UAns%2FRHc8pIHkxYmYohGCVSzzZVitekBzy4Ns5JghrgLGae%2FkO%2Fcd6nc"}],"group":"cf-nel","max_age":604800}
cf-ray: 6c5ae0430d6d3742-MXP
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 www-player-webp.css
www.youtube.com/s/player/8da38e9a/ Frame 97A2 338 KB
46 KB 23ms
7ms Stylesheet
text/css 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8da38e9a/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93a8cc54b517a35c22648e5a2b1694dac62247ad174386f1791d1c4d0c6edd8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 09:23:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6989
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47369
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 22:18:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 30 Dec 2022 09:23:27 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/8da38e9a/www-embed-player.vflset/ Frame 97A2 226 KB
73 KB 36ms
26ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8da38e9a/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0496ff7b5e02ba5dcf004405c2b4eba9e66d7a89002346aa17ea3c1b4311806

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:38:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 160886
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74819
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 22:18:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 28 Dec 2022 14:38:30 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/ Frame 97A2 2 MB
528 KB 34ms
24ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d4a5a8296ca52691fde29abc2b8cd81c06ce8717a4b703ef1221bcd01e1d8dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 23:22:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 475050
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 540837
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 22:18:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 24 Dec 2022 23:22:26 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/8da38e9a/fetch-polyfill.vflset/ Frame 97A2 8 KB
3 KB 40ms
30ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8da38e9a/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 14:09:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76249
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 22:18:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 29 Dec 2022 14:09:07 GMT

GET
H3 200 www-player-webp.css
www.youtube.com/s/player/8da38e9a/ Frame 083D 338 KB
46 KB 20ms
11ms Stylesheet
text/css 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8da38e9a/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93a8cc54b517a35c22648e5a2b1694dac62247ad174386f1791d1c4d0c6edd8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 09:23:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6989
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47369
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 22:18:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 30 Dec 2022 09:23:27 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/8da38e9a/www-embed-player.vflset/ Frame 083D 226 KB
73 KB 37ms
28ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8da38e9a/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0496ff7b5e02ba5dcf004405c2b4eba9e66d7a89002346aa17ea3c1b4311806

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:38:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 160886
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74819
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 22:18:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 28 Dec 2022 14:38:30 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/ Frame 083D 2 MB
528 KB 32ms
23ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d4a5a8296ca52691fde29abc2b8cd81c06ce8717a4b703ef1221bcd01e1d8dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 23:22:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 475050
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 540837
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 22:18:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 24 Dec 2022 23:22:26 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/8da38e9a/fetch-polyfill.vflset/ Frame 083D 8 KB
3 KB 39ms
30ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8da38e9a/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 14:09:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76249
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 22:18:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 29 Dec 2022 14:09:07 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 97A2 15 KB
15 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 17:06:41 GMT
x-content-type-options: nosniff
age: 151995
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 17:06:41 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 083D 15 KB
15 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 17:06:41 GMT
x-content-type-options: nosniff
age: 151995
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 17:06:41 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 215 B
644 B 53ms
24ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=zatusim.com&callback=_gfp_s_&client=ca-pub-7695804958037097

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7695804958037097&plah=zatusim.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e45f15d8ce69335d1b707f6a7a1518e64a622a5e68e85bdd3071651bd22c3047

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 200
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 98ms
21ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=zatusim.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 75ms
17ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=zatusim.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 82BA 22 KB
9 KB 538ms
537ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&slotname=2750588245&adk=2148637027&adf=1822546358&pi=t.ma~as.2750588245&w=1100&fwrn=4&fwrnh=100&lmt=1640863196&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863196437&bpp=4&bdt=353&idt=239&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=89095857355&frm=20&pv=2&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=f7OAy7ImjI&p=https%3A//zatusim.com&dtd=263

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ff11d2d754995869c36224d97b6975401d749afd86c1d9130ce82bda49e457db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 30 Dec 2021 11:19:57 GMT
server: cafe
content-length: 9422
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 30 Dec 2021 11:19:57 GMT
cache-control: private

GET
H2

400

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9503.WpQdShgnNIgtjqrdW_k1Cqmr0zI4-dm_ACN0lNV7U-1Xu4PfoeKe4L1B8SJebiaj.8TN-kd3fB0Q2_t3Jt_XrPUN_BTs%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9503.IDkKgNLmF5OP4lvXlVjR2R2gXZ4uQAGY4VSRqCJYwo8tnG3TyDAzCkfyIIXrmBQnXiaEBqD8S1Ua2DbFGXvkTQ%2C%2C.ziiH8F88Dyd8SId7XDkiU6QDmO4%2C

75 B
75 B

42ms
41ms

Image
text/html

2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9503.IDkKgNLmF5OP4lvXlVjR2R2gXZ4uQAGY4VSRqCJYwo8tnG3TyDAzCkfyIIXrmBQnXiaEBqD8S1Ua2DbFGXvkTQ%2C%2C.ziiH8F88Dyd8SId7XDkiU6QDmO4%2C

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9503.IDkKgNLmF5OP4lvXlVjR2R2gXZ4uQAGY4VSRqCJYwo8tnG3TyDAzCkfyIIXrmBQnXiaEBqD8S1Ua2DbFGXvkTQ%2C%2C.ziiH8F88Dyd8SId7XDkiU6QDmO4%2C
date: Thu, 30 Dec 2021 11:19:56 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
136 B 45ms
44ms Image
image/gif 2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
last-modified: Thu, 23 Dec 2021 16:10:01 GMT
etag: "61c47529-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Thu, 30 Dec 2021 12:19:56 GMT

POST
H3 200 zcom.json Show response
rotarb.bid/ 59 B
598 B 74ms
73ms XHR
application/json 2606:4700:3030::6815:3ba3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rotarb.bid/zcom.json
Requested by: Host: zatusim.com
URL: https://zatusim.com/wp-content/zcom.js?ver=0.3.9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:3ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29a021a62e8caf136c039b3363beeb41a69d4b6affbf18c6be64c413e603123d

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g5dGXxVYQ8dqOQjez5BLSuow22jG3BocpCwQbnNLKieUrt9Jh6I63HY%2FwDyh%2F7A8CN9UpFhts4WOBZwnvFKt5yiCz7FJke2jEsXGTwUSGvsmVN3v%2BWF49L4ua2ni0JCwJL3dxaHA4ZVP"}],"group":"cf-nel","max_age":604800}
cf-ray: 6c5ae043bebd3742-MXP
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 render Show response
pwxlqg.com/v1/ 11 KB
3 KB 299ms
177ms XHR
text/html 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pwxlqg.com/v1/render?surfer_uuid=fa0dc153-18fa-412f-bfb4-9eedd98bd4dd&referrer=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&page_load_uuid=78ec57d3-c2e1-4fbc-91cb-b77eb5c50061&page_depth=1&wtrn9k5eh6j=d82de1b6-a8de-4ddf-a01d-240279a086fd&block_uuid=d82de1b6-a8de-4ddf-a01d-240279a086fd&refresh_depth=1&safari_multiple_request=770
Requested by: Host: pwxlqg.com
URL: https://pwxlqg.com/16p71l291lvi0mp30y/8qh687vuq678pykl3o.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 56dff0e27c5480f6b5d9ca8bd0df59343dcff0cdb861eb523a0f40ee5d41fb19

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
server: nginx/1.14.2
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, must-revalidate
expires: -1

GET
H2 200 render Show response
pwxlqg.com/v1/ 16 KB
5 KB 390ms
269ms XHR
text/html 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pwxlqg.com/v1/render?surfer_uuid=fa0dc153-18fa-412f-bfb4-9eedd98bd4dd&referrer=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&page_load_uuid=78ec57d3-c2e1-4fbc-91cb-b77eb5c50061&page_depth=1&wtrn9k5eh6j=2cef2b25-779c-4280-b9a5-c7139c33db44&block_uuid=2cef2b25-779c-4280-b9a5-c7139c33db44&refresh_depth=1&safari_multiple_request=920
Requested by: Host: pwxlqg.com
URL: https://pwxlqg.com/16p71l291lvi0mp30y/8qh687vuq678pykl3o.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: cbb4d6c430dd4fa951e08c2c667c940e58beba3491ad97ea30404f58d51958cb

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
server: nginx/1.14.2
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, must-revalidate
expires: -1

GET
H2 200 render Show response
pwxlqg.com/v1/ 18 KB
6 KB 475ms
354ms XHR
text/html 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pwxlqg.com/v1/render?surfer_uuid=fa0dc153-18fa-412f-bfb4-9eedd98bd4dd&referrer=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&page_load_uuid=78ec57d3-c2e1-4fbc-91cb-b77eb5c50061&page_depth=1&wtrn9k5eh6j=05bcb75a-433d-4c21-8324-e6f05396cb89&block_uuid=05bcb75a-433d-4c21-8324-e6f05396cb89&refresh_depth=1&safari_multiple_request=3
Requested by: Host: pwxlqg.com
URL: https://pwxlqg.com/16p71l291lvi0mp30y/8qh687vuq678pykl3o.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: f08908bb4c6a166901d8671e4cd549900f73126ed5d53d2c0c0ebcf679e6134b

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
server: nginx/1.14.2
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, must-revalidate
expires: -1

GET
H2 200 render Show response
pwxlqg.com/v1/ 15 KB
5 KB 228ms
108ms XHR
text/html 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pwxlqg.com/v1/render?surfer_uuid=fa0dc153-18fa-412f-bfb4-9eedd98bd4dd&referrer=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&page_load_uuid=78ec57d3-c2e1-4fbc-91cb-b77eb5c50061&page_depth=1&wtrn9k5eh6j=13cd481c-4230-499c-8145-f04e11d4d53f&block_uuid=13cd481c-4230-499c-8145-f04e11d4d53f&refresh_depth=1&safari_multiple_request=337
Requested by: Host: pwxlqg.com
URL: https://pwxlqg.com/16p71l291lvi0mp30y/8qh687vuq678pykl3o.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 51dd0d58cb0e4d72e11f87df4526484c10c1ed295cd8b4867708805c5fef16b4

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
server: nginx/1.14.2
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, must-revalidate
expires: -1

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7067 108 KB
38 KB 723ms
722ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=600&slotname=2750588245&adk=2037619514&adf=2110228848&pi=t.ma~as.2750588245&w=300&fwrn=4&fwrnh=100&lmt=1640863196&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863196444&bpp=1&bdt=360&idt=314&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=1100x280&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=562&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=V9XQ53GgvS&p=https%3A//zatusim.com&dtd=316

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

180b6f304463fd1e0dbf43720850934ce4698b4425c06a8ab869d96b9e3050eb

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJbj49-zi_UCFVwJswAdPy8HUg&gqi=3JXNYb7GL4yOtwe-sIXIAg&layout=/sadbundle/%24csp%253Der3%24/761667184620543168/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJbj49-zi_UCFVwJswAdPy8HUg&gqi=3JXNYb7GL4yOtwe-sIXIAg&layout=/sadbundle/%24csp%253Der3%24/761667184620543168/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 30 Dec 2021 11:19:57 GMT
server: cafe
content-length: 39106
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 30 Dec 2021 11:19:57 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 94B1 305 KB
66 KB 928ms
927ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&adk=1812271804&adf=3025194257&lmt=1640863196&plat=3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863196457&bpp=1&bdt=373&idt=316&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600&nras=1&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&pvsid=305968837697233&pem=713&tmod=295&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=5&uci=a!5&fsb=1&dtd=336

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2818d6a37fa8706e13b7f6ebe445b38ce6a5afd7ed8c2f57085fdd9e35575a26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 30 Dec 2021 11:19:57 GMT
server: cafe
content-length: 68011
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 30 Dec 2021 11:19:57 GMT
cache-control: private

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 97A2
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

20ms
20ms

XHR
application/json

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed

Protocol

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6772c265a21773ed1f8eed642f144cc60671bd7ddfdffdca682f41d3dca358fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 30 Dec 2021 11:19:56 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 97A2 29 B
588 B 34ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8da38e9a/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:12:15 GMT
x-content-type-options: nosniff
age: 461
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 11:27:15 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 083D
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

39ms
39ms

XHR
application/json

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed

Protocol

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e99b0800b5ddb97b5cc6a17425ca50cf0e31fa659531a1f97dcd63af9c55011

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 30 Dec 2021 11:19:56 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 083D 29 B
54 B 30ms
10ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8da38e9a/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:12:15 GMT
x-content-type-options: nosniff
age: 461
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 11:27:15 GMT

GET
H3 200 remote.js Show response
www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/ Frame 97A2 94 KB
29 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc328eeaf800bfc497c691f3d92a67891dc61368e72111f0c1a02c7fe37d702b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 23:31:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 474536
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29815
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 22:18:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 24 Dec 2022 23:31:00 GMT

GET
H2 200 Cl7PG6JefISdvQ5f5DHlM2PydHOtKzDBOwJ_tmyY6lw.js Show response
www.google.com/js/th/ Frame 97A2 35 KB
14 KB 51ms
10ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/Cl7PG6JefISdvQ5f5DHlM2PydHOtKzDBOwJ_tmyY6lw.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a5ecf1ba25e7c849dbd0e5fe431e53363f27473ad2b30c13b027fb66c98ea5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 06:42:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 189471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13395
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 17:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Dec 2022 06:42:05 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/ Frame 97A2 26 KB
7 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71f4a6b13f5d5b9c56c3c3e769b5914c7e5738b295477d9c42caa75101a1ec06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 23:22:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 475047
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7635
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 22:18:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 24 Dec 2022 23:22:29 GMT

GET
H3 200 remote.js Show response
www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/ Frame 083D 94 KB
29 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc328eeaf800bfc497c691f3d92a67891dc61368e72111f0c1a02c7fe37d702b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 23:31:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 474537
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29815
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 22:18:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 24 Dec 2022 23:31:00 GMT

GET
H3 200 Cl7PG6JefISdvQ5f5DHlM2PydHOtKzDBOwJ_tmyY6lw.js Show response
www.google.com/js/th/ Frame 083D 35 KB
13 KB 35ms
11ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/Cl7PG6JefISdvQ5f5DHlM2PydHOtKzDBOwJ_tmyY6lw.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a5ecf1ba25e7c849dbd0e5fe431e53363f27473ad2b30c13b027fb66c98ea5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 06:42:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 189472
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13395
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 17:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Dec 2022 06:42:05 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/ Frame 083D 26 KB
7 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71f4a6b13f5d5b9c56c3c3e769b5914c7e5738b295477d9c42caa75101a1ec06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 23:22:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 475048
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7635
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 22:18:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 24 Dec 2022 23:22:29 GMT

GET
DATA 200
OK truncated
/ Frame 083D 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 VEWZGGxBs0V53VHUF5lUBgy82lnQz11Mi3CCuyLAFENdL_zHY9xvg0Y4Pq-it5sF-L4P7CAw2VA=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame 083D 5 KB
6 KB 82ms
29ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/VEWZGGxBs0V53VHUF5lUBgy82lnQz11Mi3CCuyLAFENdL_zHY9xvg0Y4Pq-it5sF-L4P7CAw2VA=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5de9ae25e3fb859846b91b28952b6e2bc9d1336d102b12be98b50d53e7798c65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 07:58:31 GMT
x-content-type-options: nosniff
age: 12086
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5489
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 23 Nov 2021 08:13:18 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/2CTwfZjXsao/ Frame 083D 51 KB
52 KB 81ms
30ms Image
image/jpeg 2a00:1450:4001:809::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/2CTwfZjXsao/hqdefault.jpg

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41031936f704ccb58dc5d234f9e79116ffb8b3fd94be287d5fbd2034d8c1c41b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 10:10:42 GMT
x-content-type-options: nosniff
age: 4155
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52687
x-xss-protection: 0
server: sffe
etag: "1639834751"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 30 Dec 2021 12:10:42 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 083D 10 KB
10 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 21:29:26 GMT
x-content-type-options: nosniff
age: 222631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9832
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:49 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 27 Dec 2022 21:29:26 GMT

GET
DATA 200
OK truncated
/ Frame 97A2 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 VEWZGGxBs0V53VHUF5lUBgy82lnQz11Mi3CCuyLAFENdL_zHY9xvg0Y4Pq-it5sF-L4P7CAw2VA=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame 97A2 5 KB
5 KB 74ms
30ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/VEWZGGxBs0V53VHUF5lUBgy82lnQz11Mi3CCuyLAFENdL_zHY9xvg0Y4Pq-it5sF-L4P7CAw2VA=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5de9ae25e3fb859846b91b28952b6e2bc9d1336d102b12be98b50d53e7798c65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 07:58:31 GMT
x-content-type-options: nosniff
age: 12086
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5489
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 23 Nov 2021 08:13:18 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/XQ2Q0226giU/ Frame 97A2 50 KB
50 KB 115ms
73ms Image
image/jpeg 2a00:1450:4001:809::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/XQ2Q0226giU/hqdefault.jpg

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3cc47327700468fac2409f2642c69ec8cb8dd9a396c92021f2457e4afceeccd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 10:04:19 GMT
x-content-type-options: nosniff
age: 4538
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50757
x-xss-protection: 0
server: sffe
etag: "1640351666"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 30 Dec 2021 12:04:19 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 97A2 10 KB
10 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 21:29:26 GMT
x-content-type-options: nosniff
age: 222631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9832
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:49 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 27 Dec 2022 21:29:26 GMT

GET
H2 200 d036141efbecb015.jpeg
pwxlqg.com/.cdn/05a5cf/0a8005/2cb5a81c47894d6eb7ff9649276f42c0/ 21 KB
21 KB 133ms
133ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/0a8005/2cb5a81c47894d6eb7ff9649276f42c0/d036141efbecb015.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 348a5fee41089a9024d67c608f63251790d0809676f2343d77114f4e647f7bf2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Wed, 15 Sep 2021 13:06:06 GMT
server: nginx/1.14.2
etag: "6141efbe-5431"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 21553

GET
H2 200 d036162cd5d290d6.jpeg
pwxlqg.com/.cdn/05a5cf/d3d944/a7803db7ab9341dd88761a63219a54ce/ 27 KB
27 KB 140ms
139ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/d3d944/a7803db7ab9341dd88761a63219a54ce/d036162cd5d290d6.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: d3128bd7184f776e91544e1cfcd82806985004eedeeda17edd5c0383fbfafbaf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Sun, 10 Oct 2021 11:24:13 GMT
server: nginx/1.14.2
etag: "6162cd5d-6a6b"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 27243

GET
H2 200 d0361c6471dd0e96.jpeg
pwxlqg.com/.cdn/05a5cf/c20ad4/24282fd0b59448da99b43a82f4756fc0/ 15 KB
16 KB 189ms
188ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/c20ad4/24282fd0b59448da99b43a82f4756fc0/d0361c6471dd0e96.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 0416ce79a5702b072243b6ca5873a666922d5814bf286177d90d323abd5d172b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Fri, 24 Dec 2021 22:18:05 GMT
server: nginx/1.14.2
etag: "61c6471d-3d54"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 15700

GET
H2 200 d0361bb5e89a14a5.jpeg
pwxlqg.com/.cdn/05a5cf/c20ad4/399beb4a71c043e7aaee68b6da8bd112/ 28 KB
28 KB 208ms
207ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/c20ad4/399beb4a71c043e7aaee68b6da8bd112/d0361bb5e89a14a5.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 4bb2d799da061032f9124541c5342eabe561427644b5855fda63d3b23d5fa6ca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Thu, 16 Dec 2021 15:43:05 GMT
server: nginx/1.14.2
etag: "61bb5e89-7102"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 28930

GET
H3 200 css
fonts.googleapis.com/ 12 KB
827 B 73ms
29ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,200,300,400,500,600,700,800,900

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ba5c75008a133ef73a0eb980a0c37c168b6bd5db7279a90105697670440eeedf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 10:41:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 11:19:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 11:19:57 GMT

GET
H2 200 d0361c968817ec2a.jpeg
pwxlqg.com/.cdn/05a5cf/c20ad4/5578005ea1984cf8bf704fb4f5438e98/ 30 KB
30 KB 229ms
229ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/c20ad4/5578005ea1984cf8bf704fb4f5438e98/d0361c968817ec2a.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 35720d9228c7e10cd4ae42344d4843042c1ff114b53f1e8bb845e412e9b57324

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Mon, 27 Dec 2021 07:17:21 GMT
server: nginx/1.14.2
etag: "61c96881-7885"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 30853

GET
H2

200

1 Show response
mc.yandex.com/watch/32613780/
Redirect Chain

https://mc.yandex.com/watch/32613780?wmode=7&page-url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ayk...
https://mc.yandex.com/watch/32613780/1?wmode=7&page-url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A...

350 B
432 B

67ms
67ms

XHR
application/json

2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/32613780/1?wmode=7&page-url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfph1z85b6in%3Afp%3A553%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A722%3Acn%3A1%3Adp%3A0%3Als%3A1513566998031%3Ahid%3A680550492%3Az%3A0%3Ai%3A20211230111956%3Aet%3A1640863197%3Ac%3A1%3Arn%3A756576893%3Arqn%3A1%3Au%3A1640863197963239161%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1640863195712%3Ads%3A40%2C112%2C217%2C3%2C0%2C0%2C%2C318%2C0%2C%2C%2C%2C690%3Adsn%3A40%2C112%2C217%2C3%2C0%2C0%2C%2C317%2C0%2C%2C%2C%2C690%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1640863197%3At%3A%D0%A1%D1%86%D0%B5%D0%BD%D0%B0%D1%80%D0%B8%D0%B9%20%D0%BD%D0%B0%20%D0%9D%D0%BE%D0%B2%D1%8B%D0%B9%20%D0%B3%D0%BE%D0%B4%20%D0%B4%D0%BB%D1%8F%20%D1%81%D0%B5%D0%BC%D1%8C%D0%B8%3A%20%D0%B2%D0%B5%D1%81%D0%B5%D0%BB%D1%8B%D0%B9%20%D0%BF%D1%80%D0%B0%D0%B7%D0%B4%D0%BD%D0%B8%D0%BA%20%D1%81%20%D0%B8%D0%B3%D1%80%D0%B0%D0%BC%D0%B8%2C%20%D0%BA%D0%BE%D0%BD%D0%BA%D1%83%D1%80%D1%81%D0%B0%D0%BC%D0%B8%20%D0%B8%20%D1%84%D0%B8%D0%BB%D1%8C%D0%BC%D0%B0%D0%BC%D0%B8&t=gdpr%2814%29aw%281%29ti%282%29

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

da87e6c9af949f8327cf09ea99eb070e535fedd63a7187f3d48a7c25d3914435

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 30-Dec-2021 11:19:57 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://zatusim.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 350
x-xss-protection: 1; mode=block
expires: Thu, 30-Dec-2021 11:19:57 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Thu, 30-Dec-2021 11:19:57 GMT
location: /watch/32613780/1?wmode=7&page-url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfph1z85b6in%3Afp%3A553%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A722%3Acn%3A1%3Adp%3A0%3Als%3A1513566998031%3Ahid%3A680550492%3Az%3A0%3Ai%3A20211230111956%3Aet%3A1640863197%3Ac%3A1%3Arn%3A756576893%3Arqn%3A1%3Au%3A1640863197963239161%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1640863195712%3Ads%3A40%2C112%2C217%2C3%2C0%2C0%2C%2C318%2C0%2C%2C%2C%2C690%3Adsn%3A40%2C112%2C217%2C3%2C0%2C0%2C%2C317%2C0%2C%2C%2C%2C690%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1640863197%3At%3A%D0%A1%D1%86%D0%B5%D0%BD%D0%B0%D1%80%D0%B8%D0%B9%20%D0%BD%D0%B0%20%D0%9D%D0%BE%D0%B2%D1%8B%D0%B9%20%D0%B3%D0%BE%D0%B4%20%D0%B4%D0%BB%D1%8F%20%D1%81%D0%B5%D0%BC%D1%8C%D0%B8%3A%20%D0%B2%D0%B5%D1%81%D0%B5%D0%BB%D1%8B%D0%B9%20%D0%BF%D1%80%D0%B0%D0%B7%D0%B4%D0%BD%D0%B8%D0%BA%20%D1%81%20%D0%B8%D0%B3%D1%80%D0%B0%D0%BC%D0%B8%2C%20%D0%BA%D0%BE%D0%BD%D0%BA%D1%83%D1%80%D1%81%D0%B0%D0%BC%D0%B8%20%D0%B8%20%D1%84%D0%B8%D0%BB%D1%8C%D0%BC%D0%B0%D0%BC%D0%B8&t=gdpr%2814%29aw%281%29ti%282%29
strict-transport-security: max-age=31536000
access-control-allow-origin: https://zatusim.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Thu, 30-Dec-2021 11:19:57 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 97A2 4 KB
3 KB 110ms
42ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 11:19:57 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 083D 4 KB
2 KB 112ms
50ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8da38e9a/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 11:19:57 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame 97A2 0
9 B 33ms
32ms Image
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?c-Gl2w
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
www.youtube.com/ Frame 083D 0
9 B 30ms
30ms Image
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?88lBwQ
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 d0b61164540dc21e.jpeg
pwxlqg.com/.cdn/05a5cf/fad6f4/9dacf1be7511448490b19e0ac3c94eb3/ 14 KB
14 KB 87ms
87ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/fad6f4/9dacf1be7511448490b19e0ac3c94eb3/d0b61164540dc21e.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 3259226a7a32503da40c547c7eb329e6955f2d84bdc1dcec94be5b3e9c305bbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Fri, 13 Aug 2021 10:11:12 GMT
server: nginx/1.14.2
etag: "61164540-3681"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 13953

GET
H2 200 d0b61caae4815476.jpeg
pwxlqg.com/.cdn/05a5cf/c20ad4/876f5f3f3de740fe9e32fac159fa06c5/ 37 KB
37 KB 94ms
94ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/c20ad4/876f5f3f3de740fe9e32fac159fa06c5/d0b61caae4815476.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: b7e3a02d4d8d9f28cf8547f450d61da71c432ceaae3cd80f652e73fd9e3654cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Tue, 28 Dec 2021 06:27:20 GMT
server: nginx/1.14.2
etag: "61caae48-94fb"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 38139

GET
H2 200 d0b61c9895102f8e.jpeg
pwxlqg.com/.cdn/05a5cf/c20ad4/72fd3d35d101437a85a02e5415c47d41/ 27 KB
27 KB 119ms
119ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/c20ad4/72fd3d35d101437a85a02e5415c47d41/d0b61c9895102f8e.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 467d8cbcda0af956f77739589870c2d7d85dae943aae7006150b51d8ced28e82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Mon, 27 Dec 2021 09:37:21 GMT
server: nginx/1.14.2
etag: "61c98951-6a08"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 27144

GET
H2 200 d0b618a3ef5a13fa.jpeg
pwxlqg.com/.cdn/05a5cf/6512bd/6787bb275fce4000a0288e66971318e3/ 23 KB
23 KB 136ms
136ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/6512bd/6787bb275fce4000a0288e66971318e3/d0b618a3ef5a13fa.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 1a60e8bb46b90e99e8290546e595d96ed29bcb09c89c0ca401fe47c6102fbd9a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Tue, 09 Nov 2021 09:27:17 GMT
server: nginx/1.14.2
etag: "618a3ef5-5cb0"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 23728

GET
H3 200 css
fonts.googleapis.com/ 14 KB
831 B 43ms
42ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:100,200,300,400,500,600,700,800,900

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c0ec82d3d3874dad85529b9cc4e00a6901e1c7ddd5362aaf86c5a201f1d89eda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 09:24:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 11:19:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 11:19:57 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 32ms
32ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,200,300,400,500,600,700,800,900

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zatusim.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 17:56:19 GMT
x-content-type-options: nosniff
age: 62618
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 17:56:19 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v29/ 9 KB
9 KB 35ms
35ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,200,300,400,500,600,700,800,900

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

053508cc4ed1acf7db8ed96deca42ffebfa1669c5cecd62f4415b926d07b5aaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zatusim.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 18:07:18 GMT
x-content-type-options: nosniff
age: 61959
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:33 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 18:07:18 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 32ms
32ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,200,300,400,500,600,700,800,900

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zatusim.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:39:48 GMT
x-content-type-options: nosniff
age: 510009
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:39:48 GMT

POST
H3 200 zcom.json Show response
rotarb.bid/ 59 B
606 B 101ms
101ms XHR
application/json 2606:4700:3030::6815:3ba3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rotarb.bid/zcom.json
Requested by: Host: zatusim.com
URL: https://zatusim.com/wp-content/zcom.js?ver=0.3.9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:3ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: addbb66b618040ad016eeae6087bbbc7e5485946c81e0c76ffccf47eca19bfd4

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LSh52PiR8Nqa1iIxEDgJ%2BGsRpwWyfpoSSJ%2BOE6tPDOBNS3r98%2F%2FCI7rh%2B%2BsQTmyyAuxf7jww2spxhafA77NB%2F%2BQ8tGRhh9LRFAUWSvArYUJ0Tel4A%2Fq5PK2G4GQe4wcO562Rm1%2FYXMUI"}],"group":"cf-nel","max_age":604800}
cf-ray: 6c5ae0471d2a3742-MXP
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 d035f61a416e514f.jpeg
pwxlqg.com/.cdn/7b7a53/0a8005/7089aaf4610e47498fe80c5f13d51a15/ 18 KB
18 KB 104ms
103ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/7b7a53/0a8005/7089aaf4610e47498fe80c5f13d51a15/d035f61a416e514f.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 3b634f4f03edfe513e9de6dc5bcf9dd52f7271e06be9fddbf1ca2603a8587dba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Wed, 16 Sep 2020 05:35:18 GMT
server: nginx/1.14.2
etag: "5f61a416-4602"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 17922

GET
H2 200 d0360f0023f13f47.jpeg
pwxlqg.com/.cdn/05a5cf/d72d18/aba6c79770ff4ce9a32c46a750d531c5/ 18 KB
19 KB 112ms
111ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/d72d18/aba6c79770ff4ce9a32c46a750d531c5/d0360f0023f13f47.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: eca87fe1becd8e8ae4651af302000955c2eedbafaeaf899af211c5e4c6abc0ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Thu, 15 Jul 2021 09:39:11 GMT
server: nginx/1.14.2
etag: "60f0023f-4985"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 18821

GET
H2 200 d0361baecae4de10.jpeg
pwxlqg.com/.cdn/05a5cf/c20ad4/ee729c9d1a854685bc34ec06aa011db0/ 16 KB
16 KB 134ms
133ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/c20ad4/ee729c9d1a854685bc34ec06aa011db0/d0361baecae4de10.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: e146bac2d2c66e59bd90f0b140eb9e7ad95e9a90646145e7fd5efc1acbac7fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Thu, 16 Dec 2021 07:37:18 GMT
server: nginx/1.14.2
etag: "61baecae-3f4c"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 16204

GET
H2 200 d0361715c5e79acf.jpeg
pwxlqg.com/.cdn/05a5cf/d3d944/3abcd163c5d84b5bbc005e5e03e4fa38/ 21 KB
21 KB 135ms
134ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/d3d944/3abcd163c5d84b5bbc005e5e03e4fa38/d0361715c5e79acf.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 4fb2c22013844632fcdd4b10f9c25871c85f59694b1979e396f718d45427c9e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Thu, 21 Oct 2021 12:26:06 GMT
server: nginx/1.14.2
etag: "61715c5e-5495"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 21653

GET
H2 200 d0361ca70a57b299.jpeg
pwxlqg.com/.cdn/05a5cf/c20ad4/583833fc23ea4f43bbb15ac79c57095c/ 21 KB
21 KB 144ms
142ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/c20ad4/583833fc23ea4f43bbb15ac79c57095c/d0361ca70a57b299.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 91439eb515f87a7ef4f5e4f7f3c42ebe151148f83698304cea1d1db73ab4972b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Tue, 28 Dec 2021 02:04:21 GMT
server: nginx/1.14.2
etag: "61ca70a5-52b4"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 21172

GET
H2 200 d0360edbdee4374e.jpeg
pwxlqg.com/.cdn/05a5cf/d72d18/abd9b7a3743c49d796acdd9b9435bc9a/ 18 KB
18 KB 166ms
165ms Image
image/jpeg 62.76.25.28
NETRACK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwxlqg.com/.cdn/05a5cf/d72d18/abd9b7a3743c49d796acdd9b9435bc9a/d0360edbdee4374e.jpeg
Requested by: Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 62.76.25.28 Moscow, Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: e22e7baf192ba28c82b8a9012f1c6d7a58c7f0b0d770073755ce461c7e281cf2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Tue, 13 Jul 2021 16:23:10 GMT
server: nginx/1.14.2
etag: "60edbdee-4721"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
content-length: 18209

GET
H3 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ 20 KB
20 KB 34ms
34ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,200,300,400,500,600,700,800,900

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zatusim.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:18:02 GMT
x-content-type-options: nosniff
age: 511315
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20040
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:44 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:18:02 GMT

GET
H3 200 JTURjIg1_i6t8kCHKm45_dJE3g3D_u50.woff2
fonts.gstatic.com/s/montserrat/v18/ 12 KB
12 KB 36ms
36ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE3g3D_u50.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,200,300,400,500,600,700,800,900

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ce6685465805e98dfd2b3633e74711102167bc0ae656c536ba35587c20aeba4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zatusim.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 04:27:02 GMT
x-content-type-options: nosniff
age: 543175
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12228
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:54 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 04:27:02 GMT

GET
H3 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ 19 KB
19 KB 36ms
36ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,200,300,400,500,600,700,800,900

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zatusim.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 07:59:11 GMT
x-content-type-options: nosniff
age: 184846
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 07:59:11 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 82BA 2 KB
1 KB 120ms
35ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&slotname=2750588245&adk=2148637027&adf=1822546358&pi=t.ma~as.2750588245&w=1100&fwrn=4&fwrnh=100&lmt=1640863196&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863196437&bpp=4&bdt=353&idt=239&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=89095857355&frm=20&pv=2&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=f7OAy7ImjI&p=https%3A//zatusim.com&dtd=263

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 10:26:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3217
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 10:26:20 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 82BA 119 KB
37 KB 132ms
47ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 11:19:57 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 82BA 15 KB
7 KB 116ms
32ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:04:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 904
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 11:04:53 GMT

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/96/ Frame 97A2 52 KB
15 KB 86ms
40ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/96/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25fcfee1ad623c5654d6a20d5936f56999688ce944da13f9ea606cf4b9fc18d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 12:41:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81486
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15236
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 15:10:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="cloudview-release"
expires: Thu, 30 Dec 2021 12:41:51 GMT

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/96/ Frame 083D 52 KB
15 KB 78ms
34ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/96/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25fcfee1ad623c5654d6a20d5936f56999688ce944da13f9ea606cf4b9fc18d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 12:41:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81486
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15236
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 15:10:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="cloudview-release"
expires: Thu, 30 Dec 2021 12:41:51 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 82BA 0
0 77ms
76ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C0isD3JXNYabHLJeDwuIP9tKEoAbJntKxXIX-l_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTc2OTU4MDQ5NTgwMzcwOTegAdW20uoDyAEJqQJONYqLVgCzPqgDAaoE7AFP0EfFWi1KHck9QiqB21ZRwAV36sGcf1tBUS-mV4lQXK3WAdrQKkXGqMyy8FrrJYw3rmmLEsVT6d1XqL6gs4UvCiNsavAwneYBY4w2IMPjv5T7MAuqhfTDCDp3kPNnk2KAjZcDD_lvMZ9fBXhBwanafg2tbpeSuDQnaqzIo8AVDjJbRrv1gmEjfGhTOgi3h6oP5PaJcJjm4HKLBcNa3kdZroB3ohAkwJgXr1-0loEFA7a6nel2uajqIiC3kYH9K7T5dGNc8OO96ml17faLp86jMJLdqVhaQH7kzVNSf3tHunskadpx0Lz5HpdRIoAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTc2OTU4MDQ5NTgwMzcwOTcYAA&sigh=zGFzVt9Ikvs&uach_m=[UACH]&cid=CAQSGwCNIrLMd7J4lGQsIir9J_5B6i_hjLc4vLdF9RgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&slotname=2750588245&adk=2148637027&adf=1822546358&pi=t.ma~as.2750588245&w=1100&fwrn=4&fwrnh=100&lmt=1640863196&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863196437&bpp=4&bdt=353&idt=239&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=89095857355&frm=20&pv=2&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=f7OAy7ImjI&p=https%3A//zatusim.com&dtd=263
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Dec 2021 11:19:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 30 Dec 2021 11:19:57 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 82BA 0
0 190ms
36ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=UsDUEcz6RMwImAKdg2ICAgAAAKx2eCdtANT-Cg1dAhDclc1hxjGgfbshRNUfQU4AEg&wp=Yc2V3AALI6YGUIGXAAEpdpiFJuk0Xx5jyIsjjg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
server: Kestrel
server-processing-duration-in-ticks: 281059
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame E37C 145 KB
46 KB 285ms
135ms Document
text/html 2a02:2638:1::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yc2V3AALI6YGUIGXAAEpdpiFJuk0Xx5jyIsjjg&u=%7CP7F4ZwhlJnuadVWYyR7KylbDgbofWSn5emxKVkJb4LQ%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wfKC8Jaasunnb7lXej_Vvy690M-dIfyRdtrboGzSg7eVX37Zm1-SRnvx6KlxY1Y1Z5J3RirLYP2rptiTYqibHzA4YOPFyvRJno5bXrrRD94SDRGuPg-cTguDDT1bgOXFHgJkkiyx_qQnAJH3T9lxBkU5_2w5kiSXLJHjS0OQKul566o-NjrFxiI8g1TsDolSG382D7Qeu_1Zq_Oju03yKojj-91B3zAW3qU_ndaNPo0KZqX1wcTHbimCaEtknhkGEKChjOq9KwJBnCu0FBuwpe1tqZ-dAnrMv4OYhkujMmjEiAviPjovG3xPNcKDUkgHDKsBA1nT5u6Xbvkms-0wCdnEx2dASBup5Yj7sKb_DasedgvnP8X2yswkGF0O3e7rA7phjAfkcRcrN2eiiQZBFyWe3sHKyxMfnQw8PE2kp3jKafNOUAN8Semnf56VG0Hbmiy4oCv9J5tqg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCuKYX3JXNYabHLJeDwuIP9tKEoAbJntKxXIX-l_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTc2OTU4MDQ5NTgwMzcwOTegAdW20uoDyAEJqQJONYqLVgCzPqgDAaoE7wFP0EfFWi1KHck9QiqB21ZRwAV36sGcf1tBUS-mV4lQXK3WAdrQKkXGqMyy8FrrJYw3rmmLEsVT6d1XqL6gs4UvCiNsavAwneYBY4w2IMPjv5T7MAuqhfTDCDp3kPNnk2KAjZcDD_lvMZ9fBXhBwanafg2tbpeSuDQnaqzIo8AVDjJbRrv1gmEjfGhTOgi3h6oP5PaJcJjm4HKLBcNa3kdZroB3ohAkwJgXr1-0loEFA7a6nel2uajqIiC3kYH9K7T5dGNc8OP_6EjnankXtHE_JDENlP6iSWrue1l8Z_nzckaCm2Vv_KR8tBNCnYpX_IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2MVq3KLpDTETZuJl8bm77zDcVWpw%26client%3Dca-pub-7695804958037097%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

41638b36cc56fa01950f0bf88b076f5211dacbc3219feead4d13811ac5f77c4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 30 Dec 2021 11:19:56 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=ywUdni6V3Q5tA3f_HFZwbpeimwfoVibnCQkzE9Nl507ule22X39zU36wrrjw4qTH2ZP59CvBGC4T2BTua7MRsy2NISCAqcj0kz7pcNpnkVzrJ_yvpH_g-f3bpCyUSbUuMeXTFBkqYtUNhQT954prR1rmrEvBy6fNOBx7J5dVsNk3pPwhn4VU_6WjkjLy_oP6I_FkQtl75tMeVWHLVRBbKe3HjxO9-vP_7TM7vkTQQy4G27kjFsFQCzC6E2shfdwME9sqng"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 99585857
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

POST
H3 200 zcom.json Show response
rotarb.bid/ 59 B
596 B 108ms
108ms XHR
application/json 2606:4700:3030::6815:3ba3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rotarb.bid/zcom.json
Requested by: Host: zatusim.com
URL: https://zatusim.com/wp-content/zcom.js?ver=0.3.9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:3ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd08869d49d8c402ff656b0366d135cf2f7199e7c1e7e0ec4509a3ee797c0d9d

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LS672VfaOCXr3HYnHRpLW2tzSFk6T5q8LCC03ivJg0TpVN6zaF0RS33NWtFTrVwf0JaGWHonm7tX1R%2BRA1qJ7rtyYhWDxUfmD9ZV7Ma%2F6WnKadscZ5sBeDG6wWnFu5SPI2IUlKz6OA%2BO"}],"group":"cf-nel","max_age":604800}
cf-ray: 6c5ae047eecf3742-MXP
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
DATA 200
OK truncated
/ Frame 82BA 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8cec80026a973fbece4726dc8248203cd596ec8b055e3896c859b097c276f9b2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 7067 19 KB
8 KB 89ms
51ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=600&slotname=2750588245&adk=2037619514&adf=2110228848&pi=t.ma~as.2750588245&w=300&fwrn=4&fwrnh=100&lmt=1640863196&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863196444&bpp=1&bdt=360&idt=314&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=1100x280&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=562&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=V9XQ53GgvS&p=https%3A//zatusim.com&dtd=316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:16:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 11:16:49 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 7067 2 KB
1 KB 95ms
58ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 10:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1351
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 10:57:26 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7067 119 KB
36 KB 76ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 11:19:57 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 7067 15 KB
6 KB 65ms
29ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:08:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 692
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 11:08:25 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/ Frame 9663 139 KB
23 KB 52ms
32ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/index.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3f0c980d718df0580c4e2a8a2a6d45878074974be1d8941776a70cde547b53b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
date: Tue, 28 Dec 2021 12:06:47 GMT
expires: Wed, 28 Dec 2022 12:06:47 GMT
last-modified: Thu, 01 Jul 2021 21:16:05 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 23717
age: 169990
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7067 0
0 73ms
72ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C-e6U3JXNYZaFM9ySzLUPv96ckAW94IGgZYOx57SrDs_33Zi6ARABIOma0wpgleKQgqAHoAGEocmoAsgBCakC9OuOVU_9sj6oAwHIA0iqBIwCT9BWgjUU5Ufg6seQ2XBtIjHMmiBtfdNCTahcMCzc60jJmZZKzCIcgJrTK6lSCHPz2sGpF7SFPtxh1o8s8YWGmLlsTLrw3nKPRAs4kbjcg8Mv8VhnXy6L7WbKYkK9hAQwoBtbpGmtbzejHqqHh6H3MQqSOIetX4RihyGqjV21Z7ymZiJOGEsZv3qg1Ea5eVlYkdjcSpwlElrGa7aLRyOoo_I85J9aMMcFZiKGXH5_rslI9h1NGI4ppyu11tvn4dBxHnRVfE8FcVyPcvB1TIK8vSjuBXjOdnofl3FxZPFklVrvn1VpT3ZEiMOBB17pZQSZDPf0ge9elAv_usO-FuDwugBSuFbI-FXs30CDQcAEr4aZisoDoAYugAfk3rbXAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEIfqAtIICQiA4YAQEAEYH4AKAcgLAdgTA9AVAYAXAbIXHAoaCAASFHB1Yi03Njk1ODA0OTU4MDM3MDk3GAA&sigh=mlXFg_tYdhg&uach_m=[UACH]&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=600&slotname=2750588245&adk=2037619514&adf=2110228848&pi=t.ma~as.2750588245&w=300&fwrn=4&fwrnh=100&lmt=1640863196&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863196444&bpp=1&bdt=360&idt=314&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=1100x280&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=562&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=V9XQ53GgvS&p=https%3A//zatusim.com&dtd=316
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Dec 2021 11:19:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame E37C 2 KB
1 KB 133ms
40ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yc2V3AALI6YGUIGXAAEpdpiFJuk0Xx5jyIsjjg&u=%7CP7F4ZwhlJnuadVWYyR7KylbDgbofWSn5emxKVkJb4LQ%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wfKC8Jaasunnb7lXej_Vvy690M-dIfyRdtrboGzSg7eVX37Zm1-SRnvx6KlxY1Y1Z5J3RirLYP2rptiTYqibHzA4YOPFyvRJno5bXrrRD94SDRGuPg-cTguDDT1bgOXFHgJkkiyx_qQnAJH3T9lxBkU5_2w5kiSXLJHjS0OQKul566o-NjrFxiI8g1TsDolSG382D7Qeu_1Zq_Oju03yKojj-91B3zAW3qU_ndaNPo0KZqX1wcTHbimCaEtknhkGEKChjOq9KwJBnCu0FBuwpe1tqZ-dAnrMv4OYhkujMmjEiAviPjovG3xPNcKDUkgHDKsBA1nT5u6Xbvkms-0wCdnEx2dASBup5Yj7sKb_DasedgvnP8X2yswkGF0O3e7rA7phjAfkcRcrN2eiiQZBFyWe3sHKyxMfnQw8PE2kp3jKafNOUAN8Semnf56VG0Hbmiy4oCv9J5tqg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCuKYX3JXNYabHLJeDwuIP9tKEoAbJntKxXIX-l_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTc2OTU4MDQ5NTgwMzcwOTegAdW20uoDyAEJqQJONYqLVgCzPqgDAaoE7wFP0EfFWi1KHck9QiqB21ZRwAV36sGcf1tBUS-mV4lQXK3WAdrQKkXGqMyy8FrrJYw3rmmLEsVT6d1XqL6gs4UvCiNsavAwneYBY4w2IMPjv5T7MAuqhfTDCDp3kPNnk2KAjZcDD_lvMZ9fBXhBwanafg2tbpeSuDQnaqzIo8AVDjJbRrv1gmEjfGhTOgi3h6oP5PaJcJjm4HKLBcNa3kdZroB3ohAkwJgXr1-0loEFA7a6nel2uajqIiC3kYH9K7T5dGNc8OP_6EjnankXtHE_JDENlP6iSWrue1l8Z_nzckaCm2Vv_KR8tBNCnYpX_IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2MVq3KLpDTETZuJl8bm77zDcVWpw%26client%3Dca-pub-7695804958037097%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:57 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame E37C 2 KB
1 KB 131ms
39ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:57 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame E37C 308 B
636 B 130ms
39ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 25 Dec 2022 11:19:57 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame E37C 507 B
835 B 130ms
40ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 25 Dec 2022 11:19:57 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame E37C 43 B
372 B 181ms
38ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=MrwICQHbIRnoGeKlU3uCLY8ITtMsPzX9T5kwH5ow4in1oweBoZ-OvcjamGVFVIi7Deb1m0_tZWZbQw2fYN_Yu23Fpl7G0gRFT2m5a1lT93sd4kCjzX9RptajGBZXOtBWkIQ7___8IVBy2DSyIRY7WH8raWumwLeulY6n-JVc3TKd88OcmZR2A7HsmBxqKcDe8ERm8eH5Usg48QSHP6EiI8zXJZF87EUheT7bjvH6PL20Gq_o81E5LQ1n0I8Jymc7cPE4kAvEyDcfqH1T__wzA1R24h3VbSnNvjL485g3ER9Kp5uTQmwnFcqfGwgalJcfo_K7j5Wvir4oMpSs8LbpEY6b5hRcXgEdfMrTIL8JydlarBJSBrP4lDf0sd4BqelmSsaNGhEfdMQcxhSF9Q3DgaucqgH3jGij9OIK991SALtNM98-kdIa2Sr_lB0N1WZJf-VRLw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:57 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 5353
content-type: image/gif
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame E37C 12 KB
5 KB 136ms
48ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 34446
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WCrEl3VnpQOBtfrKVZgTimv2f48tScq7zgRCBo0NmsCoasPS%2BOEhMT%2BnO24FPzFjO5Q00Vm1eAe3hnc4R3CfKlvkQaVKiFm6BJQbfEEIOZkAaEx0Vec4l9seb6GekQAeBiDbDBRa6iqssUZgw1XACGMM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6c5ae04a1e425a07-MXP
expires: Tue, 20 Dec 2022 11:19:57 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 9663 2 KB
604 B 42ms
42ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:regular|Shadows+Into+Light:regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

82c4e99e17c04febdf8092c42bf2b6b4e0ea7b5348181fec896b48c39c394e9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 10:56:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 11:19:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 11:19:57 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 9663 16 KB
6 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 23:28:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42690
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 30 Dec 2021 23:28:27 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 9663 26 KB
10 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 16:13:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68778
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 30 Dec 2021 16:13:39 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4CD9 143 B
163 B 35ms
34ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=600&slotname=2750588245&adk=2037619514&adf=2110228848&pi=t.ma~as.2750588245&w=300&fwrn=4&fwrnh=100&lmt=1640863196&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863196444&bpp=1&bdt=360&idt=314&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=1100x280&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=562&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=V9XQ53GgvS&p=https%3A//zatusim.com&dtd=316

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 30 Dec 2021 11:04:54 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 903
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 7067 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe0f975b079073ed683a10d2f6aefe4b7439400d8d4dc8f3ee77a989e75358ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame E37C 12 KB
6 KB 78ms
57ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:57 GMT

GET
H3 404 null
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/ Frame 9663 43 B
63 B 76ms
75ms Image
image/gif 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/null

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
x-content-type-options: nosniff
server: sffe
x-dns-prefetch-control: off
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Thu, 30 Dec 2021 11:19:57 GMT

GET
H3 200 UqyNK9UOIntux_czAvDQx_ZcHqZXBNQzdcD5.woff2
fonts.gstatic.com/s/shadowsintolight/v10/ Frame 9663 16 KB
16 KB 33ms
32ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/shadowsintolight/v10/UqyNK9UOIntux_czAvDQx_ZcHqZXBNQzdcD5.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:regular|Shadows+Into+Light:regular

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7106ac4056a90e6943627d4c041fca5fc4b60312211715a455f5dddf29bf108f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 25 Dec 2021 20:19:14 GMT
x-content-type-options: nosniff
age: 399643
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16288
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 03:51:13 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 25 Dec 2022 20:19:14 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 9663 15 KB
15 KB 31ms
30ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:regular|Shadows+Into+Light:regular

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:39:48 GMT
x-content-type-options: nosniff
age: 510009
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:39:48 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame E37C 11 KB
11 KB 149ms
48ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=556&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=cJzrnephzXW9iVv6c44m7p2v

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 10:38:13 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 780103
vary: Origin
x-cache: hit cached
content-type: image/png
cache-control: public, max-age=28775785
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 11345
expires: Sat, 19 Nov 2022 11:54:39 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame E37C 100 KB
100 KB 178ms
77ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1217284-_x600-nocrop.jpg&v=3&w=800&s=JKGuXKixQvFsvQSpRjGUn_OC&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e8bc55d56e6a91cf1f2b49616567a2b3cded1016c307eb4860af703d3a5b5579

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 07:22:14 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 619063
vary: Origin
x-cache: hit cached
content-type: image/webp
cache-control: public, max-age=31491767
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 102474
expires: Thu, 22 Dec 2022 19:05:01 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame E37C 130 KB
130 KB 240ms
140ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1167546-_x600-nocrop.jpg&v=3&w=800&s=KoUUKAWq2H4WAfcVueGNhS0k&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

5c6e1a83304838097545a1ef48c04d539f7c04d75d8b081fbe10618b0c1948b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 19:08:05 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 663112
vary: Origin
x-cache: hit cached
content-type: image/webp
cache-control: public, max-age=31535841
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 133074
expires: Thu, 22 Dec 2022 19:05:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame E37C 92 KB
93 KB 239ms
139ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1171120-_x600-nocrop.jpg&v=3&w=800&s=McAWTV3kpIj_ZrQO3GjqNczr&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

afb8123acc4a91b64b8678c7953f867af8ed9b60e5aac9c8040a5898d9d9e29c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 19:04:09 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 663347
vary: Origin
x-cache: hit cached
content-type: image/webp
cache-control: public, max-age=31535999
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 94446
expires: Thu, 22 Dec 2022 19:04:09 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame E37C 0
127 B 153ms
41ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=ywUdni6V3Q5tA3f_HFZwbpeimwfoVibnCQkzE9Nl507ule22X39zU36wrrjw4qTH2ZP59CvBGC4T2BTua7MRsy2NISCAqcj0kz7pcNpnkVzrJ_yvpH_g-f3bpCyUSbUuMeXTFBkqYtUNhQT954prR1rmrEvBy6fNOBx7J5dVsNk3pPwhn4VU_6WjkjLy_oP6I_FkQtl75tMeVWHLVRBbKe3HjxO9-vP_7TM7vkTQQy4G27kjFsFQCzC6E2shfdwME9sqng&sds=2&rev=80000&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 30 Dec 2021 11:19:57 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame E37C 2 KB
1 KB 39ms
38ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:57 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame E37C 2 KB
1 KB 39ms
38ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:57 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4CD9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

270ms
270ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 30 Dec 2021 11:19:58 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 30 Dec 2021 11:19:58 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 30 Dec 2021 11:19:57 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 149 KB
53 KB 64ms
64ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54385
x-xss-protection: 0
server: cafe
etag: 4993246191385855005
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:19:57 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 78ms
40ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=zatusim.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 80ms
40ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=zatusim.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 11:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 032A 26 KB
11 KB 482ms
482ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb8d34c284bcbca9096f421ccb883bb442754d8d7916d3c488e120e237cc35b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 30 Dec 2021 11:19:58 GMT
server: cafe
content-length: 11555
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 38C1 25 KB
11 KB 459ms
458ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e2c27e101b4cbf1088f4c42a1e7f6ce17598dcf733193b4daad9b43e442b0b15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 30 Dec 2021 11:19:58 GMT
server: cafe
content-length: 11474
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D22A 25 KB
11 KB 438ms
438ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=3072855283&pi=t.aa~a.3115621905~i.35~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=1&bdt=1776&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280%2C730x280&nras=4&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=4655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=cjUXKqOrcC&p=https%3A//zatusim.com&dtd=89

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9090f5622c1d1d99b8ae0018ebb5e755e3b2d326360c686e9984d41e8568b0e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 30 Dec 2021 11:19:58 GMT
server: cafe
content-length: 11418
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css
fonts.googleapis.com/ Frame E37C 2 KB
507 B 45ms
44ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 10:04:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 11:19:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 11:19:57 GMT

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame CE3E 11 KB
5 KB 35ms
34ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 29 Dec 2021 18:38:26 GMT
expires: Wed, 12 Jan 2022 18:38:26 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 60091
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame 985B 11 KB
5 KB 38ms
38ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 29 Dec 2021 18:38:26 GMT
expires: Wed, 12 Jan 2022 18:38:26 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 60092
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame 9663 35 KB
13 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 00:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38538
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 00:37:40 GMT

GET
H3 200 Hirsch.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/ Frame 9663 8 KB
8 KB 44ms
43ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/Hirsch.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8737add0f4dcfe0274b0527cdcec53cc4375cf530513f6ae191787404b90a587

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 54688
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8540
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 21:16:05 GMT
server: sffe
date: Wed, 29 Dec 2021 20:08:30 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Dec 2022 20:08:30 GMT

GET
H3 200 Karo.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/ Frame 9663 4 KB
4 KB 45ms
44ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/Karo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

faaaf01f597e356e9dc91520c3bba215dd5476370b3ddea78490da9ffaace6f2

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 86325
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4188
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 21:16:05 GMT
server: sffe
date: Wed, 29 Dec 2021 11:21:13 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Dec 2022 11:21:13 GMT

GET
H3 200 Logo.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/ Frame 9663 7 KB
7 KB 47ms
46ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/Logo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e51320d95e5f83aa7fc3a56413ae6442a3d6bcdef56ef7d3e097952c4e7408ce

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 112925
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6925
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 21:16:05 GMT
server: sffe
date: Wed, 29 Dec 2021 03:57:53 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Dec 2022 03:57:53 GMT

GET
H3 200 Tisch-min.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/ Frame 9663 8 KB
8 KB 45ms
44ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/Tisch-min.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89f724548a2310a768355cf26ed6047fd99b0184e3edfab6ac700a333799d20c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 69741
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7834
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 21:16:05 GMT
server: sffe
date: Wed, 29 Dec 2021 15:57:37 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Dec 2022 15:57:37 GMT

GET
H3 200 Modells.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/ Frame 9663 55 KB
55 KB 61ms
60ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/Modells.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a751656f16d4618636ad788e41f05858bf2257c95701bad8d5f1b8497349cb5f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 173692
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56054
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 21:16:05 GMT
server: sffe
date: Tue, 28 Dec 2021 11:05:06 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 28 Dec 2022 11:05:06 GMT

GET
H3 200 Wald.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/ Frame 9663 40 KB
40 KB 49ms
48ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/Wald.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98fb4b8cc7d3d7d96d48b21e6b825f36aaf50bf4676aebd066903cfe911819fa

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 149373
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41047
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 21:16:05 GMT
server: sffe
date: Tue, 28 Dec 2021 17:50:25 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 28 Dec 2022 17:50:25 GMT

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame E37C 44 KB
44 KB 44ms
44ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 21:17:17 GMT
x-content-type-options: nosniff
age: 223361
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 27 Dec 2022 21:17:17 GMT

GET
H3 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame E37C 46 KB
46 KB 52ms
51ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:03:04 GMT
x-content-type-options: nosniff
age: 163014
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:11 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 14:03:04 GMT

GET
DATA 200
OK truncated
/ Frame 9663 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 css2
fonts.googleapis.com/ Frame CE3E 4 KB
634 B 53ms
52ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 10:22:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 11:19:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 11:19:58 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame CE3E 205 B
229 B 49ms
49ms Image
image/png 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 08:25:59 GMT
x-content-type-options: nosniff
age: 10439
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 30 Dec 2022 08:25:59 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame CE3E 604 B
628 B 50ms
49ms Image
image/png 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 00:01:21 GMT
x-content-type-options: nosniff
age: 40717
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 30 Dec 2022 00:01:21 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame CE3E 19 KB
8 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 10:49:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1812
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8346
x-xss-protection: 0
server: cafe
etag: 3177319193432224586
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 10:49:46 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 985B 2 KB
532 B 52ms
51ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e89a316ebf1c63ea09e2b7b5889fb55e1ffb326c7b2b172027da0948f5709f6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 10:13:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 11:19:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 11:19:58 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 985B 1 KB
890 B 56ms
56ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:18:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 11:18:52 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 985B 0
0 72ms
71ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CLdTt3JXNYYaHMojytwfWkZuAB--7oulm6ZXh0e8NrtT-4JgWEAEg6ZrTCmCV4pCCoAegAdKf8NsDyAEJqQJONYqLVgCzPqgDAcgDywSqBIACT9A2CNayuIUSa9_WiCv2Rp3p-QEM6eXrN-JdWZK_0DiJ3UXR_KvBWZRNIQiyj2vHdJC0jGrqRg2NHriQ_pzeDQjgIacnTQkCnd1FEBE-9vANwNVwPUhrdfb61VWJV92Ivc7BVeR8uPJ8iAYW45kTBzCknTzMeSJ_b-i6QNPZvMJiyJc0pVInnBRbrjdKXprpsMPfcIHtG6rMhnqkGD4KyYXfMX8nOVFStC5bmYtgekhLjsP_5cMG9lRlz3HEWr1A43EJCnis_pEFmJcVYYdhtiw9TnBe32r9ZoLz1wQeUAdp9z9VkPmK_BF-EjzFugx2bcAHz78HzvDbPVMf0CqaqsAEs_WP84sCkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB5bgjySoB47OG6gHk9gbqAfulrECqAf-nrECqAemvhvYBwDyBwQQ47QH0ggJCIjhgBAQARgfgAoByAsB2BMNiBQB0BUBmBYBgBcBshccChoIABIUcHViLTc2OTU4MDQ5NTgwMzcwOTcYAA&sigh=pOjgiTOZl-M&uach_m=[UACH]&template_id=494

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Dec 2021 11:19:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 985B 19 KB
8 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:16:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 189
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 11:16:49 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 985B 2 KB
1 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 10:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1352
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 10:57:26 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 985B 119 KB
36 KB 81ms
80ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 11:19:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 985B 15 KB
6 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:08:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 693
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 11:08:25 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 985B 0
0 51ms
50ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSOdjhevD9TH-elFhndNA-xFIGUM0cs4CGCmazOod0P8xiH12j687DFqbSpcKojkjFbq56glR8w8bCb3ouVZZKAJpEQpA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame 985B 27 KB
11 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 22:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 219799
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 27 Mar 2022 22:16:39 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 985B 33 KB
34 KB 146ms
28ms Image
image/jpeg 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQuCGgToU88Wky0ENwReBBzV1vtNTCWwd8SXudZMmh19XtdnC4zn7c75Tdzvw&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d79d89f3e5af59f18e9e7154f9439e7c175bf597457dfa3fd845c39d333d5ef7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 13:04:26 GMT
x-content-type-options: nosniff
age: 166532
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34164
x-xss-protection: 0
last-modified: Sun, 21 Nov 2021 14:53:53 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 28 Dec 2022 13:04:26 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 985B 27 KB
27 KB 242ms
124ms Image
image/jpeg 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcRM442HFpyYDu4p91Ecx7trqGb0DcqzrXaXy6vclVXS9k6VcJTu4vFVW3MvrA&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ad2d097970b4db22e21d9cd61db5d0de1a257b213c72029bbd248d950538f0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 13:00:03 GMT
x-content-type-options: nosniff
age: 598795
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27655
x-xss-protection: 0
last-modified: Thu, 23 Dec 2021 10:53:56 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 23 Dec 2022 13:00:03 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 985B 36 KB
36 KB 208ms
94ms Image
image/jpeg 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcR9mKI-jzIme4XiKQiCSiHd_xtNeZRiGzYzUT80bQRT1vtYI8ZfMXRCC-l6EQ&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

427d2685841a31254fdccb66cebe9238bafda8df5389752124d878aedcdb8c16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 21:17:16 GMT
x-content-type-options: nosniff
age: 136962
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36652
x-xss-protection: 0
last-modified: Fri, 19 Nov 2021 00:42:28 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 28 Dec 2022 21:17:16 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 985B 32 KB
33 KB 150ms
31ms Image
image/jpeg 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQC5iO9fuOxIJg-tWkVWOQAoqaYbJpzpJw_pEurD-meRFjrxPFcvedBxpQ1JA&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

656bf50a0a30e3a8af841d56bf254aad27e604fd60b34fa80e10d572204e80b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 10:06:22 GMT
x-content-type-options: nosniff
age: 522816
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32958
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 09:52:49 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 24 Dec 2022 10:06:22 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 985B 36 KB
36 KB 191ms
75ms Image
image/jpeg 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQEVV7b7oVodbJYZPYZl5UK-U-CmSKCTHorJcYcBMcUDQFz3ABPSaPOi2nTyvw&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9ca299ab3a7f12b37cce4f76c017b88026120824524d472e3e58b523858e282

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 11:12:43 GMT
x-content-type-options: nosniff
age: 86835
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36754
x-xss-protection: 0
last-modified: Wed, 27 Oct 2021 20:02:04 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 29 Dec 2022 11:12:43 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 985B 25 KB
25 KB 195ms
76ms Image
image/jpeg 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcS8mQJg_ZMgQQPZl0pX-Enrf35-otD4OjM7cDbj3K17FY3cJwaxs7I8dfA9hdQ&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9450dbea0b3f730522d9bf26d624c024beff332513844fb81a680f009cc01a8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 20:11:30 GMT
x-content-type-options: nosniff
age: 313708
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25242
x-xss-protection: 0
last-modified: Sun, 26 Dec 2021 17:58:01 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Mon, 26 Dec 2022 20:11:30 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 985B 24 KB
24 KB 182ms
68ms Image
image/jpeg 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcTbbKtNcHpZixJ9lSRHsLW6xbdcKsniwxlCA7FXwFopoiMMiVyQY78qYHwVaQ&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfc38ef7584666e86afb370d40d96c1ffe01dd9f68040cb2189594f1f2a9ded1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 21:12:55 GMT
x-content-type-options: nosniff
age: 223623
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24217
x-xss-protection: 0
last-modified: Mon, 20 Dec 2021 20:01:28 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 27 Dec 2022 21:12:55 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 985B 24 KB
24 KB 229ms
113ms Image
image/jpeg 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQImh_v8KOT1QtpJLuh9-oQfRX95jnFnJBU8DfU0YGQockxVsWUTFiYk1w0LA&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30b4e4a6b97fbe926d46f710012b7d09740e874f9815e70a4e9405daf155a045

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 14:15:46 GMT
x-content-type-options: nosniff
age: 594252
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24074
x-xss-protection: 0
last-modified: Thu, 16 Dec 2021 11:59:14 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 23 Dec 2022 14:15:46 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 985B 23 KB
24 KB 149ms
35ms Image
image/jpeg 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQOD1KrimJKG0rnCwwBda73F71-4uRMT7T-_59KD7GbEHVb5kaLnC74htBpqg&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d338728c296b18031cc55f50b5fd3212206314394b4c35bf1a75ddb78cb4af3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 07:28:43 GMT
x-content-type-options: nosniff
age: 359475
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23527
x-xss-protection: 0
last-modified: Sun, 26 Dec 2021 05:16:53 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Mon, 26 Dec 2022 07:28:43 GMT

GET
H3

200

16954104317476786032
tpc.googlesyndication.com/simgad/ Frame 985B
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCr6PbFiwEQnQkYnQkyCKuj71APLB1M
https://tpc.googlesyndication.com/simgad/16954104317476786032

34 KB
34 KB

29ms
29ms

Image
image/png

2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16954104317476786032

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

847d2854bb34bc89ab8514267909dbec0fe245278448227d23714781f9dfab71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 00:58:44 GMT
x-content-type-options: nosniff
age: 37274
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34759
x-xss-protection: 0
last-modified: Wed, 13 Mar 2019 08:47:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 30 Dec 2022 00:58:44 GMT

Redirect headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 13:21:24 GMT
x-content-type-options: nosniff
server: cafe
age: 79114
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/16954104317476786032
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 28 Jan 2022 13:21:24 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 5CA7 3 KB
579 B 42ms
42ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 11:08:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 11:19:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 11:19:58 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 5CA7 1 KB
890 B 30ms
30ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:18:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 11:18:52 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 5CA7 19 KB
8 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:16:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 189
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 11:16:49 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 5CA7 2 KB
1 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 10:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1352
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 10:57:26 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5CA7 119 KB
36 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 11:19:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 5CA7 15 KB
6 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:08:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 693
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 11:08:25 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5CA7 0
0 42ms
41ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQkdiJ5MvY34Ys9FykJ2bN408M-XCBb-qTOCn-Fv4XzzMfrq5HNgSmJVJCXQ99tlaRmbr_AG3LZIeDZ6o4X76Z71nZhiw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame 5CA7 27 KB
11 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 22:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 219799
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 27 Mar 2022 22:16:39 GMT

GET
DATA 200
OK truncated
/ Frame 985B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d23cfef2cad9bf87982cfc07235f97b44be8ebb31f637c85822262131e9fb8e1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F512 143 B
163 B 40ms
39ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 30 Dec 2021 11:04:54 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 904
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F512
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

101ms
100ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 30 Dec 2021 11:19:58 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 30 Dec 2021 11:19:58 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 30 Dec 2021 11:19:58 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame 9D87 35 KB
13 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 00:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38538
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 00:37:40 GMT

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame 504C 35 KB
13 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 00:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38538
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 00:37:40 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame D22A 2 KB
1 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=3072855283&pi=t.aa~a.3115621905~i.35~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=1&bdt=1776&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280%2C730x280&nras=4&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=4655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=cjUXKqOrcC&p=https%3A//zatusim.com&dtd=89

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 10:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1352
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 10:57:26 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D22A 119 KB
36 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 11:19:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame D22A 15 KB
6 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:08:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 693
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 11:08:25 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 38C1 2 KB
1 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 10:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1352
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 10:57:26 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 38C1 119 KB
36 KB 78ms
77ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 11:19:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 38C1 15 KB
6 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:08:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 693
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 11:08:25 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D22A 0
0 83ms
82ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C8gEJ3pXNYdzXAZ_pj-8PjaGM2AbJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTc2OTU4MDQ5NTgwMzcwOTegAdW20uoDyAEJqQL0645VT_2yPqgDAaoE8QFP0PpEWKBBBRZioYsUxeLR1mpOAWG1pkN6IiSNLFP8zsg1h6ufTjpJJI_ZoHXCjZEuuLo7ec8TXSZZA66tcDYl6AaQSTyr6atYEtrxPth-QNXeLUuZxY6gcilfqq3IsjksYfCo-BIbfSqLBLAbZPlX7srvUUWuR8ljfD9Xfs4LpwJkHINdDnBiMZjqJJEt7XKQ1x_9_qXhnk3u9NEKLFtg3triWa6CZX3DNpOqiIPGFJUhoxn47yLGQF5bsxIih0VNPhcmsniYe0RwGqJjyV_54nfP5aNbSwWBAXlqhgx_XWfIqDJEY-h-XMoAn-9pQpNcgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNzY5NTgwNDk1ODAzNzA5NxgA&sigh=8AkIZMmvRtY&uach_m=[UACH]&cid=CAQSOwCNIrLMkhUQ5JnCHCxtaL45qoA-J7BhVfXM9x29bL-UQlPiT1fwJ7YVJ371_BSO0zewNJhFqY3yBUmoGAE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=3072855283&pi=t.aa~a.3115621905~i.35~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=1&bdt=1776&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280%2C730x280&nras=4&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=4655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=cjUXKqOrcC&p=https%3A//zatusim.com&dtd=89
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Dec 2021 11:19:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame D22A 0
0 49ms
48ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=UsDUEcz6RNoFmAKdg2ICAgAAANQ3QwhQEuptCg1dAhDelc1hW8EVdsdDxkTdOVgAEg&wp=Yc2V3gAAa9wH4_SfAAMQjdBpC37l6Gb-8LlubQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
server: Kestrel
server-processing-duration-in-ticks: 185657
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame CDBA 176 KB
52 KB 175ms
174ms Document
text/html 2a02:2638:1::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yc2V3gAAa9wH4_SfAAMQjdBpC37l6Gb-8LlubQ&u=%7CdGVh7OnjQKvUHoP3A%2FwtpUCBLMBI2CxaXeFBmk2%2BmWs%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wfKC8Jaasunnb7lXej_Vvy6EkBWqE9Z3NGfRuTXqpF2fqIPkjM227lRb5yTf7CiRlRI9UAX9rRBM5GPL9FZl46IXdrLXUm5WrJMMl1714OdBNxMtlpdF3ihSVP4xg1_1bIpCHWcW_hC6cjqg-f0uD_5zeMrHqXCuu9zQT1YRQxbxSJ2779lnFtArxiJ4Q1mnfsSVTVRZ5VFNuJ1YmrL3kgypwtwTUSIKsCghbWJRLISKkF_EOIvuasgw1-1n0Jz0X4cQ_HK2aLLT5OSkpKAjqLDeVmTZ1oLrXvQifrbjB43PVbSsOVwGjZxv0KO9JKB43ngDEGVYKwh6xguHySuVVhxxbz2ayv7UZ6zbIIBcEfKm5oWo8n1s2PiOybJuWJCcbVmvQA-d7AU_X1ptjKxnLj-fWZNfZ8htrWke-ppBCsXPGZjiSV5R15kXmmQB22rIyn8oiZt8w_VVg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAIE83pXNYdzXAZ_pj-8PjaGM2AbJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTc2OTU4MDQ5NTgwMzcwOTegAdW20uoDyAEJqQL0645VT_2yPqgDAaoE9AFP0PpEWKBBBRZioYsUxeLR1mpOAWG1pkN6IiSNLFP8zsg1h6ufTjpJJI_ZoHXCjZEuuLo7ec8TXSZZA66tcDYl6AaQSTyr6atYEtrxPth-QNXeLUuZxY6gcilfqq3IsjksYfCo-BIbfSqLBLAbZPlX7srvUUWuR8ljfD9Xfs4LpwJkHINdDnBiMZjqJJEt7XKQ1x_9_qXhnk3u9NEKLFtg3triWa6CZX3DNpOqiIPGFJUhoxn47yLGQF5bsxIih0VNPhcmsniYe0RwGuBh6M1-bevcWj9P6NW8p4FjkgbJV0nQKoaMXk6M49Qsh2rDxoDj8V0cgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_011UYQ7D9OaZuhqUCJTZOQFmzoBQ%26client%3Dca-pub-7695804958037097%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

13de4eae43e2f39a0830eddafe6825e480c112ce75f2c34f7255cae0db894552

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=fcYY-i6V3Q5tA3f_njb9Fs-pCSmRAf9YhlQHStHni5qAVW9Ud1Jz3vsOqzNGaIr_RSWpY3RzNmHzy5X5c-5nLRP6zRjiY1tDJKQ9eo5HpHV7393RSNl1kRVb0vVhmolrLT2JTfgsWW7iFLGKw-2KJyilTH4idUjXic7a-llXo2FwNkIhz9VSGoJQvqERSWDQ6wFL1csPXajk5RLZ68ANeKpvaHgy6W9OSOWWHA7BrebZeSphJiSk5oR-6NJCJzAVJnhjm3offVrCveoZ"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 124187070
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 46FB 1 KB
752 B 34ms
33ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 29 Dec 2021 13:26:12 GMT
expires: Thu, 30 Dec 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 78826
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 032A 2 KB
1 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 10:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1352
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 10:57:26 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 032A 119 KB
36 KB 81ms
81ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 11:19:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 032A 15 KB
6 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:08:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 693
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 11:08:25 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 032A 0
0 50ms
49ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT1h0aFXJAfKDVf24Lv5RslMCxomm7ylpJ1jeFPTyRauyxIAmiolU84gEtXwVJky1o9xXKiB1DoU9LSAADUmNhXFWlF7Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 38C1 0
0 85ms
84ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C0UBM3pXNYYKsAeGkzLUPt7yF-ATJntKxXPXalvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTc2OTU4MDQ5NTgwMzcwOTegAdW20uoDyAEJqQJONYqLVgCzPqgDAaoE8QFP0Arn962HsdsoRpkgF4FiWiZ4nqlywLzQGXgIvxhtblLGLzwulzH39gmjNXPXIDZ7JagQc-sCKM1mB5xJSG8JW8b0w06FgN_B2yUJTEMEQ2IHIGQbzapqJX27KHDfdo4kCMLOENni9At199WGb_BKx1dtKmpZJqBr6RINlJPnI1etOjxInYjUgVh7ISehELdLPElJQ3BG6EW4XZBs7NhZGFXly4BsU4jOeisOmlFG8dL0_LpYPZtebDAsAitGW5eo6bSK-VfzusgbftQZ4AJB7m2Qhu2EiC7EzGak12Vs_ep1ao84LtWGmO9tbBemuCMcgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNzY5NTgwNDk1ODAzNzA5NxgA&sigh=cEQ0QbuL-Nk&uach_m=[UACH]&cid=CAQSOwCNIrLMViIgOgitEXexvE2M7pREAXsrrrB0DvckS0Knd78gc26ajaXlEja6DQFezIVpaDjNFICKBevPGAE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Dec 2021 11:19:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 38C1 0
0 50ms
49ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=UsDUEcz6RNoFmAKdg2ICAgAAANQ3QwhQEuptCg1dAhDdlc1h9pqdu7XRE41gDO8AEg&wp=Yc2V3gAAVgIAsxJhAAFeNyR-U1k9e8mwJStBVQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
server: Kestrel
server-processing-duration-in-ticks: 279637
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 8334 144 KB
46 KB 226ms
226ms Document
text/html 2a02:2638:1::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yc2V3gAAVgIAsxJhAAFeNyR-U1k9e8mwJStBVQ&u=%7CdGVh7OnjQKsfQspz%2BsHoAnbINBXuJM3LrMoVA0NS85M%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wfKC8Jaasunnb7lXej_Vvy6EkBWqE9Z3NGfRuTXqpF2fm6V52h-jlKrnt4pdWVouHrJ75NwpQD6FR6VsCKZe2p2KPzDbrAh0Q5nYRa2FBRP5WIWq50ibklhLQ7pEfeKEit6PYVwD5n2D7Ns0BPvbM3041MRSrE7mduaFgOBL4xpvJfkMoP3f_js-GUUz8XA66hA4nyuqEUzYsnfUogFou31KULnjrBuYb1h4aDRYemD1u5dK6jOuLGm_aMDKueiIcl_8E4fmBhDmYN92fjZsJTnig1YEfIQJwSR2RGBUuY9i91LBw3LJsz-UWd2dMTBZYsute8UkTTWrujvv2pnF4nF_EOotpR9ZpQQqoL6MQYEptFBqZiivUYMipzfKXRIGknDQ4yWT6zDDTR3KIGfi7YOSuRV9MoesVxtphZxQ5W2id-d6K6IgX396b5G76231-mpmNk_fgpNjg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCWHpE3pXNYYKsAeGkzLUPt7yF-ATJntKxXPXalvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTc2OTU4MDQ5NTgwMzcwOTegAdW20uoDyAEJqQJONYqLVgCzPqgDAaoE9AFP0Arn962HsdsoRpkgF4FiWiZ4nqlywLzQGXgIvxhtblLGLzwulzH39gmjNXPXIDZ7JagQc-sCKM1mB5xJSG8JW8b0w06FgN_B2yUJTEMEQ2IHIGQbzapqJX27KHDfdo4kCMLOENni9At199WGb_BKx1dtKmpZJqBr6RINlJPnI1etOjxInYjUgVh7ISehELdLPElJQ3BG6EW4XZBs7NhZGFXly4BsU4jOeisOmlFG8dL0_LpYPZtebDAsAitGW5eo6bSK-VfzusgbfpYbwZDGYfGDOXGQK_75ap6tw2_a98Rt6DvwE3N0J_FBdJIMPDCj8wONgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3CxbqpIVVJ1zifzNDGUXAUOqca2A%26client%3Dca-pub-7695804958037097%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

47d548021e32329e593c23aa28cd91cb453436e71b3c5851723c12f5c7acb7bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=rF2FAy6V3Q5tA3f_vWfP18368nz1qNN2jkgbsEydru3BF_Zo1aLmh6EL5OB1OzLaePqEWyUaw8S9ewH9PlthE-qGTjlt0GADsbpWIMccQPu9tKITKfsn4PmG08d9Ma188MnGbamXiX3pXlKNrwN8R2ifOHOl6JiYe3lutOp8H2T7oyhHtrc9DjspogqIFLYRtrOzJtbDjhcS-3K54Ou-JrJbEICwRtxVOUoNU3SqYGy8S4BMWBBCeBcmluHihe1jVYosKw"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 127564295
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9909 1 KB
752 B 39ms
39ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 29 Dec 2021 13:26:12 GMT
expires: Thu, 30 Dec 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 78826
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 032A 0
0 81ms
81ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=COtmK3pXNYY2LAYb3j-8Pg9KNgAbJntKxXLWY49aTAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03Njk1ODA0OTU4MDM3MDk3oAHVttLqA8gBCakC9OuOVU_9sj6oAwGqBPEBT9BBTASqhFA2e-lr0Yqvyof0WqEPfXYEy9YuTanEBjzDAJIne8ePBMVnXZzuK1cORd3RgXYQljuO_RhL7v8bBC9q5bDEehvKX7zjDd4Oql5EwvH0Rz0v5fVLR1_SZeSdd5Hqova25erjek7rHTbJd1ypnSDkDIdCiP5rwKFAjcgDwWahqU6UXWA3EvlB9m7W0RM2Qv70FNmCyb-bcrJG8TNA8lmoeEv7279o5bQ3DO9UUHWKe9Nhh_f_tQs4DUhP6BFeELUU3UPq39fNJlZf6I14dgpLzF1xI4L77ZyYvk4Ca6DbElcr-pzfS49YPm040IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTc2OTU4MDQ5NTgwMzcwOTcYAA&sigh=KKsXejdMsk4&uach_m=[UACH]&cid=CAQSOwCNIrLMwV2LJUGgnAFAe2bD2n367rpl0hV3OHGyQ3NaC82XcLqLpAqzKkOY7x-K-iP28ZwRLu7RaLQfGAE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Dec 2021 11:19:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame 032A 0
0 240ms
56ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=UsDUEcz6RNoFmAKdg2ICAgAAANQ3QwhQEuptCg1dAhDelc1h0qiAnZpWqHSlOa0AEg&wp=Yc2V3gAARY0H4_uGAANpAwGqMjF9BVIpJ7pbYg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:57 GMT
server: Kestrel
server-processing-duration-in-ticks: 298191
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 3815 943 B
1 KB 835ms
835ms Document
text/html 2a02:2638:1::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yc2V3gAARY0H4_uGAANpAwGqMjF9BVIpJ7pbYg&u=%7CdGVh7OnjQKso%2B1%2BSjNVXbkRZWOsE4%2BMQRY%2F9mNfkWbw%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wfKC8Jaasunnb7lXej_Vvy6EkBWqE9Z3NGfRuTXqpF2fmbHNfNTreU3NO_J0wJsHdZuPDRScViHHG2C4LOAqujIGEx87X87-s8O1cqsxf6NFXt-P0d97a3M0axHwz4BlgfS3DujbD1S3ia5IyeMvw1RfnL23T6CRoejlyc-tsvH6_X0_Sj8SJ8W7ALE9IzYd9ujiMbeigtHccVk0BvK-mcqThWQwpybpSK3rMUHCIEOJ8zdYn17y-aglO_zhuo8ni3csnrXS9SuZ_k1u-LJKOT-vBgKCiza1ICEyfX4D9ghZk6AOLfDgyMj_BtMVEG8ciAlvYVEmMOHo6wbz-J7L7F4fppYZa8WedvVfMp75U-F5rrJaZLbMepAHddPdofaE-PXUxQHQV8ANwsHjkXApdMcmrAmY4fCd2z9weV1SLYnYFi_dXxiGAoBSYOgJub36I3duNERg3Z5gpUUfQT5CPHH&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCswab3pXNYY2LAYb3j-8Pg9KNgAbJntKxXLWY49aTAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03Njk1ODA0OTU4MDM3MDk3oAHVttLqA8gBCakC9OuOVU_9sj6oAwGqBPQBT9BBTASqhFA2e-lr0Yqvyof0WqEPfXYEy9YuTanEBjzDAJIne8ePBMVnXZzuK1cORd3RgXYQljuO_RhL7v8bBC9q5bDEehvKX7zjDd4Oql5EwvH0Rz0v5fVLR1_SZeSdd5Hqova25erjek7rHTbJd1ypnSDkDIdCiP5rwKFAjcgDwWahqU6UXWA3EvlB9m7W0RM2Qv70FNmCyb-bcrJG8TNA8lmoeEv7279o5bQ3DO9UUHWKe9Nhh_f_tQs4DUhP6BFeELUU3UPq39ePJHfNbwLkZbXX2P6hHiQD5IiSCEQscyJv2mqNCCPBZ5fdlOkrb5YA04AG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0lhRjrVjjVJjgdtCDb3kfnJ7ExtQ%26client%3Dca-pub-7695804958037097%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

15f72dfc94aee5fed8ce3f545f0fee13abd80dc8e8d2b970812762d64ab6eaa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 801614006
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1A0E 1 KB
752 B 41ms
41ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 29 Dec 2021 13:26:12 GMT
expires: Thu, 30 Dec 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 78826
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dpixel
cms.quantserve.com/ Frame 46FB 35 B
463 B 177ms
45ms Image
image/gif 2620:116:800d:21:fcb8:22d2:d390:5f1b
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEF9eXO2NKuNuP67OkjKbB3M&google_cver=1&google_push=AYg5qPJ13FbE1WCDN8NBa3hUo22NXK-mIelegd1wnyD4YKV05Xclfree8uQjdV1Tlgr6u81-tGgS0kGTFCy3z-98PqipoHZvYg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:fcb8:22d2:d390:5f1b , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 46FB
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPI42KNrGfTWMM9SL-SpkXWo0qy_HDCMyN5SLKmNp-fGpBhIV6lGZx2Tq3ur3JL_XjdTjJ8gp8ZwI09S2jJgugdU0wUurA&google_gid=CAESEA9KePgAsLtx0pI8iqP-pvg&googl...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCN6rto4GEgUI6AcQAEIASm5nb29nbGVfcHVzaD1BWWc1cVBJNDJLTnJHZlRXTU05U0wtU3BrWFdvMHF5X0hEQ015TjVTTEttTnAtZkdwQmhJVjZsR1p4MlRxM3VyM0pMX1hqZFRqSjhncDhad0kwOVMyak...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwNzNlM1lNTXJMQi1MN1JMaFpTRVlIck96RlhNMUcwc3JwUEtNVVFGWk8xYw==&google_push

170 B
188 B

59ms
45ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwNzNlM1lNTXJMQi1MN1JMaFpTRVlIck96RlhNMUcwc3JwUEtNVVFGWk8xYw==&google_push

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 30 Dec 2021 11:19:58 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwNzNlM1lNTXJMQi1MN1JMaFpTRVlIck96RlhNMUcwc3JwUEtNVVFGWk8xYw==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 46FB
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPK7mJpC...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPK7mJpC...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMzAxMTE5NTkwMDA1MjkzNjc0NjA0NA%3D%3D&google_push=AYg5qPK7mJpCZi1L1XfQTegjzhhlaAgCX64Exv43wbwm84Ib0oJJmLyjQEKLJ3cZdhnJ-v...

170 B
188 B

37ms
36ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMzAxMTE5NTkwMDA1MjkzNjc0NjA0NA%3D%3D&google_push=AYg5qPK7mJpCZi1L1XfQTegjzhhlaAgCX64Exv43wbwm84Ib0oJJmLyjQEKLJ3cZdhnJ-vbRy1MSFKtbtGKINyd9P6xX8bbjwiU

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMzAxMTE5NTkwMDA1MjkzNjc0NjA0NA%3D%3D&google_push=AYg5qPK7mJpCZi1L1XfQTegjzhhlaAgCX64Exv43wbwm84Ib0oJJmLyjQEKLJ3cZdhnJ-vbRy1MSFKtbtGKINyd9P6xX8bbjwiU
pragma: no-cache
date: Thu, 30 Dec 2021 11:19:59 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Thu, 30 Dec 2021 11:19:59 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 46FB 43 B
351 B 178ms
55ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJ1ZEK9oXl5B1Mi9amE_tFQ&google_cver=1&google_push=AYg5qPKu4LmuDsWfMb3rBcm0Ajq0AiOPxeSQyUPB9dzAjL6wNCRbc6qXs4lwbw7o-T1Iut0rxUwqQhTRPUZBg0RbFM5PqMraq0I
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=3072855283&pi=t.aa~a.3115621905~i.35~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=1&bdt=1776&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280%2C730x280&nras=4&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=4655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=cjUXKqOrcC&p=https%3A//zatusim.com&dtd=89
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: jnovp3tv84jflt90900ce7uth2vs1365

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 46FB
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=jdXEA-ozSVqy27KuvXPZHQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

57ms
56ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=jdXEA-ozSVqy27KuvXPZHQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKdzbUuaoKxR8FmdBfMFwR33g8pY1jfy-t0z8Qx3W2ReQU7Uo19ZTGNapWvdijRnye1XQ_kkkI_A4_n46u6pk4iQoyVDMg

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=jdXEA-ozSVqy27KuvXPZHQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKdzbUuaoKxR8FmdBfMFwR33g8pY1jfy-t0z8Qx3W2ReQU7Uo19ZTGNapWvdijRnye1XQ_kkkI_A4_n46u6pk4iQoyVDMg
date: Thu, 30 Dec 2021 11:19:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 46FB
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENsKZBekkIOAoZ7OPcevdAU&google_cver=1&google_push=AYg5qPKqcfZ6eMOBXNE5u2JYVwyyUZEpxl4UpSW4VHTIg7srvKTl18-hLLM4D0OSDa7nh_xpvav...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hTVktaNTctVC03VUVJ&google_push=AYg5qPKqcfZ6eMOBXNE5u2JYVwyyUZEpxl4UpSW4VHTIg7srvKTl18-hLLM4D0OSDa7nh_xpvav4wEv8p5etRnzoV5rITG5n1Hs

170 B
188 B

98ms
47ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hTVktaNTctVC03VUVJ&google_push=AYg5qPKqcfZ6eMOBXNE5u2JYVwyyUZEpxl4UpSW4VHTIg7srvKTl18-hLLM4D0OSDa7nh_xpvav4wEv8p5etRnzoV5rITG5n1Hs

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hTVktaNTctVC03VUVJ&google_push=AYg5qPKqcfZ6eMOBXNE5u2JYVwyyUZEpxl4UpSW4VHTIg7srvKTl18-hLLM4D0OSDa7nh_xpvav4wEv8p5etRnzoV5rITG5n1Hs
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 46FB
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu...

0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 46FB 0
40 B 141ms
48ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LHxJcZJEYT8Z6kYlTLgvnLqP1gA9BuqdMdcExwgmAa4ziT-bE5ZyKl2zwCdRRUlGsy8j6d

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 9909 35 B
462 B 173ms
45ms Image
image/gif 2620:116:800d:21:fcb8:22d2:d390:5f1b
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEF9eXO2NKuNuP67OkjKbB3M&google_cver=1&google_push=AYg5qPKmvANpsN3j4xlRQcu-6OSUpKCWNROnoXwxI082KwmmmbEdKaX-6_mA05dBzwGutUllUCfinnpo4fD2jRi6Ubmn6t4qe6s

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:fcb8:22d2:d390:5f1b , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9909
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIosaGS...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIosaGS...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMzAxMTE5NTkwMDAzODA0MDM3NjQyOA%3D%3D&google_push=AYg5qPIosaGSnK_Ray7PVT-5oDrGlc4Ums_DbPkEXZOfNbz55qkmsoYyxSr2O68LU-Cu2s...

170 B
188 B

38ms
38ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMzAxMTE5NTkwMDAzODA0MDM3NjQyOA%3D%3D&google_push=AYg5qPIosaGSnK_Ray7PVT-5oDrGlc4Ums_DbPkEXZOfNbz55qkmsoYyxSr2O68LU-Cu2sVPtMvlCxySWu4m3Ua3Xs6T8PF7C1g

Requested by

Host: zatusim.com
URL: https://zatusim.com/celebration/clbr_ny/scenariy-novogo-goda-dlya-semi.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMzAxMTE5NTkwMDAzODA0MDM3NjQyOA%3D%3D&google_push=AYg5qPIosaGSnK_Ray7PVT-5oDrGlc4Ums_DbPkEXZOfNbz55qkmsoYyxSr2O68LU-Cu2sVPtMvlCxySWu4m3Ua3Xs6T8PF7C1g
pragma: no-cache
date: Thu, 30 Dec 2021 11:19:59 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Thu, 30 Dec 2021 11:19:59 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 9909 43 B
324 B 209ms
47ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESED5aZl9kpNSL_w8ZToD-Afs&google_push=AYg5qPJAvr8DgvKpiFwU6Ufd8O6bnbqJ8hmCwjnlAkbuIpNBnB0tqIOQqVvz_Rv6PJjxhwpKfbQ9BGZCMYGLz8DALJvgPJgY3jc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 9909 43 B
133 B 174ms
56ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJ1ZEK9oXl5B1Mi9amE_tFQ&google_cver=1&google_push=AYg5qPKJKO-hspAQ8jCm1GIAEs4GvL2kcb7Gs7Qm35Jr7_oyp-kQVXK3C7qIycDO1QstiT9c3iX--MtABbAYB0Frjr4E4askXbk
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:57 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 8oor6f2ab8cda6ci3m6rabk6mp89o4od

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9909
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=iT-hPPCuTPmRFVEwwWoDPw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

59ms
59ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=iT-hPPCuTPmRFVEwwWoDPw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJl6TYrkv-haVr4YDv6RkDT_1Pj6sDMqnKtS76Mqj68jYkKpiRqp4qhO6houqQSmjrRCJqKJ4NlvrpF5VT5dL-Mh9ELdg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=iT-hPPCuTPmRFVEwwWoDPw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJl6TYrkv-haVr4YDv6RkDT_1Pj6sDMqnKtS76Mqj68jYkKpiRqp4qhO6houqQSmjrRCJqKJ4NlvrpF5VT5dL-Mh9ELdg
date: Thu, 30 Dec 2021 11:19:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9909
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENsKZBekkIOAoZ7OPcevdAU&google_cver=1&google_push=AYg5qPLKlHMiGDrwwORrDcNmYg2bC9BHEPYaIP26prqqS6HZNA0b0cST5eD4iMQDBbJNsqSxkjE...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hTVktaNUItQS1KMDc2&google_push=AYg5qPLKlHMiGDrwwORrDcNmYg2bC9BHEPYaIP26prqqS6HZNA0b0cST5eD4iMQDBbJNsqSxkjEiPOMEevoXuro12NJv845-Cgw

170 B
188 B

66ms
44ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hTVktaNUItQS1KMDc2&google_push=AYg5qPLKlHMiGDrwwORrDcNmYg2bC9BHEPYaIP26prqqS6HZNA0b0cST5eD4iMQDBbJNsqSxkjEiPOMEevoXuro12NJv845-Cgw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hTVktaNUItQS1KMDc2&google_push=AYg5qPLKlHMiGDrwwORrDcNmYg2bC9BHEPYaIP26prqqS6HZNA0b0cST5eD4iMQDBbJNsqSxkjEiPOMEevoXuro12NJv845-Cgw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 9909
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlX...

0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 9909 0
232 B 136ms
48ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J_sx56BocVMP6VcbsTK51sqhSq9nHMUkYNDawqczCVJIyXMyj1LpAvI1kSJ5zmj9qjzk8u

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=2553571328&pi=t.aa~a.3115621905~i.21~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0%2C730x280&nras=3&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2938&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=P6D23aGnNq&p=https%3A//zatusim.com&dtd=82

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame D22A 206 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 18cb62e1f68ccda7683de8485eab7c698fcb54483b9c99d064237237623e81d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 82BA 42 B
64 B 120ms
74ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvnEihEN06W2kB8wgI5ZjhQ65MtytGrawRDVCMh2dxbpwYLEgYHPrzCddkNtdTraWZJr-BnN0PrMYKpRYhSVJZR&sig=Cg0ArKJSzEmtsnGVBBXsEAE&id=lidar2&mcvt=1007&p=0,0,280,1100&mtos=1007,1007,1007,1007,1007&tos=1007,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2148637027&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1640863196702&rpt=878&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 38C1 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bbab8b575815d1f0dfdf2660b0195bfd86943cc16f624bae271c51078a9a5240

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 032A 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f280bc98ee853ef1d62830f52f051392740b07eef3a265226e735e4e6be673dd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 1A0E 35 B
462 B 106ms
48ms Image
image/gif 2620:116:800d:21:fcb8:22d2:d390:5f1b
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEF9eXO2NKuNuP67OkjKbB3M&google_cver=1&google_push=AYg5qPKWO4GIquI_se4FHt2nEZlzSIszjJi-IwkxsCA42VxJdyJc0dZm_3WeBdLB5Dc_XcuxC-P4q84rYCL3XQrfFvLhhs2FXtY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:fcb8:22d2:d390:5f1b , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1A0E
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPK6_vG9W2kzg0N5CfbXK4xZbKUcc64rdbsNv7u...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWMyVjNnQUFBRUNjVHg5cg&google_push=AYg5qPK6_vG9W2kzg0N5CfbXK4xZbKUcc64rdbsNv7uRV9eFHnNZ6ivqAw3qQ79JYlfBJ7jP5uGILcTt1WxkJv90TAzSAVqcJj0

170 B
188 B

50ms
48ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWMyVjNnQUFBRUNjVHg5cg&google_push=AYg5qPK6_vG9W2kzg0N5CfbXK4xZbKUcc64rdbsNv7uRV9eFHnNZ6ivqAw3qQ79JYlfBJ7jP5uGILcTt1WxkJv90TAzSAVqcJj0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWMyVjNnQUFBRUNjVHg5cg&google_push=AYg5qPK6_vG9W2kzg0N5CfbXK4xZbKUcc64rdbsNv7uRV9eFHnNZ6ivqAw3qQ79JYlfBJ7jP5uGILcTt1WxkJv90TAzSAVqcJj0
Date: Thu, 30 Dec 2021 11:19:58 GMT
Server: Apache
Connection: keep-alive
Content-Length: 390
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 dds
rtb.openx.net/sync/ Frame 1A0E 43 B
134 B 105ms
56ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJ1ZEK9oXl5B1Mi9amE_tFQ&google_cver=1&google_push=AYg5qPLGQQXpH6AUR0LmtCK_geHXYnZre5NAef_h1IXxwCsdtCQ6MlDlou-P31tat9Q3lFQzybegzcBMOWIHrhbIAXYhEaHOzyc
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: e92vlohlm1t9mk7bk7iqnb1utko2i7se

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1A0E
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=osZeMcYYSoaI7jkNj8wYYA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

59ms
58ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=osZeMcYYSoaI7jkNj8wYYA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLrtLjr4U3oBt-RjxIHz69lOEC1bsRWKdTyxrMX1ND10isRXnQNbJakUOAfAY536vVaR7aYuut2T6yZhNjlQDhCBFCl_Ow

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=osZeMcYYSoaI7jkNj8wYYA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLrtLjr4U3oBt-RjxIHz69lOEC1bsRWKdTyxrMX1ND10isRXnQNbJakUOAfAY536vVaR7aYuut2T6yZhNjlQDhCBFCl_Ow
date: Thu, 30 Dec 2021 11:19:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1A0E
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENsKZBekkIOAoZ7OPcevdAU&google_cver=1&google_push=AYg5qPLPJN6ZADuU7bG62m98Uua6XkG0ADFoqHO-PxbE3IU_NuMUTwlUEPcb6scLGE6nDWm0ITD...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hTVktaNlUtSy03VjBG&google_push=AYg5qPLPJN6ZADuU7bG62m98Uua6XkG0ADFoqHO-PxbE3IU_NuMUTwlUEPcb6scLGE6nDWm0ITDuu8whH0uAp8ekvJD5FUkrVoM

170 B
188 B

48ms
46ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hTVktaNlUtSy03VjBG&google_push=AYg5qPLPJN6ZADuU7bG62m98Uua6XkG0ADFoqHO-PxbE3IU_NuMUTwlUEPcb6scLGE6nDWm0ITDuu8whH0uAp8ekvJD5FUkrVoM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hTVktaNlUtSy03VjBG&google_push=AYg5qPLPJN6ZADuU7bG62m98Uua6XkG0ADFoqHO-PxbE3IU_NuMUTwlUEPcb6scLGE6nDWm0ITDuu8whH0uAp8ekvJD5FUkrVoM
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 1A0E
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 1A0E 43 B
296 B 389ms
50ms Image
image/gif 2a05:d01c:1d8:8102:af9a:78a3:719c:55d1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEPyzJiw0RQF17mbi9hNn9ys&google_cver=1&google_push=AYg5qPIicfhi2x2LUdZ7OnksrGS5Fk3A880KBg8TrC6SeUQL6tP9keZPR7mmzHenIsukFEvCD9_kvAKctpNQIdt5qu7dbsOinNA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:af9a:78a3:719c:55d1 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 1A0E 0
49 B 67ms
49ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LiwLjZH6APTLiKQVxLLDIHMCc_e8G2lnG9C6jkBJ26BpT_LH9lq4qXVuDOKOtcjKRS7QDs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=280&adk=3241034920&adf=365218749&pi=t.aa~a.3115621905~i.17~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1640863197&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6768540064&psa=1&ad_type=text_image&format=730x280&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863197860&bpp=2&bdt=1776&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D46f748742ad4fcd3-220af85412cd000a%3AT%3D1640863196%3ART%3D1640863196%3AS%3DALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ&prev_fmts=1100x280%2C300x600%2C0x0&nras=2&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&psts=AGkb-H8Ezf5oJe9mBee6m4NJNYHLRT1MFFyorQCTOM0JN1Zl5YNYD7whskgg7nlz8BAQavuommSkZN5g-rVL%2CAGkb-H8qZPNpzRZShqVM6yMMvUNfqgAdGQKA9RzqKcJJVOzIvsyGEzifwS1wfkKEMtsBEpF5SQ2eZoLZ8f3SqQ&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=dCXgca7Fll&p=https%3A//zatusim.com&dtd=50

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame CDBA 2 KB
1 KB 62ms
62ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yc2V3gAAa9wH4_SfAAMQjdBpC37l6Gb-8LlubQ&u=%7CdGVh7OnjQKvUHoP3A%2FwtpUCBLMBI2CxaXeFBmk2%2BmWs%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wfKC8Jaasunnb7lXej_Vvy6EkBWqE9Z3NGfRuTXqpF2fqIPkjM227lRb5yTf7CiRlRI9UAX9rRBM5GPL9FZl46IXdrLXUm5WrJMMl1714OdBNxMtlpdF3ihSVP4xg1_1bIpCHWcW_hC6cjqg-f0uD_5zeMrHqXCuu9zQT1YRQxbxSJ2779lnFtArxiJ4Q1mnfsSVTVRZ5VFNuJ1YmrL3kgypwtwTUSIKsCghbWJRLISKkF_EOIvuasgw1-1n0Jz0X4cQ_HK2aLLT5OSkpKAjqLDeVmTZ1oLrXvQifrbjB43PVbSsOVwGjZxv0KO9JKB43ngDEGVYKwh6xguHySuVVhxxbz2ayv7UZ6zbIIBcEfKm5oWo8n1s2PiOybJuWJCcbVmvQA-d7AU_X1ptjKxnLj-fWZNfZ8htrWke-ppBCsXPGZjiSV5R15kXmmQB22rIyn8oiZt8w_VVg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAIE83pXNYdzXAZ_pj-8PjaGM2AbJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTc2OTU4MDQ5NTgwMzcwOTegAdW20uoDyAEJqQL0645VT_2yPqgDAaoE9AFP0PpEWKBBBRZioYsUxeLR1mpOAWG1pkN6IiSNLFP8zsg1h6ufTjpJJI_ZoHXCjZEuuLo7ec8TXSZZA66tcDYl6AaQSTyr6atYEtrxPth-QNXeLUuZxY6gcilfqq3IsjksYfCo-BIbfSqLBLAbZPlX7srvUUWuR8ljfD9Xfs4LpwJkHINdDnBiMZjqJJEt7XKQ1x_9_qXhnk3u9NEKLFtg3triWa6CZX3DNpOqiIPGFJUhoxn47yLGQF5bsxIih0VNPhcmsniYe0RwGuBh6M1-bevcWj9P6NW8p4FjkgbJV0nQKoaMXk6M49Qsh2rDxoDj8V0cgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_011UYQ7D9OaZuhqUCJTZOQFmzoBQ%26client%3Dca-pub-7695804958037097%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:58 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame CDBA 2 KB
1 KB 49ms
49ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:58 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame CDBA 308 B
636 B 57ms
56ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 25 Dec 2022 11:19:58 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame CDBA 507 B
835 B 53ms
52ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 25 Dec 2022 11:19:58 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame CDBA 43 B
372 B 55ms
54ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=5d2BHAHbIRnoGeKlU3uCLY8ITtPRW9RylPj03jIwc4NeVOdSzz8YT17r_XIhGHktpNJV25vFTyoPldR76Onx5osjeggeXdDcgKsd-s_SrhPFmlV98iSEJe3DE-a_v_lHjF9Rk7mWgmfnhWxU5wsWEFeFzuA9LiIp-C27Z3R3gohP6jteXDtt-rNFIF8vgsr_eSvQ0I60kyj8kWgdDmCyRbNg6zhVoEgjMq0dlYAooMyw2vFfsZ-lix9cJDBSwLqUQDon9CbhhoDfIag3rqTNdZg43M9eEhlkcbfaCIBIZwW9FMeOT1-aCxEJZ0k137OHwwT1w1UT4ghmCSvXk2qcR34uz-80pc6cbLkDDf6XRWEiTZdDrZ7PJ6veGF5JYlAUVBmDSG-ucopSUwY8Mq9SnmTeR9efltIxXQHIsbp68Uiu4nt18yFiafy9LRNILoODWuHaIw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 6729
content-type: image/gif
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame CDBA 12 KB
5 KB 114ms
61ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2384086
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EaGih%2BK1RvjbPVkSz4iMxKJJSaCInCy9jax9V5BlpXaJlBXvtAj1um5KEfJmztme4J9QikChNVzZrG%2BCsLh8jeJRgOZPEEWWJ%2FPsyAxBorfOUsi8Gmy%2BLmeImXckhHCbvg221YGZ7JlZKtBueEaeZxAT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6c5ae050391bd6d1-FRA
x-cache-tag: abcd1234
expires: Tue, 20 Dec 2022 11:19:58 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7067 0
0 80ms
79ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CzWw_3JXNYZaFM9ySzLUPv96ckAW94IGgZYOx57SrDs_33Zi6ARABIOma0wpgleKQgqAHoAGEocmoAsgBCakC9OuOVU_9sj6oAwGqBIwCT9BWgjUU5Ufg6seQ2XBtIjHMmiBtfdNCTahcMCzc60jJmZZKzCIcgJrTK6lSCHPz2sGpF7SFPtxh1o8s8YWGmLlsTLrw3nKPRAs4kbjcg8Mv8VhnXy6L7WbKYkK9hAQwoBtbpGmtbzejHqqHh6H3MQqSOIetX4RihyGqjV21Z7ymZiJOGEsZv3qg1Ea5eVlYkdjcSpwlElrGa7aLRyOoo_I85J9aMMcFZiKGXH5_rslI9h1NGI4ppyu11tvn4dBxHnRVfE8FcVyPcvB1TIK8vSjuBXjOdnofl3FxZPFklVrvn1VpT3ZEiMOBB17pZQSZDPf0ge9elAv_usO-FuDwugBSuFbI-FXs30CDQcAEr4aZisoDoAYugAfk3rbXAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEIfqAtIICQiA4YAQEAEYH4AKAcgLAdgTA9AVAYAXAbIXHAoaCAASFHB1Yi03Njk1ODA0OTU4MDM3MDk3GAA&sigh=ZGmrOROK1vU&vt=1&template_id=419&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7695804958037097&output=html&h=600&slotname=2750588245&adk=2037619514&adf=2110228848&pi=t.ma~as.2750588245&w=300&fwrn=4&fwrnh=100&lmt=1640863196&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640863196444&bpp=1&bdt=360&idt=314&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=1100x280&correlator=89095857355&frm=20&pv=1&ga_vid=1046730304.1640863197&ga_sid=1640863197&ga_hid=288300877&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=562&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062931&oid=2&pvsid=305968837697233&pem=713&tmod=295&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=V9XQ53GgvS&p=https%3A//zatusim.com&dtd=316
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Dec 2021 11:19:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7067 42 B
64 B 80ms
80ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvQOj2acKrLymwnhhrW4rldp-iL8b4X_yCpuQCplXnCJLHNsi2xHxKiHSMRUcqAtyK7_zv0_hROSoTMTgM8LaserQSI6mKsOcN0oH4FNRH5bzeAdyYmUQ&sai=AMfl-YQ12sCxOD3uemI557e53mm8z7PGRpW0Xz9n0FMx57-2YnrI3cjvgL1ZkkziHjvd-Cts5SqhEf5KEnPd&sig=Cg0ArKJSzGYjk-HuUejwEAE&id=lidar2&mcvt=1001&p=0,0,600,300&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=2037619514&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&pay=1&rst=1640863196761&rpt=956&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame CDBA 12 KB
6 KB 56ms
51ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:58 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame CDBA 11 KB
11 KB 46ms
45ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 10:38:13 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 780104
vary: Origin
x-cache: hit cached
content-type: image/png
cache-control: public, max-age=28775785
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 11345
expires: Sat, 19 Nov 2022 11:54:39 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame CDBA 100 KB
100 KB 48ms
48ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1217284-_x600-nocrop.jpg&v=3&w=800&s=JKGuXKixQvFsvQSpRjGUn_OC&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e8bc55d56e6a91cf1f2b49616567a2b3cded1016c307eb4860af703d3a5b5579

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 07:22:14 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 619064
vary: Origin
x-cache: hit cached
content-type: image/webp
cache-control: public, max-age=31491767
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 102474
expires: Thu, 22 Dec 2022 19:05:01 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame CDBA 51 KB
52 KB 86ms
85ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F189219-_x600-nocrop.jpg&v=3&w=800&s=Ox2WBTtozMNwkiNkTB3ZJneu&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

605131fac03b4f42f088844936a4d12c30d704c0b15124412f7cb845da74cc12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 16:09:53 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 155404
vary: Origin
x-cache: hit cached
content-type: image/webp
cache-control: public, max-age=31287369
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 52448
expires: Sun, 25 Dec 2022 19:06:03 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame CDBA 138 KB
139 KB 107ms
106ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1165318-_x600-nocrop.jpg&v=3&w=800&s=LzlBB40wIezU9oSbleSOY3Pn&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

0769a620ccba5a6119e7c4ac2c741513c0e5c20d1c13001caca6d838be89c8d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 19:04:08 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 663349
vary: Origin
x-cache: hit cached
content-type: image/webp
cache-control: public, max-age=31535999
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 141508
expires: Thu, 22 Dec 2022 19:04:08 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame CDBA 0
127 B 49ms
48ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=fcYY-i6V3Q5tA3f_njb9Fs-pCSmRAf9YhlQHStHni5qAVW9Ud1Jz3vsOqzNGaIr_RSWpY3RzNmHzy5X5c-5nLRP6zRjiY1tDJKQ9eo5HpHV7393RSNl1kRVb0vVhmolrLT2JTfgsWW7iFLGKw-2KJyilTH4idUjXic7a-llXo2FwNkIhz9VSGoJQvqERSWDQ6wFL1csPXajk5RLZ68ANeKpvaHgy6W9OSOWWHA7BrebZeSphJiSk5oR-6NJCJzAVJnhjm3offVrCveoZ&sds=2&rev=80000&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 30 Dec 2021 11:19:58 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame CDBA 2 KB
1 KB 46ms
46ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:58 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame CDBA 2 KB
1 KB 46ms
46ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:58 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame E37C 0
127 B 42ms
39ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 30 Dec 2021 11:19:58 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 8334 2 KB
1 KB 43ms
42ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yc2V3gAAVgIAsxJhAAFeNyR-U1k9e8mwJStBVQ&u=%7CdGVh7OnjQKsfQspz%2BsHoAnbINBXuJM3LrMoVA0NS85M%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wfKC8Jaasunnb7lXej_Vvy6EkBWqE9Z3NGfRuTXqpF2fm6V52h-jlKrnt4pdWVouHrJ75NwpQD6FR6VsCKZe2p2KPzDbrAh0Q5nYRa2FBRP5WIWq50ibklhLQ7pEfeKEit6PYVwD5n2D7Ns0BPvbM3041MRSrE7mduaFgOBL4xpvJfkMoP3f_js-GUUz8XA66hA4nyuqEUzYsnfUogFou31KULnjrBuYb1h4aDRYemD1u5dK6jOuLGm_aMDKueiIcl_8E4fmBhDmYN92fjZsJTnig1YEfIQJwSR2RGBUuY9i91LBw3LJsz-UWd2dMTBZYsute8UkTTWrujvv2pnF4nF_EOotpR9ZpQQqoL6MQYEptFBqZiivUYMipzfKXRIGknDQ4yWT6zDDTR3KIGfi7YOSuRV9MoesVxtphZxQ5W2id-d6K6IgX396b5G76231-mpmNk_fgpNjg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCWHpE3pXNYYKsAeGkzLUPt7yF-ATJntKxXPXalvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTc2OTU4MDQ5NTgwMzcwOTegAdW20uoDyAEJqQJONYqLVgCzPqgDAaoE9AFP0Arn962HsdsoRpkgF4FiWiZ4nqlywLzQGXgIvxhtblLGLzwulzH39gmjNXPXIDZ7JagQc-sCKM1mB5xJSG8JW8b0w06FgN_B2yUJTEMEQ2IHIGQbzapqJX27KHDfdo4kCMLOENni9At199WGb_BKx1dtKmpZJqBr6RINlJPnI1etOjxInYjUgVh7ISehELdLPElJQ3BG6EW4XZBs7NhZGFXly4BsU4jOeisOmlFG8dL0_LpYPZtebDAsAitGW5eo6bSK-VfzusgbfpYbwZDGYfGDOXGQK_75ap6tw2_a98Rt6DvwE3N0J_FBdJIMPDCj8wONgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3CxbqpIVVJ1zifzNDGUXAUOqca2A%26client%3Dca-pub-7695804958037097%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:58 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 8334 2 KB
1 KB 38ms
38ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:58 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 8334 308 B
636 B 40ms
40ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 25 Dec 2022 11:19:58 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 8334 507 B
835 B 41ms
41ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 25 Dec 2022 11:19:58 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame 8334 43 B
347 B 45ms
45ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=mg8V-AHbIRnoGeKlU3uCLY8ITtMV0z_xvpNjRAi1csyI9dpxmbkNQF2MtmO4aJydKQjz68fsWC5MdK_KHHSPSA7BtzurxorTWLQL4zfOyLaOijXa97_KKjhLgqJi4ytQh-gZWvP4xRalZZGg4nsosERJFlsbyeq7Qlub5lBqA0ho20rlcdlmWIdfA77p59WNcZ-875myIot5y6yzzhYjeNeehl-gedTwJx6UCb43_KOq7S4uIBERp2wLaJZfnArNXhBzyScLpedIIucJEyhhOFemop-1pfniUCfjluw-0IR4e56LYIrShb_UzqfnBQdLiNNkAZ2-GgqWtN1KqCO_thBiecwlRt70L34uUg8VB82bBInMx616q2p_lQenIZu6Mkc_OGpXb3U4aBIG1Pe86oCSlgRXlM5PNyj_hChe_J-_83Dw1I9Cw5jN3lM0Fgnp8iNkFQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:55 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2154045
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 8334 12 KB
5 KB 49ms
49ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2384086
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jZDoGSTvDHvxNthIzBp%2Bo96c0dSD0tj5cE%2BVKUQxB1H%2BWmjllCHBc4RGqOKdixs1afrsC2A4yem7Zd1aQm7YSlQKfbhxG4cYV%2FKPLnqj6Ckb%2B%2BXgpcXLliJVTUK85tYSGv7WlVQeIdIlkHmfvUBZY1ay"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6c5ae050997fd6d1-FRA
x-cache-tag: abcd1234
expires: Tue, 20 Dec 2022 11:19:58 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 8334 12 KB
6 KB 53ms
52ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:58 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8334 11 KB
11 KB 104ms
103ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 10:38:13 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 780104
vary: Origin
x-cache: hit cached
content-type: image/png
cache-control: public, max-age=28775785
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 11345
expires: Sat, 19 Nov 2022 11:54:39 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8334 56 KB
56 KB 104ms
103ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1217284-_x600-nocrop.jpg&v=3&w=800&s=JKGuXKixQvFsvQSpRjGUn_OC&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

1354022eed343fcd7baecc7e45fae0413194e071806c1472ecb12b0592f62429

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:13:23 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 659194
vary: Origin
x-cache: hit cached
content-type: image/webp
cache-control: public, max-age=31531897
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 57248
expires: Thu, 22 Dec 2022 19:05:01 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8334 69 KB
69 KB 105ms
105ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1165318-_x600-nocrop.jpg&v=3&w=800&s=LzlBB40wIezU9oSbleSOY3Pn&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

260152ce49fdbda7b0f1e2f69d61ce39ba49de9a161971192cdf63af15207dbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 19:04:08 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 663349
vary: Origin
x-cache: hit cached
content-type: image/webp
cache-control: public, max-age=31535999
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 70472
expires: Thu, 22 Dec 2022 19:04:08 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8334 44 KB
44 KB 104ms
103ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1171120-_x600-nocrop.jpg&v=3&w=800&s=McAWTV3kpIj_ZrQO3GjqNczr&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

435797ff5cacaf4ef2c9f2ec22c48f090fddaadb4bc153d2c9ce5047ecf96417

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 19:04:15 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 663342
vary: Origin
x-cache: hit cached
content-type: image/webp
cache-control: public, max-age=31535993
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 44886
expires: Thu, 22 Dec 2022 19:04:09 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 8334 0
127 B 54ms
54ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=rF2FAy6V3Q5tA3f_vWfP18368nz1qNN2jkgbsEydru3BF_Zo1aLmh6EL5OB1OzLaePqEWyUaw8S9ewH9PlthE-qGTjlt0GADsbpWIMccQPu9tKITKfsn4PmG08d9Ma188MnGbamXiX3pXlKNrwN8R2ifOHOl6JiYe3lutOp8H2T7oyhHtrc9DjspogqIFLYRtrOzJtbDjhcS-3K54Ou-JrJbEICwRtxVOUoNU3SqYGy8S4BMWBBCeBcmluHihe1jVYosKw&sds=2&rev=80000&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 30 Dec 2021 11:19:58 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 8334 2 KB
1 KB 50ms
50ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:58 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 8334 2 KB
1 KB 50ms
50ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:58 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Dec 2022 11:19:58 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame CDBA 11 KB
11 KB 92ms
92ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 10:38:13 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 780104
vary: Origin
x-cache: hit cached
content-type: image/png
cache-control: public, max-age=28775785
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 11345
expires: Sat, 19 Nov 2022 11:54:39 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame CDBA 2 KB
507 B 56ms
54ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 09:47:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 11:19:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 11:19:58 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 8334 2 KB
507 B 60ms
59ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 10:08:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 11:19:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 11:19:58 GMT

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame CDBA 44 KB
44 KB 44ms
43ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 21:17:17 GMT
x-content-type-options: nosniff
age: 223361
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 27 Dec 2022 21:17:17 GMT

GET
H3 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame CDBA 46 KB
46 KB 48ms
47ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:03:04 GMT
x-content-type-options: nosniff
age: 163014
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:11 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 14:03:04 GMT

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 8334 44 KB
44 KB 65ms
65ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 21:17:17 GMT
x-content-type-options: nosniff
age: 223361
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 27 Dec 2022 21:17:17 GMT

GET
H3 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 8334 46 KB
46 KB 68ms
67ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:03:04 GMT
x-content-type-options: nosniff
age: 163014
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:11 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 14:03:04 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8334 11 KB
11 KB 46ms
44ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 10:38:13 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 780104
vary: Origin
x-cache: hit cached
content-type: image/png
cache-control: public, max-age=28775785
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 11345
expires: Sat, 19 Nov 2022 11:54:39 GMT

POST
H3 200 zcom.json Show response
rotarb.bid/ 59 B
601 B 92ms
92ms XHR
application/json 2606:4700:3030::6815:3ba3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rotarb.bid/zcom.json
Requested by: Host: zatusim.com
URL: https://zatusim.com/wp-content/zcom.js?ver=0.3.9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:3ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2bed13c41244bdee0910f6bd45d8584229cf2afa49409475c10d39ee4e3e9cf

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 30 Dec 2021 11:19:59 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b10o%2B5sLaXY6dtLQjTazy3l9ZJYky7xjtiNMJ1jXmWO6i68MnrOciCmAUh%2FuZhrmIsQLjGS1IKVYdUpRP4zWAt2ZXoTIph%2B4NSs0LjN%2Bk%2BoFU0DR%2Fl39HoPp0WFqkLjbynit3oPFKTUu"}],"group":"cf-nel","max_age":604800}
cf-ray: 6c5ae0542feb3742-MXP
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 42ms
41ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211207&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdbcc46d97e0f4567f462315ee7d74b3baf384a0a388b0a046d0ce455c303ac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 11:19:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8536
x-xss-protection: 0

POST
H2 200 32613780 Show response
mc.yandex.com/webvisor/ 43 B
176 B 58ms
58ms XHR
image/gif 2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/32613780?wmode=0&wv-part=1&wv-hit=680550492&page-url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&rn=970988379&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1640863199%3Aw%3A1600x1200%3Av%3A722%3Az%3A0%3Ai%3A20211230111959%3Au%3A1640863197963239161%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1640863199&t=gdpr(14)ti(2)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:59 GMT
last-modified: Thu, 30-Dec-2021 11:19:59 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://zatusim.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 30-Dec-2021 11:19:59 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:19:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Thu, 30 Dec 2021 11:19:59 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 985B 42 B
64 B 67ms
66ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst798-JVNqt-Pl1GIoOnpzny5JCvV07kiCpbQNiwz8ubLNKTi2fRC466k2lIRlMwLEC_YUtfDyLx6e2TtUfYcXv15FA0mtU5OT1xCdjIMIni-RINkVmIlFFvLsY-BhrkPHiYcyuoAj9ktXMZg&sai=AMfl-YSb8Msqh5_z4L1rMu5mX8N_dUJSb-7eOZSwlpVE1sf5WoQWLe5XofTjx6cVo1ledNWs_rrn1cFvahj_cHadl95LoGl1ni_XldUW9v8tAbfr9ayOw9xQZOvCE0NecRA&sig=Cg0ArKJSzLYG4IfdXm9JEAE&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=128,794,1000,1095,1095&tos=128,666,206,95,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1640863197995&rpt=335&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 97A2 28 B
54 B 44ms
44ms XHR
application/json 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8da38e9a/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/XQ2Q0226giU?feature=oembed
X-YouTube-Client-Version: 1.20211215.00.01
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtLQldWUU5XaXgwQSjcq7aOBg%3D%3D
X-YouTube-Ad-Signals: dt=1640863196801&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C730%2C411&vis=1&wgl=true&ca_type=image

Response headers

date: Thu, 30 Dec 2021 11:19:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Thu, 30 Dec 2021 11:19:59 GMT

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 083D 28 B
54 B 42ms
40ms XHR
application/json 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8da38e9a/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/2CTwfZjXsao?feature=oembed
X-YouTube-Client-Version: 1.20211215.00.01
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtTMzJRNkZsWjBYbyjcq7aOBg%3D%3D
X-YouTube-Ad-Signals: dt=1640863196808&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C730%2C411&vis=1&wgl=true&ca_type=image

Response headers

date: Thu, 30 Dec 2021 11:19:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Thu, 30 Dec 2021 11:19:59 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 99F5 13 KB
5 KB 28ms
27ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Thu, 30 Dec 2021 11:04:52 GMT
expires: Fri, 30 Dec 2022 11:04:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 907
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9C81 783 B
534 B 37ms
36ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c78f4f130d5fb0bdbdd59c2f04d80532eff308fbfd03db01ae11c74b034482ee

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-T8OwRYZPnV1IdNpNPiseUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 30 Dec 2021 11:19:59 GMT
date: Thu, 30 Dec 2021 11:19:59 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-T8OwRYZPnV1IdNpNPiseUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9C81 0
0 61ms
61ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20211207&jk=305968837697233&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame 99F5 35 KB
13 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 00:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38539
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 00:37:40 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
24 B 64ms
63ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20211207&jk=305968837697233&bg=!JSalJmLNAAZKWFskSlg7ACkAdvg8WimQ4MeMWWhHZ_FFHDceZqAn-iNohJmDHaIZMeiaEQNHrJngKgIAAABmUgAAAApoAQcKAMGYP0CGs3gughGftGRLD5R9eeSRxHlL9j7TGaYUEAyhccEF9OP7aXDfZ1_0Fzq4njgdD3Qu7S4dX0E1xIHKzhV1W6_yWA_AcPCVLssYM-aWDJXWmb3oL8-kcVpZ0QgnpiBRRlPJdouFe_CzHjgXOx6DWgohZuk8HjZnk2OKkqZ9k_4rasT1K2yUfwpQ3LoBYrHNIey3ZA8gxG8coEN4KQdaC8SlOD5XUSnsrecYRDyPXSDadsWMbnZAexvmomH4RI5mmQLBtC7tPVcysH04MvG_LujorZpzKn-XiMhttsGe_a1RM2Hf5sGGamBBTMYZIU6GUswurdk5hgADcebRb7jooK2O6kIIQ1dIGUbw28sXOyRP07-aziKERe9GV-ouypbvd3aKAYeWyN6QikLc3ko0pFcHJ1rosTBiug8QkD6tmj8f4Nl98bE8OEKgKs97l2myGeQVID49u0K6JEdXteDSHvTquFGwNJpKBZFakZ_Tcsw7yu4J1Prftx3dsFk36FBJR3LBSWwnojCr83vRQZV3VekfY4SRnA2iDiCo3MeUxnsaaD286GUn4Y1Cco9Eie_d2htg9UlCGljbIYqrjp2eK0tYuyyS5JCmoqF6OirHCPceUguVyb6iPY5SUYTrMvCmqRsAO0npgKWXd1EXe_BYdKvluuNY5xrdoP79meKjigl8gVchpnF2_RXHWbT8GYnd9JfnFrng-cxQiCCHs1udZ1T9PavN8TY5rI_ULURq_V40wmpeF9H3MwFzUhK4KSy3Ho80Y9ZOLFdizZiUYAr3glG9T4soAJoHkAggHCoXld6m_l7NPHrplhhXk2c6hgo0etTj3c8USpuWjJhUCEJPHAZTu1kKikbBQo6w05aR2Lv7GW7gd6rqBIotHAG6LWE1FzqRZxLSdfldDz_dHDiNa6oqbC76N29J3DmsnRaoXgoEX2dKLkhANf8x38a0f-vHskkEVPY0f4oz3Z4BpycBBH67voA4Up1NivltFGYbT66q9YLs9bim_ZImLpFxF7LmF6xSzxpPfCyQfodsTe9wxanw-xbgslqvDOP5ixpUBrmuBNDKccf1FqLKFDhxs8jVP9xF-2aKeU0q_hIQ_rYzunk8KTIjOuug0KSybd7zk9yWcfl-JN06iU2omfCUCCE3COMQWkfoqUbdHVe5yus2rcQ2cnLljVzPj7tHoCkiTYp2Ph7O

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zatusim.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:19:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 32613780 Show response
mc.yandex.com/webvisor/ 43 B
145 B 572ms
67ms XHR
image/gif 2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/32613780?wmode=0&wv-part=1&wv-hit=680550492&page-url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&rn=430448978&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1640863200%3Aw%3A1600x1200%3Av%3A722%3Az%3A0%3Ai%3A20211230112000%3Au%3A1640863197963239161%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1640863200&t=gdpr(14)ti(2)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:20:00 GMT
last-modified: Thu, 30-Dec-2021 11:20:00 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://zatusim.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 30-Dec-2021 11:20:00 GMT

POST
H2 200 32613780 Show response
mc.yandex.com/webvisor/ 43 B
169 B 81ms
80ms XHR
image/gif 2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/32613780?wmode=0&wv-part=2&wv-hit=680550492&page-url=https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html&rn=308633394&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1640863201%3Aw%3A1600x1200%3Av%3A722%3Az%3A0%3Ai%3A20211230112001%3Au%3A1640863197963239161%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1640863201&t=gdpr(14)ti(2)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zatusim.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 11:20:01 GMT
last-modified: Thu, 30-Dec-2021 11:20:01 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://zatusim.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 30-Dec-2021 11:20:01 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1

Verdicts & Comments Add Verdict or Comment

145 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.greenklick.biz/	1970-01-20 00:30:55	Name: uuid Value: b4d96028-6902-4877-97d9-0fb7b380feb5
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: SDLJqesAXAI
.youtube.com/	1970-01-20 04:06:55	Name: VISITOR_INFO1_LIVE Value: S32Q6FlZ0Xo
.zatusim.com/	1969-12-31 23:59:59	Name: surfer_uuid Value: fa0dc153-18fa-412f-bfb4-9eedd98bd4dd
.zatusim.com/	1969-12-31 23:59:59	Name: la_page_depth Value: %7B%22last%22%3A%22https%3A%2F%2Fzatusim.com%2Fcelebration%2Fclbr_ny%2Fscenariy-novogo-goda-dlya-semi.html%22%2C%22depth%22%3A1%7D
.zatusim.com/	1969-12-31 23:59:59	Name: page_load_uuid Value: 78ec57d3-c2e1-4fbc-91cb-b77eb5c50061
.zatusim.com/	1970-01-20 08:33:19	Name: _ym_uid Value: 1640863197963239161
.zatusim.com/	1970-01-20 08:33:19	Name: _ym_d Value: 1640863197
.mc.yandex.com/	1970-01-19 23:47:43	Name: sync_cookie_csrf Value: 2908790589fake
.zatusim.com/	1970-01-20 09:09:19	Name: __gads Value: ID=46f748742ad4fcd3-220af85412cd000a:T=1640863196:RT=1640863196:S=ALNI_MYB4rDibWpVn49cb633c9ynQ1ZeaQ
.zatusim.com/	1970-01-19 23:48:55	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-19 23:47:43	Name: sync_cookie_csrf Value: 3454061180fake
.yandex.com/	1970-01-20 08:33:19	Name: yandexuid Value: 9347047241640863197
.yandex.com/	1970-01-20 08:33:19	Name: yuidss Value: 9347047241640863197
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 2051854061640863197
.yandex.com/	1970-01-23 15:23:43	Name: i Value: MHoJdn0PzGpjkmSd43SYOTduSfRe6/QosDq6zSW/MlDcrYcxa1ahMefISraxFyoxVcVA5pshDVhgnf4D+3lMCw2zNS4=
.yandex.com/	1970-01-20 08:33:19	Name: ymex Value: 1672399197.yrts.1640863197#1672399197.yrtsi.1640863197
.zatusim.com/	1970-01-19 23:47:44	Name: _ym_visorc Value: w
.doubleclick.net/	1970-01-20 09:09:19	Name: IDE Value: AHWqTUllPkBzqzpyeDX8KTzYnjOkf6RJh7SjrgQR2PfSCSHDV899mQLl5X3yxrTx974
.doubleclick.net/	1970-01-19 23:47:46	Name: DSID Value: NO_DATA
.rlcdn.com/	1970-01-20 08:33:19	Name: rlas3 Value: YSs74PENRKwEL2fugeJkegtKuulL+vK95YiFjrpzYEY=
.quantserve.com/	1970-01-20 01:57:19	Name: d Value: EDcBCQGKJYEA
.quantserve.com/	1970-01-20 09:17:57	Name: mc Value: 61cd95de-ac68b-607fd-ad9b0
.rlcdn.com/	1970-01-20 01:14:07	Name: pxrc Value: CN6rto4GEgUI6AcQABIGCOndKhAA
.casalemedia.com/	1970-01-20 01:57:19	Name: CMPS Value: 5205
.pubmatic.com/	1970-01-19 23:49:09	Name: KTPCACOOKIE Value: YES
.casalemedia.com/	1970-01-20 08:33:19	Name: CMID Value: Yc2V3qKa2um9KzIXyyQiNAAA
.casalemedia.com/	1970-01-20 01:57:19	Name: CMPRO Value: 1194
.casalemedia.com/	1970-01-19 23:49:09	Name: CMST Value: Yc2V3mHNld4A
.pubmatic.com/	1970-01-20 01:57:19	Name: KADUSERCOOKIE Value: A2C65E31-C618-4A86-88EE-390D8FCC1860
.e.dlx.addthis.com/	1970-01-20 09:17:57	Name: na_tc Value: Y
.innovid.com/	1970-01-20 01:57:19	Name: uuid Value: bfe7a424-cbec-4c0a-ae83-e1f5435cda2a-20211230 06:19:58
.addthis.com/	1970-01-20 09:17:57	Name: na_tc Value: Y
.dlx.addthis.com/	1970-01-20 00:30:55	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 00:30:55	Name: na_sr Value: 20211230
.dlx.addthis.com/	1970-01-19 23:47:43	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 00:30:55	Name: na_sc_e Value: 0
.addthis.com/	1970-01-20 09:17:57	Name: na_id Value: 2021123011195900038040376428
.addthis.com/	1970-01-20 09:17:57	Name: uid Value: 61cd95df72289e3e
.addthis.com/	1970-01-20 09:17:57	Name: ouid Value: 61cd95df0001a44404c409098310ba115f241e48eede42a23c72

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mc.yandex.com/sync_cookie_image_decide?token=9503.IDkKgNLmF5OP4lvXlVjR2R2gXZ4uQAGY4VSRqCJYwo8tnG3TyDAzCkfyIIXrmBQnXiaEBqD8S1Ua2DbFGXvkTQ%2C%2C.ziiH8F88Dyd8SId7XDkiU6QDmO4%2C Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/761667184620543168/null Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1&google_push=AYg5qPICrlQWLSn9hqHNUycsbaFpt6YnHMwlXWHUbVPb9ZsANeiXiUX8x6hkNv4WY9HXL8npaZw6xohMDaQbqnSibVQZAzYqN5c Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_cver=1&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_push=AYg5qPIBos8HCo1Fesgpl_SJipkkobK6FRLBu4MOabszqnXcTU435ko9Wa4BlfdolrCdrMaVFPPy3F9HRAHbzdi_zN5uD0wjpN8 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc2V3qKa2um9KzIXyyQiNAAABKoAAAAB&google_push=AYg5qPJlp9DbC4z0onwkvhIvW5Ke2coGVVyU2Agqv9gDyyHpsljetKYD5TVMUP9Z_8RXbel3NOzFCFDC8y03Q0-4n-J1ODda0w&google_gid=CAESENxPLQYjljE5TAx8BFncylk&google_cver=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271801&client=ca-pub-7695804958037097&fa=1&ifi=11&uci=a!b&btvi=4 Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.com
adservice.google.de
ag.innovid.com
cat.nl.eu.criteo.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
csm.eu.criteo.net
e.dlx.addthis.com
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
greenklick.biz
i.ytimg.com
id.rlcdn.com
image6.pubmatic.com
mc.yandex.com
mc.yandex.ru
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
pixel.everesttech.net
pixel.rubiconproject.com
pwxlqg.com
rbtwo.bid
rotarb.bid
rtb.fr.eu.criteo.com
rtb.nl.eu.criteo.com
rtb.openx.net
static.criteo.net
static.doubleclick.net
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.youtube.com
yt3.ggpht.com
zatusim.com
cm.g.doubleclick.net
104.111.215.191
142.250.185.66
142.250.186.66
178.250.0.162
178.250.2.135
178.250.2.148
178.62.225.201
198.47.127.19
2606:4700:3030::6815:3ba3
2606:4700:3034::6815:602c
2606:4700::6810:125e
2620:116:800d:21:fcb8:22d2:d390:5f1b
2a00:1450:4001:809::2001
2a00:1450:4001:809::2016
2a00:1450:4001:810::200e
2a00:1450:4001:811::2003
2a00:1450:4001:813::2004
2a00:1450:4001:813::200e
2a00:1450:4001:827::2002
2a00:1450:4001:827::200a
2a00:1450:4001:828::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2002
2a00:1450:4001:830::2006
2a00:1450:4001:831::200e
2a02:2638:1::11
2a02:2638:1::2
2a02:2638:1::3
2a02:2638::2
2a02:6b8::1:119
2a05:d01c:1d8:8102:af9a:78a3:719c:55d1
34.98.67.61
35.227.252.103
35.244.174.68
54.171.63.239
62.76.25.28
69.173.144.138
87.236.16.238
00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
0416ce79a5702b072243b6ca5873a666922d5814bf286177d90d323abd5d172b
053508cc4ed1acf7db8ed96deca42ffebfa1669c5cecd62f4415b926d07b5aaa
05d81fe053dd120f05f2665adc6de367189b9482443d7d5c48ece70b123c2daa
0769a620ccba5a6119e7c4ac2c741513c0e5c20d1c13001caca6d838be89c8d1
081630680ce61abc6643ed93f68be35ebe49cc60cc05ef34611d04fa24f27b31
089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a5ecf1ba25e7c849dbd0e5fe431e53363f27473ad2b30c13b027fb66c98ea5c
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c429f0038b0a3803b5dec5c0885ce647519c58b3c25825d44fafb92c561cf89
0e99b0800b5ddb97b5cc6a17425ca50cf0e31fa659531a1f97dcd63af9c55011
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
1354022eed343fcd7baecc7e45fae0413194e071806c1472ecb12b0592f62429
13de4eae43e2f39a0830eddafe6825e480c112ce75f2c34f7255cae0db894552
15f72dfc94aee5fed8ce3f545f0fee13abd80dc8e8d2b970812762d64ab6eaa7
17df1f2891553baf6c74c4eef8cd0dd9fb73a5669f9f89d67183a8bfe41acfd2
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
180b6f304463fd1e0dbf43720850934ce4698b4425c06a8ab869d96b9e3050eb
18cb62e1f68ccda7683de8485eab7c698fcb54483b9c99d064237237623e81d7
1a60e8bb46b90e99e8290546e595d96ed29bcb09c89c0ca401fe47c6102fbd9a
1ce6685465805e98dfd2b3633e74711102167bc0ae656c536ba35587c20aeba4
1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3
255df06063ef8b4f994c1ae9d232d7c4f27c95b853a68fd9c03e31f4dd6b0031
25fa9bf2ced6f5df0685361a305417396c115e3254b6795d12a89b43bb2dd196
25fcfee1ad623c5654d6a20d5936f56999688ce944da13f9ea606cf4b9fc18d5
260152ce49fdbda7b0f1e2f69d61ce39ba49de9a161971192cdf63af15207dbf
2818d6a37fa8706e13b7f6ebe445b38ce6a5afd7ed8c2f57085fdd9e35575a26
29a021a62e8caf136c039b3363beeb41a69d4b6affbf18c6be64c413e603123d
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
30b4e4a6b97fbe926d46f710012b7d09740e874f9815e70a4e9405daf155a045
3259226a7a32503da40c547c7eb329e6955f2d84bdc1dcec94be5b3e9c305bbc
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
32d7ac20bdf26912533a17f4b33710ae866a89eed6cac9169623c2006ef0a7ef
33d33233fa304cba9ad1dac86ba996e277c70ccc98ba40bc8108870947581357
348a5fee41089a9024d67c608f63251790d0809676f2343d77114f4e647f7bf2
35720d9228c7e10cd4ae42344d4843042c1ff114b53f1e8bb845e412e9b57324
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
378f79bc8e52dc7c86332d048c8b8f57ad672c3c917ca54b08630bb487b99d3f
3b634f4f03edfe513e9de6dc5bcf9dd52f7271e06be9fddbf1ca2603a8587dba
3c8ba982e1a7629cb5be1c6e7ac909bb494b895a63affce2f6306e5cd244505a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e6131330963c472b950b8aaf544ba3829735b8ccb103d614ba7793e3a786550
3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e
401503518894f575673732c689a7885c78bb615900c0c3f726765eb4ce6aa799
41031936f704ccb58dc5d234f9e79116ffb8b3fd94be287d5fbd2034d8c1c41b
41638b36cc56fa01950f0bf88b076f5211dacbc3219feead4d13811ac5f77c4d
4192547933c47032776c86cc04805a86655e4580d0c82b46787a120fcd96c146
427d2685841a31254fdccb66cebe9238bafda8df5389752124d878aedcdb8c16
435797ff5cacaf4ef2c9f2ec22c48f090fddaadb4bc153d2c9ce5047ecf96417
443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008
45531218adb3139b5217b17e9d444ba9e4b3d364d9191818a3bc3b8ebde7be8e
45c1f0c0ead16f4994622152d4386a4a31abdba59e6338dd9b7a348c764efea0
466185b790014e9e4672eb6a03a90cf6fc9e1bde957f197319ea4c6c7b40a48f
467d8cbcda0af956f77739589870c2d7d85dae943aae7006150b51d8ced28e82
47d548021e32329e593c23aa28cd91cb453436e71b3c5851723c12f5c7acb7bd
4a1af7bec4a563494574f27b233347dc0ac8eb8cde22dc57588a0eb47b34d962
4bb2d799da061032f9124541c5342eabe561427644b5855fda63d3b23d5fa6ca
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fb2c22013844632fcdd4b10f9c25871c85f59694b1979e396f718d45427c9e7
51dd0d58cb0e4d72e11f87df4526484c10c1ed295cd8b4867708805c5fef16b4
53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd
53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56dff0e27c5480f6b5d9ca8bd0df59343dcff0cdb861eb523a0f40ee5d41fb19
5b793fbe2751f1240cadd43d5356c310e242c5a45d9dbdfed1789a1cfffd571b
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c6e1a83304838097545a1ef48c04d539f7c04d75d8b081fbe10618b0c1948b6
5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32
5de9ae25e3fb859846b91b28952b6e2bc9d1336d102b12be98b50d53e7798c65
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
605131fac03b4f42f088844936a4d12c30d704c0b15124412f7cb845da74cc12
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
656bf50a0a30e3a8af841d56bf254aad27e604fd60b34fa80e10d572204e80b6
6772c265a21773ed1f8eed642f144cc60671bd7ddfdffdca682f41d3dca358fc
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
683d53b67d39c9f2acd22cea83dc3a30aa1f16b930b2c4e4eef159faa92eea4f
6a6659bedfa7dc21f0256e8cc571baf95327935c3320b6357a4f47113711b310
6cb9bb69c743e19d1317bee8fef1c93e69b72296e6b7dc6962c34cfd93bf45c7
6cf4ddc728ae2116b65b72832d21cdf33961c094ce95ea8a5b676b7d71212f82
6d4a5a8296ca52691fde29abc2b8cd81c06ce8717a4b703ef1221bcd01e1d8dc
6e9cca040634f071c068f7f483dfeef82d8589b4082c8cbdc5301951647ba71b
7057dc6c22654c0f172a36455ae3d84e221d17b17ec4869edb3722f133427fb5
7106ac4056a90e6943627d4c041fca5fc4b60312211715a455f5dddf29bf108f
7173522d7dbce713e80185410c048855df8c450bcc41673e2b2958634a35fea1
71f4a6b13f5d5b9c56c3c3e769b5914c7e5738b295477d9c42caa75101a1ec06
77fc7e2cee3f1b71326ab2d9e121017b176205d0c8bbb013dfe7ebfccb2c5cab
7ad2d097970b4db22e21d9cd61db5d0de1a257b213c72029bbd248d950538f0f
7dd8628b76c6beda76cf46db9ac1e54437ac90edc487c7f8e08b0c1f716656ac
7de44a700cc2360c4a57665af07e80c2c0faed4ac3c1499f51af332d00976a18
7f34b768792b90cf0b04fced2470e43d8fab7644f6565d5178fbfb49c4859cee
82c4e99e17c04febdf8092c42bf2b6b4e0ea7b5348181fec896b48c39c394e9e
8348fe66b515449f719cb7b8278e1c84009bdaa96e18981641bc1e77d9e4cf1a
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
847d2854bb34bc89ab8514267909dbec0fe245278448227d23714781f9dfab71
8737add0f4dcfe0274b0527cdcec53cc4375cf530513f6ae191787404b90a587
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
89f724548a2310a768355cf26ed6047fd99b0184e3edfab6ac700a333799d20c
8cec80026a973fbece4726dc8248203cd596ec8b055e3896c859b097c276f9b2
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
9090f5622c1d1d99b8ae0018ebb5e755e3b2d326360c686e9984d41e8568b0e8
91439eb515f87a7ef4f5e4f7f3c42ebe151148f83698304cea1d1db73ab4972b
926d1ab3abf48cf01377caf6adbed8c8a5e9dd1726e174c945af41137661404d
93a8cc54b517a35c22648e5a2b1694dac62247ad174386f1791d1c4d0c6edd8c
9450dbea0b3f730522d9bf26d624c024beff332513844fb81a680f009cc01a8d
94a7e03b1bfe0cf4630f937365bf49eda71e8639b4120757a1f2aaedd6c6f6a4
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
973408bd1a1da181c7eaa9293c0cd095f3836a76b626bc76af21e1cd96b5dcde
98fb4b8cc7d3d7d96d48b21e6b825f36aaf50bf4676aebd066903cfe911819fa
9a40d86d09f10717cf26aa41821239e13b92a9fa8da4fbdf510137df2110308c
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1987f4a0e4826c81d5061f35a8368e518680bff5d86d04b25d9499ca0eecafe
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a751656f16d4618636ad788e41f05858bf2257c95701bad8d5f1b8497349cb5f
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ad55816ac6c62f214e60a1913ff4f0215ab329034cbc7436a5514941449ca7b9
addbb66b618040ad016eeae6087bbbc7e5485946c81e0c76ffccf47eca19bfd4
afb8123acc4a91b64b8678c7953f867af8ed9b60e5aac9c8040a5898d9d9e29c
b0496ff7b5e02ba5dcf004405c2b4eba9e66d7a89002346aa17ea3c1b4311806
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
b230fc7c7ccd6092be70de1c2cad05d787d53bbf444542dbc72ea4488625fb65
b3f0c980d718df0580c4e2a8a2a6d45878074974be1d8941776a70cde547b53b
b3f3db2e6ac9e2b19172879a80a8605f4db7a179745be21a0828e3c1e49510ee
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b4f80028ddc6dc380c89927fb2d2d3dd9c580a24f99db9b93e32ce0b607d5c88
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b7e3a02d4d8d9f28cf8547f450d61da71c432ceaae3cd80f652e73fd9e3654cf
b901708cd72a6ddfea26aa2b83a351d12f7f7b9a752238e4bf8d8b5a73658e0a
ba5c75008a133ef73a0eb980a0c37c168b6bd5db7279a90105697670440eeedf
bbab8b575815d1f0dfdf2660b0195bfd86943cc16f624bae271c51078a9a5240
bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
be16ecbe182accc8a393d324b6bf9ecd89d491371a5e367663e59282784382cd
bee0a228fc9e233408681ed2e6c649ec08139d1efa4766b9de24a38995e460ce
bfc38ef7584666e86afb370d40d96c1ffe01dd9f68040cb2189594f1f2a9ded1
c0ec82d3d3874dad85529b9cc4e00a6901e1c7ddd5362aaf86c5a201f1d89eda
c24bc7315491b40d6c76e38a35a651b5c195047ef49561af875cae752505d507
c3cc47327700468fac2409f2642c69ec8cb8dd9a396c92021f2457e4afceeccd
c78f4f130d5fb0bdbdd59c2f04d80532eff308fbfd03db01ae11c74b034482ee
c9ca299ab3a7f12b37cce4f76c017b88026120824524d472e3e58b523858e282
cbb4d6c430dd4fa951e08c2c667c940e58beba3491ad97ea30404f58d51958cb
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d23cfef2cad9bf87982cfc07235f97b44be8ebb31f637c85822262131e9fb8e1
d3128bd7184f776e91544e1cfcd82806985004eedeeda17edd5c0383fbfafbaf
d338728c296b18031cc55f50b5fd3212206314394b4c35bf1a75ddb78cb4af3d
d5aab9ecebd2bc2f003980fdde59b97aad0fd105312d99fa50fcab580099aaf3
d79d89f3e5af59f18e9e7154f9439e7c175bf597457dfa3fd845c39d333d5ef7
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
da87e6c9af949f8327cf09ea99eb070e535fedd63a7187f3d48a7c25d3914435
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e146bac2d2c66e59bd90f0b140eb9e7ad95e9a90646145e7fd5efc1acbac7fc1
e22e7baf192ba28c82b8a9012f1c6d7a58c7f0b0d770073755ce461c7e281cf2
e2bed13c41244bdee0910f6bd45d8584229cf2afa49409475c10d39ee4e3e9cf
e2c27e101b4cbf1088f4c42a1e7f6ce17598dcf733193b4daad9b43e442b0b15
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e45f15d8ce69335d1b707f6a7a1518e64a622a5e68e85bdd3071651bd22c3047
e51320d95e5f83aa7fc3a56413ae6442a3d6bcdef56ef7d3e097952c4e7408ce
e89a316ebf1c63ea09e2b7b5889fb55e1ffb326c7b2b172027da0948f5709f6a
e8bc55d56e6a91cf1f2b49616567a2b3cded1016c307eb4860af703d3a5b5579
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
eca87fe1becd8e8ae4651af302000955c2eedbafaeaf899af211c5e4c6abc0ea
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f08908bb4c6a166901d8671e4cd549900f73126ed5d53d2c0c0ebcf679e6134b
f119e918a084d1fdabf00a04f10f5773343416df802b72315d0de816dbd92434
f27408b033a0195d0f29b0ecbc143f470c4fbb0807472a688b2f9e66403651e0
f280bc98ee853ef1d62830f52f051392740b07eef3a265226e735e4e6be673dd
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
faaaf01f597e356e9dc91520c3bba215dd5476370b3ddea78490da9ffaace6f2
fb8d34c284bcbca9096f421ccb883bb442754d8d7916d3c488e120e237cc35b1
fc328eeaf800bfc497c691f3d92a67891dc61368e72111f0c1a02c7fe37d702b
fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1
fcbd587432f5e88fc926d1cde0d375084b7f3e711f9ff34571dec52f70fb27cf
fd08869d49d8c402ff656b0366d135cf2f7199e7c1e7e0ec4509a3ee797c0d9d
fdbcc46d97e0f4567f462315ee7d74b3baf384a0a388b0a046d0ce455c303ac6
fe0f975b079073ed683a10d2f6aefe4b7439400d8d4dc8f3ee77a989e75358ee
ff11d2d754995869c36224d97b6975401d749afd86c1d9130ce82bda49e457db
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

zatusim.com Open in urlscan Pro 87.236.16.238 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

306 Requests

94 %HTTPS

63 %IPv6

30 Domains

43 Subdomains

37 IPs

7 Countries

5486 kBTransfer

12590 kBSize

40 Cookies

16 Outgoing links

Redirected requests

306 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 20 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

zatusim.com Open in urlscan Pro
87.236.16.238 Public Scan

Screenshot
Live screenshot

Full Image

306
Requests

94 %
HTTPS

63 %
IPv6

30
Domains

43
Subdomains

37
IPs

7
Countries

5486 kB
Transfer

12590 kB
Size

40
Cookies

306 HTTP transactions
20 data transactions