firststeps.ru Open in urlscan Pro
82.146.60.93 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://firststeps.ru/
Effective URL:
https://firststeps.ru/
Submission Tags: ru l4ing asn8732 8732 mass Search All
Submission: On March 18 via manual (March 18th 2023, 4:40:34 pm UTC) from UA — Scanned from DE

Summary HTTP 42 Redirects Behaviour Indicators

Summary

This website contacted 16 IPs in 2 countries across 11 domains to perform 42 HTTP transactions. The main IP is 82.146.60.93, located in Moscow, Russian Federation and belongs to RU-JSCIOT, RU. The main domain is firststeps.ru.
TLS certificate: Issued by R3 on February 10th 2023. Valid for: 3 months.

This is the only time firststeps.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 6	82.146.60.93 82.146.60.93	29182 (RU-JSCIOT) (RU-JSCIOT)
1	81.19.89.17 81.19.89.17	24638 (RAMBLER-T...) (RAMBLER-TELECOM-AS)
6	95.163.52.67 95.163.52.67	47764 (VK-AS) (VK-AS)
8	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1 9	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2006	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
42	16

6 82.146.60.93 (Moscow, Russian Federation) 1 redirects

ASN29182 (RU-JSCIOT, RU)
PTR: s1.kuzinandrey.ru

firststeps.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.19.89.17 (Russian Federation)

ASN24638 (RAMBLER-TELECOM-AS, RU)
PTR: kraken.rambler.ru

counter.rambler.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 95.163.52.67 (Russian Federation)

ASN47764 (VK-AS, RU)
PTR: top-fwz1.mail.ru

top-fwz1.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 134	337 KB
6	mail.ru top-fwz1.mail.ru — Cisco Umbrella Rank: 10662	33 KB
6	firststeps.ru 1 redirects firststeps.ru	14 KB
5	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 32 static.doubleclick.net — Cisco Umbrella Rank: 241	117 KB
3	gstatic.com www.gstatic.com fonts.gstatic.com	56 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 68 www.google.com — Cisco Umbrella Rank: 2	2 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 185	49 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34	1010 B
1	google.de adservice.google.de — Cisco Umbrella Rank: 8720	531 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 860	605 B
1	rambler.ru counter.rambler.ru — Cisco Umbrella Rank: 135722	586 B
42	11

	Domain	Requested by
9	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
8	pagead2.googlesyndication.com	firststeps.ru pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
6	top-fwz1.mail.ru	firststeps.ru
6	firststeps.ru	1 redirects firststeps.ru
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	fonts.gstatic.com	fonts.googleapis.com
1	www.google.com	tpc.googlesyndication.com
1	static.doubleclick.net	googleads.g.doubleclick.net
1	www.gstatic.com	googleads.g.doubleclick.net
1	www.googletagservices.com	googleads.g.doubleclick.net
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	counter.rambler.ru	firststeps.ru
42	15

This site contains no links.

Subject Issuer	Validity	Valid
firststeps.ru R3	`2023-02-10` - `2023-05-11`	3 months	crt.sh
*.rambler.ru GlobalSign GCC R3 DV TLS CA 2020	`2022-05-16` - `2023-05-06`	a year	crt.sh
*.mail.ru GlobalSign ECC OV SSL CA 2018	`2022-10-18` - `2023-11-19`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://firststeps.ru/
Frame ID: 519B48F99368F724410390702AF0B304
Requests: 1 HTTP requests in this frame

Frame: https://firststeps.ru/buttons/left.php
Frame ID: 4E51F02FD53962678EE3AEB8F0C59D71
Requests: 6 HTTP requests in this frame

Frame: https://firststeps.ru/titles.php
Frame ID: 2EEA6BD99BA74AAED3168BBDF3D4B1EB
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20190131/zrt_lookup.html
Frame ID: 50714410114DBE10B41EB0D88AC22E63
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2721325097469880&output=html&adk=1812271804&adf=3279755396&plat=3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_r&format=0x0&url=https%3A%2F%2Ffirststeps.ru%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679157628636&bpp=4&bdt=245&idt=201&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&nras=1&correlator=2416340509473&frm=23&ife=1&pv=2&ga_vid=1953463962.1679157629&ga_sid=1679157629&ga_hid=1035958985&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=1450&ish=1200&ifk=2764203198&scr_x=0&scr_y=0&eid=44759926%2C44777876%2C44759842%2C44759875%2C31073099%2C31073142%2C44774606%2C31071268&oid=2&pvsid=4100845726486903&tmod=1360205445&uas=0&nvt=1&fsapi=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1450%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&ifi=1&uci=1.rbjnk5uclukp&fsb=1&dtd=250
Frame ID: 66769F9846E2D3B7D16E9843F076FE5D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2721325097469880&output=html&h=280&slotname=2551301440&adk=748608210&adf=904710466&pi=t.ma~as.2551301440&w=1200&fwrn=3&fwrnh=100&lmt=1679157628&rafmt=1&format=1200x280&url=https%3A%2F%2Ffirststeps.ru%2Ftitles.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679157628641&bpp=3&bdt=250&idt=251&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2416340509473&frm=21&ife=1&pv=1&ga_vid=1953463962.1679157629&ga_sid=1679157629&ga_hid=1035958985&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=0&biw=1600&bih=1200&isw=1450&ish=1200&ifk=2764203198&scr_x=0&scr_y=0&eid=44759926%2C44777876%2C44759842%2C44759875%2C31073099%2C31073142%2C44774606%2C31071268&oid=2&pvsid=4100845726486903&tmod=1360205445&uas=0&nvt=1&top=https%3A%2F%2Ffirststeps.ru%2F&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1450%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=132&bc=31&ifi=2&uci=2.ovz0c6nd7iu2&fsb=1&xpc=eCmVBsdltQ&p=https%3A//firststeps.ru&dtd=258
Frame ID: 77F4F9F7B45064B0AC7B649C728B7502
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 38626B93B2B6B51294D174CAC68A1C55
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 46802F1DB564D4B8625A3B00DBE408E3
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ПЕРВЫЕ ШАГИ

Page URL History Show full URLs

http://firststeps.ru/ HTTP 301
https://firststeps.ru/ Page URL

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Page Statistics

42
Requests

98 %
HTTPS

80 %
IPv6

11
Domains

15
Subdomains

16
IPs

2
Countries

610 kB
Transfer

1662 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://firststeps.ru/ HTTP 301
https://firststeps.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgODAxIivxQEQ2AQY2AQyCEI4uKqUTIEL HTTP 301
https://tpc.googlesyndication.com/simgad/4553853186076129233

42 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
firststeps.ru/
Redirect Chain

http://firststeps.ru/
https://firststeps.ru/

680 B
832 B

154ms
45ms

Document
text/html

82.146.60.93
RU-JSCIOT

General

Check archive.org

Show headers Download Go to

Full URL: https://firststeps.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 82.146.60.93 Moscow, Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: s1.kuzinandrey.ru
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: f960d8fd981bb5684f0b55f531c3d1918963cb87f2eacc21689139fb5cc698f9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 18 Mar 2023 16:40:28 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 18 Mar 2023 16:40:28 GMT
Pragma: no-cache
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Length: 194
Content-Type: text/html
Date: Sat, 18 Mar 2023 16:40:27 GMT
Location: https://firststeps.ru/
Server: nginx/1.14.0 (Ubuntu)

GET
H/1.1 200
OK left.php Show response
firststeps.ru/buttons/ Frame 4E51 4 KB
2 KB 45ms
44ms Document
text/html 82.146.60.93
RU-JSCIOT

General

Check archive.org

Show headers Download Go to

Full URL: https://firststeps.ru/buttons/left.php
Requested by: Host: firststeps.ru
URL: https://firststeps.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 82.146.60.93 Moscow, Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: s1.kuzinandrey.ru
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ca5f2d1528dac98321fb658b4be737cebc3f99f282b46989fcbd29d032217c00

Request headers

Referer: https://firststeps.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 18 Mar 2023 16:40:28 GMT
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked

GET
H/1.1 200
OK titles.php Show response
firststeps.ru/ Frame 2EEA 21 KB
8 KB 94ms
49ms Document
text/html 82.146.60.93
RU-JSCIOT

General

Check archive.org

Show headers Download Go to

Full URL: https://firststeps.ru/titles.php
Requested by: Host: firststeps.ru
URL: https://firststeps.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 82.146.60.93 Moscow, Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: s1.kuzinandrey.ru
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 747fa07418f87a681ad185531d9b9cebdf948849ae2c8f0548d9e35d9c2844eb

Request headers

Referer: https://firststeps.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 18 Mar 2023 16:40:28 GMT
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked

GET
H/1.1 200
OK blogo.gif
firststeps.ru/buttons/ Frame 4E51 2 KB
2 KB 70ms
45ms Image
image/gif 82.146.60.93
RU-JSCIOT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://firststeps.ru/buttons/blogo.gif
Requested by: Host: firststeps.ru
URL: https://firststeps.ru/buttons/left.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 82.146.60.93 Moscow, Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: s1.kuzinandrey.ru
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 6a62abc449d6babe60b6c469cfe4b63bb75cac9788e9f40dad09dc7a0021b271

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/buttons/left.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Sat, 18 Mar 2023 16:40:28 GMT
Last-Modified: Wed, 07 Nov 2001 09:12:46 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "3be8fb0e-6da"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1754

GET
H2 200 top100.cnt
counter.rambler.ru/ Frame 4E51 43 B
586 B 236ms
44ms Image
image/gif 81.19.89.17
RAMBLER-TELECOM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://counter.rambler.ru/top100.cnt?303412
Requested by: Host: firststeps.ru
URL: https://firststeps.ru/buttons/left.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.89.17 , Russian Federation, ASN24638 (RAMBLER-TELECOM-AS, RU),
Reverse DNS: kraken.rambler.ru
Software: nginx/1.19.4 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Mar 2023 16:40:28 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx/1.19.4
x-srv: 1kraken-prod0002.ad.rambler.tech
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif, image/gif
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type
content-length: 43
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 code.js Show response
top-fwz1.mail.ru/js/ Frame 4E51 33 KB
15 KB 284ms
100ms Script
application/javascript 95.163.52.67
VK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://top-fwz1.mail.ru/js/code.js

Requested by

Host: firststeps.ru
URL: https://firststeps.ru/buttons/left.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

86358469a3188d8dae051045546110638b6c55e8d4ff55859c381ac202ed4769

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
amp-access-control-allow-source-origin: *
last-modified: Wed, 11 Jan 2023 13:29:54 GMT
server: nginx
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
etag: W/"63beb9d2-85cc"
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
accept-ch-lifetime: 86400
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: max-age=3600, private
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: *
expires: Sat, 18 Mar 2023 17:40:28 GMT

GET
H/1.1 200
OK 2.css
firststeps.ru/ Frame 2EEA 979 B
1 KB 45ms
44ms Stylesheet
text/css 82.146.60.93
RU-JSCIOT

General

Check archive.org

Show headers Download Go to

Full URL: https://firststeps.ru/2.css
Requested by: Host: firststeps.ru
URL: https://firststeps.ru/titles.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 82.146.60.93 Moscow, Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: s1.kuzinandrey.ru
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 5f658fcb0d377cdd3f187973457b6dead2feb66e5dc5776abddefe6fdec523fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/titles.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Sat, 18 Mar 2023 16:40:28 GMT
Last-Modified: Sat, 04 Dec 2021 12:38:55 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "61ab615f-3d3"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 979

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2EEA 142 KB
48 KB 199ms
60ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2721325097469880

Requested by

Host: firststeps.ru
URL: https://firststeps.ru/titles.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4bf074a3df683bfce4b1696fa1c2de2e04021c2e203167d96d07433d143afbab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://firststeps.ru/
Origin: https://firststeps.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48720
x-xss-protection: 0
server: cafe
etag: 8654247198222473093
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 18 Mar 2023 16:40:28 GMT

GET
H2 200 code.js Show response
top-fwz1.mail.ru/js/ Frame 2EEA 33 KB
15 KB 197ms
100ms Script
application/javascript 95.163.52.67
VK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://top-fwz1.mail.ru/js/code.js

Requested by

Host: firststeps.ru
URL: https://firststeps.ru/titles.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

86358469a3188d8dae051045546110638b6c55e8d4ff55859c381ac202ed4769

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
amp-access-control-allow-source-origin: *
last-modified: Wed, 11 Jan 2023 13:29:54 GMT
server: nginx
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
etag: W/"63beb9d2-85cc"
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
accept-ch-lifetime: 86400
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: max-age=3600, private
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: *
expires: Sat, 18 Mar 2023 17:40:28 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303150101/ Frame 2EEA 350 KB
117 KB 104ms
70ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2721325097469880&plah=firststeps.ru&bust=31073142

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2721325097469880

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a80f7db966e5f579356c630a7f7521bf77821c4cd2ea27d2553bdbd9953c3c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119459
x-xss-protection: 0
server: cafe
etag: 7822270707229844253
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 18 Mar 2023 16:40:28 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230315/r20190131/ Frame 5071 10 KB
5 KB 51ms
14ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230315/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2721325097469880

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://firststeps.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 64501
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Mar 2023 22:45:27 GMT
etag: 2378337311435320485
expires: Fri, 31 Mar 2023 22:45:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 counter
top-fwz1.mail.ru/ Frame 4E51 43 B
961 B 51ms
50ms Image
image/gif 95.163.52.67
VK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://top-fwz1.mail.ru/counter?js=13;id=23099;u=https%3A//firststeps.ru/buttons/left.php;r=https%3A//firststeps.ru/;st=1679157628358;title=%D0%9F%D0%B5%D1%80%D0%B2%D1%8B%D0%B5%20%D1%88%D0%B0%D0%B3%D0%B8;s=1600*1200;vp=150*1200;touch=0;hds=1;frame=1;flash=;sid=ba39fc89a7e12b08;ver=60.3.0;tz=0%2FEtc%2FUnknown;ni=9//4g/0/0/;lvid=1679157628689%3A1679157628699%3A1%3A42d175979b63d47423f74875301e976f;visible=true;_=0.1929029599897305

Requested by

Host: firststeps.ru
URL: https://firststeps.ru/buttons/left.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:28 GMT
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length: 43
pragma: no-cache
amp-access-control-allow-source-origin: *
server: nginx
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: image/gif
access-control-allow-origin: *
accept-ch-lifetime: 86400
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: private, no-cache, no-store, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 counter
top-fwz1.mail.ru/ Frame 2EEA 43 B
961 B 54ms
53ms Image
image/gif 95.163.52.67
VK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://top-fwz1.mail.ru/counter?js=13;id=23099;u=https%3A//firststeps.ru/titles.php;r=https%3A//firststeps.ru/;st=1679157628480;title=%D0%9F%D0%B5%D1%80%D0%B2%D1%8B%D0%B5%20%D1%88%D0%B0%D0%B3%D0%B8;s=1600*1200;vp=1450*2296;touch=0;hds=1;frame=1;flash=;sid=6b10ac97ab6e5a37;ver=60.3.0;tz=0%2FEtc%2FUnknown;ni=9//4g/0/0/;lvid=1679157628689%3A1679157628705%3A2%3A42d175979b63d47423f74875301e976f;visible=true;_=0.12985841686638522

Requested by

Host: firststeps.ru
URL: https://firststeps.ru/titles.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:28 GMT
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length: 43
pragma: no-cache
amp-access-control-allow-source-origin: *
server: nginx
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: image/gif
access-control-allow-origin: *
accept-ch-lifetime: 86400
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: private, no-cache, no-store, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 tracker
top-fwz1.mail.ru/ Frame 4E51 43 B
874 B 49ms
49ms Image
image/gif 95.163.52.67
VK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://top-fwz1.mail.ru/tracker?js=13;id=23099;u=https%3A//firststeps.ru/buttons/left.php;r=https%3A//firststeps.ru/;st=1679157628358;title=%D0%9F%D0%B5%D1%80%D0%B2%D1%8B%D0%B5%20%D1%88%D0%B0%D0%B3%D0%B8;s=1600*1200;vp=150*1200;touch=0;hds=1;frame=1;flash=;sid=ba39fc89a7e12b08;ver=60.3.0;tz=0%2FEtc%2FUnknown;nt=0/0/1679157628287/////1/1/1/1/1//2/46/47/48/71/71/71/467/467/;ni=9//4g/0/0/;lvid=1679157628689%3A1679157628756%3A2%3A42d175979b63d47423f74875301e976f;visible=true;_=0.7063275461242253;e=RT/load;et=1679157628754

Requested by

Host: firststeps.ru
URL: https://firststeps.ru/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:28 GMT
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length: 43
pragma: no-cache
amp-access-control-allow-source-origin: *
server: nginx
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: image/gif
access-control-allow-origin: *
accept-ch-lifetime: 86400
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: private, no-cache, no-store, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 2EEA 393 B
605 B 68ms
21ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=firststeps.ru&callback=_gfp_s_&client=ca-pub-2721325097469880

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2721325097469880&plah=firststeps.ru&bust=31073142

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

650c23f94db739f87467458e1d7b657606e5100edfbf8aa269a441e521e70a8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 253
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 2EEA 107 B
531 B 98ms
21ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=firststeps.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2EEA 107 B
456 B 84ms
23ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=firststeps.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6676 402 KB
88 KB 839ms
838ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2721325097469880&output=html&adk=1812271804&adf=3279755396&plat=3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_r&format=0x0&url=https%3A%2F%2Ffirststeps.ru%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679157628636&bpp=4&bdt=245&idt=201&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&nras=1&correlator=2416340509473&frm=23&ife=1&pv=2&ga_vid=1953463962.1679157629&ga_sid=1679157629&ga_hid=1035958985&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=1450&ish=1200&ifk=2764203198&scr_x=0&scr_y=0&eid=44759926%2C44777876%2C44759842%2C44759875%2C31073099%2C31073142%2C44774606%2C31071268&oid=2&pvsid=4100845726486903&tmod=1360205445&uas=0&nvt=1&fsapi=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1450%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&ifi=1&uci=1.rbjnk5uclukp&fsb=1&dtd=250

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c7dbbbe69bc7f1922d8133767d1931071bb2ac3e96c4d161862c4e8f952e5e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://firststeps.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 89839
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 16:40:29 GMT
expires: Sat, 18 Mar 2023 16:40:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 77F4 83 KB
24 KB 628ms
627ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2721325097469880&output=html&h=280&slotname=2551301440&adk=748608210&adf=904710466&pi=t.ma~as.2551301440&w=1200&fwrn=3&fwrnh=100&lmt=1679157628&rafmt=1&format=1200x280&url=https%3A%2F%2Ffirststeps.ru%2Ftitles.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679157628641&bpp=3&bdt=250&idt=251&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2416340509473&frm=21&ife=1&pv=1&ga_vid=1953463962.1679157629&ga_sid=1679157629&ga_hid=1035958985&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=0&biw=1600&bih=1200&isw=1450&ish=1200&ifk=2764203198&scr_x=0&scr_y=0&eid=44759926%2C44777876%2C44759842%2C44759875%2C31073099%2C31073142%2C44774606%2C31071268&oid=2&pvsid=4100845726486903&tmod=1360205445&uas=0&nvt=1&top=https%3A%2F%2Ffirststeps.ru%2F&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1450%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=132&bc=31&ifi=2&uci=2.ovz0c6nd7iu2&fsb=1&xpc=eCmVBsdltQ&p=https%3A//firststeps.ru&dtd=258

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55fde6c047db9778c2759d56f7eee1cedee308ff390099971f06b9374580dda7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://firststeps.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 24277
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 16:40:29 GMT
expires: Sat, 18 Mar 2023 16:40:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 77F4 3 KB
1010 B 71ms
23ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2721325097469880&output=html&h=280&slotname=2551301440&adk=748608210&adf=904710466&pi=t.ma~as.2551301440&w=1200&fwrn=3&fwrnh=100&lmt=1679157628&rafmt=1&format=1200x280&url=https%3A%2F%2Ffirststeps.ru%2Ftitles.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679157628641&bpp=3&bdt=250&idt=251&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2416340509473&frm=21&ife=1&pv=1&ga_vid=1953463962.1679157629&ga_sid=1679157629&ga_hid=1035958985&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=0&biw=1600&bih=1200&isw=1450&ish=1200&ifk=2764203198&scr_x=0&scr_y=0&eid=44759926%2C44777876%2C44759842%2C44759875%2C31073099%2C31073142%2C44774606%2C31071268&oid=2&pvsid=4100845726486903&tmod=1360205445&uas=0&nvt=1&top=https%3A%2F%2Ffirststeps.ru%2F&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1450%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=132&bc=31&ifi=2&uci=2.ovz0c6nd7iu2&fsb=1&xpc=eCmVBsdltQ&p=https%3A//firststeps.ru&dtd=258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fb7989597f1a10a56bd83de6a26eefec44a0c704979fb5e06f02195bc9cebfce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 18 Mar 2023 16:40:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 18 Mar 2023 15:08:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 18 Mar 2023 16:40:29 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 77F4 2 KB
846 B 77ms
26ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 13:25:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11674
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 13:25:55 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame 77F4 22 KB
9 KB 65ms
13ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 19:40:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75598
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 31 Mar 2023 19:40:31 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 77F4 3 KB
1 KB 72ms
26ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 08:04:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 08:04:45 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 77F4 20 KB
9 KB 65ms
14ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 13:25:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11675
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 13:25:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 77F4 158 KB
49 KB 95ms
23ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Mar 2023 16:40:29 GMT

GET
H2 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame 77F4 34 KB
15 KB 54ms
13ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 20:21:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 332317
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 20:00:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 12 Jun 2023 20:21:52 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 77F4 0
0 59ms
58ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CE3yUfOkVZIHoPPyi5LcP5c6K-AbTnKDIb-PnqLWIEbnumfqKORABIMGsgAlglYKAgJQHoAHVlP7HA8gBBqkC1WC00sPmsT6oAwHIAwKqBOsBT9DuOezeHY1CrLQpsvQ91_g6KxVCl9E9a5Eri3TDtMNoK59WpGMnqdzJmW-egRIPh8tdEjnSIAeFdi1pZQ9pUAdihRThT4_OP7Y89S9Kez2-AvAP9bJHuesQqnwv9HZozxkq6n6YR8SicQL7GLAp2VBjxCYrtEASwqWjZuVipOVg0puoRGmn8glfWnab6fmSUrMUNYnHswaSmUmzgQlvKEteSvRfl9BoKreJ9hYK8kjB4zo1TCvwNT1WQiwyiNsZ409QDRgAmwHv7mSZY0aIsrMcH6-7D-FP2BbgI1ldTYVxexQm8CQ3bWo9X8AEsNrMv7sEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBjeAB7y_qS6oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwHyBwQQ0OkS0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwvQFQGYFgGAFwGyFxwKGggAEhRwdWItMjcyMTMyNTA5NzQ2OTg4MBgA&sigh=ldmNgrobGlI&uach_m=[UACH]&cid=CAQSGwDUE5ymquYHBW5ycNX4QIUPnBDcb0OUBMKlcBgB&template_id=493

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2721325097469880&output=html&h=280&slotname=2551301440&adk=748608210&adf=904710466&pi=t.ma~as.2551301440&w=1200&fwrn=3&fwrnh=100&lmt=1679157628&rafmt=1&format=1200x280&url=https%3A%2F%2Ffirststeps.ru%2Ftitles.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679157628641&bpp=3&bdt=250&idt=251&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2416340509473&frm=21&ife=1&pv=1&ga_vid=1953463962.1679157629&ga_sid=1679157629&ga_hid=1035958985&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=0&biw=1600&bih=1200&isw=1450&ish=1200&ifk=2764203198&scr_x=0&scr_y=0&eid=44759926%2C44777876%2C44759842%2C44759875%2C31073099%2C31073142%2C44774606%2C31071268&oid=2&pvsid=4100845726486903&tmod=1360205445&uas=0&nvt=1&top=https%3A%2F%2Ffirststeps.ru%2F&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1450%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=132&bc=31&ifi=2&uci=2.ovz0c6nd7iu2&fsb=1&xpc=eCmVBsdltQ&p=https%3A//firststeps.ru&dtd=258
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 18 Mar 2023 16:40:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 18 Mar 2023 16:40:29 GMT

GET
H2 200 3189439620612639172_16523906257848032370.png
static.doubleclick.net/dynamic/5/413907909/ Frame 77F4 100 B
625 B 91ms
20ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/413907909/3189439620612639172_16523906257848032370.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

505bddd9e4c1a6bee59ac37cad59fecaaf71678832312ae2f80ae8d9b001f0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 21:03:39 GMT
x-content-type-options: nosniff
age: 157010
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 14:11:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 21:03:39 GMT

GET
H2

200

4553853186076129233
tpc.googlesyndication.com/simgad/ Frame 77F4
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgODAxIivxQEQ2AQY2AQyCEI4uKqUTIEL
https://tpc.googlesyndication.com/simgad/4553853186076129233

64 KB
65 KB

14ms
14ms

Image
image/jpeg

2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4553853186076129233

Requested by

Protocol

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7157d26f3067dc7d90b2076a0d7181365046fbffe59447ed9cfae3d2aab6a5bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 08:22:49 GMT
x-content-type-options: nosniff
age: 116260
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65821
x-xss-protection: 0
last-modified: Sun, 17 Jul 2022 12:00:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 16 Mar 2024 08:22:49 GMT

Redirect headers

date: Fri, 17 Mar 2023 17:01:38 GMT
x-content-type-options: nosniff
server: cafe
age: 85131
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/4553853186076129233
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 16 Apr 2023 17:01:38 GMT

GET
DATA 200
OK truncated
/ Frame 77F4 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 73e2350294e349872c02379dbbe702b9ad6ba482358ba95335ebf57d998d79df

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 77F4 20 KB
20 KB 60ms
25ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 15:30:25 GMT
x-content-type-options: nosniff
age: 90604
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Mar 2024 15:30:25 GMT

GET
H2 200 ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 77F4 21 KB
21 KB 48ms
14ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 09:23:51 GMT
x-content-type-options: nosniff
age: 198998
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21428
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:32:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 09:23:51 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303150101/ Frame 2EEA 149 KB
51 KB 85ms
84ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303150101/reactive_library_fy2021.js?bust=31073142

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f27cef2cdab4414f7ae523c7750967967ce9b313ee5c47d37cca22cb19f91ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52115
x-xss-protection: 0
server: cafe
etag: 11671233331140729990
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Mar 2023 16:40:29 GMT

GET
H2 200 tracker
top-fwz1.mail.ru/ Frame 2EEA 43 B
873 B 50ms
49ms Image
image/gif 95.163.52.67
VK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://top-fwz1.mail.ru/tracker?js=13;id=23099;u=https%3A//firststeps.ru/titles.php;r=https%3A//firststeps.ru/;st=1679157628480;title=%D0%9F%D0%B5%D1%80%D0%B2%D1%8B%D0%B5%20%D1%88%D0%B0%D0%B3%D0%B8;s=1600*1200;vp=1450*2296;touch=0;hds=1;frame=1;flash=;sid=6b10ac97ab6e5a37;ver=60.3.0;tz=0%2FEtc%2FUnknown;nt=0/0/1679157628288/////1/1/1/1/1//46/95/97/104/192/192/192/1594/1594/;ni=9//4g/0/0/;lvid=1679157628689%3A1679157629883%3A3%3A42d175979b63d47423f74875301e976f;visible=true;_=0.4945579374424749;e=RT/load;et=1679157629882

Requested by

Host: firststeps.ru
URL: https://firststeps.ru/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:29 GMT
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length: 43
pragma: no-cache
amp-access-control-allow-source-origin: *
server: nginx
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: image/gif
access-control-allow-origin: *
accept-ch-lifetime: 86400
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: private, no-cache, no-store, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2EEA 14 KB
11 KB 62ms
62ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230315&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

80729beddfaf3e2724e2bfbaa0aa8d27ccf9d518a006e0124e1a967f8bf92254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11169
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2EEA 17 KB
6 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 18 Mar 2023 16:40:30 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3862 13 KB
5 KB 17ms
13ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://firststeps.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 23144
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 10:14:46 GMT
expires: Sun, 17 Mar 2024 10:14:46 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4680 783 B
1 KB 82ms
28ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d9083c72cfff666ad2a8dcac8ac28eff4cf686fc3dda04064ef62154bf3799f4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-oHHoZrn6uWH8Aa59JjonfQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://firststeps.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-oHHoZrn6uWH8Aa59JjonfQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 16:40:30 GMT
expires: Sat, 18 Mar 2023 16:40:30 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 3862 36 KB
14 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 10:13:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23229
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Mar 2024 10:13:21 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4680 0
0 48ms
48ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230315&jk=4100845726486903&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3862 0
10 B 13ms
12ms Image
text/plain 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ze85Rw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 16:40:30 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2EEA 0
0 71ms
71ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230315&jk=4100845726486903&bg=!7e6l7rrNAAZEjmHWZI47ADkAdvg8WhRDKDBva0AUmbiqS46EAWw_agz_ebplCQt65H0olw5NhUVn5HFAQeLnl1yZKo56uyKH8UICAAAAblIAAAACaAEHCgB2l6l_4Ghy_s5gB59qoDU8OewwGHVFwx9PC5yfBkO6kMrIHtjwsiknPqMc3rVbrBIt8UA_X4HgVfonTdImz0kLpBYuVm9KAXHk2QYbuQzSk-nhHivmSXfa7li4rIax80KpfvKMIqadqwLfecBGWn9lNbYnNCg3iZkCtxR9gNHXX2c5lvFqh3-4hd23yhWGLCY_-YHQIU8NS2coEUN0fOpUeCtEYY5hiy3aaEqOZudcqICnYaNrRnyLPzSg6gjeb0iFK6Hlq1stGkZZ2Tp_SIwt8lZ5nyTl4w4H42mWshCaZsZ9Rfi5Xu1dYHha3WVxxTdFlsoNaMjcw1DsLp4piNZb4JDHz79Sc3nw4u096XFlTXKr_1ukuWegVVyECRPK2MnZU0Xd2DB0ske7rqU6VFpkeahYdqzVmOwJjLFxhqPH59hIc3zBE5uEKnOCfb07Er9Gru1jO_Hu5AbjSHtflW2LSJzZNq3k9eKRXTWtukQnn6hz8hybsHH4HJ-6_RkgGqeFt8cLMm4h3p-Ykuc8nE9xf7Ibs0W-lv5blxjaIBu4RbhDAGbwE4c6oNZHCF3xaUWkDKeuiG_L5gP7UjXJ57kWXI3KYxsSuE-_rJCVo0802smRn3R_NNH8Gb1mFBWPwvPKPgZiL73Cugo2yvX4D_SFzJSU-vodVDyOma7NB6OZSqH3WR35fRAahqBbc89uy7ahEdw1BuXV9gyJIrnK9iwgZhdIJr1uNeuChLID2z9rW6U_JzrC1_Pn3wJgMAyYXfro22nIKrAINvLhPmm2f7JU3qlFNHCstjVbZTsvtomeYtyWTwr8KhY0IccLXH-kNz-FmtyYZbHk-3dsLbVUlrQtGlDk6PgWT-7NrAXPMtfNeiwj9rmEkOzi4QkSS1e-TlUU_vv8qyQsOHYLB89pHsUMQ52Q1J-3imgbfNSbLxxw_rSEOZqq-x9t9gnOIfaNIviLYM0mfyeZCBjVJSb__u71RumAgaqwwVxdAmEsBKz3N4W139PXmf-0k7bzVz4ftfeDlOHV5sS_FqgpoSjjKoJ0_2FVtTe5FulUUnfUsLM23P5bR26MSP6X1X4hcIOgi4So
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://firststeps.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 77F4 42 B
64 B 50ms
50ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstvAi4EYNtwhFkyc3suU_hNklFLv7v84A37_GUx_ZM1zbkD36SaohTq7KAR_e8GogVNLmNZ08okcQxsd0MbGe65eZrLLMFfTfw32qSun4NoEFzZuZDsbSoYy83RqSGbDwrBNhd96A&sai=AMfl-YSNF36ujx4VEKnu4IxPe5Emp7NhsyhIcUCLv5zPSX9Lkf3iZY_5IwmVJWje2shlKBvCfYP-xDkcD8Qm&sig=Cg0ArKJSzHVFb8AWuKh8EAE&cid=CAQSGwDUE5ymquYHBW5ycNX4QIUPnBDcb0OUBMKlcBgB&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230315&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=748608210&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679157628900&rpt=933&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Mar 2023 16:40:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rambler.ru/	1970-01-20 20:01:57	Name: ruid Value: 1CIAAHzpFWQxJittAeJZ8gB=
.firststeps.ru/	1970-01-20 18:25:28	Name: tmr_lvid Value: 42d175979b63d47423f74875301e976f
.firststeps.ru/	1970-01-20 18:25:28	Name: tmr_lvidTS Value: 1679157628689
.firststeps.ru/	1970-01-20 19:47:33	Name: __gads Value: ID=3b564683336a1c35-22d582065fdd0085:T=1679157628:RT=1679157628:S=ALNI_MbyMD-1eK9O7hYdWuOoK8Vdrx6lKQ
.firststeps.ru/	1970-01-20 19:47:33	Name: __gpi Value: UID=00000bc81071583f:T=1679157628:RT=1679157628:S=ALNI_MYwj_285P3kk8BOO8LIOgr0qIQCQA
.doubleclick.net/	1970-01-20 19:47:33	Name: IDE Value: AHWqTUl0XEe8CLJ6S5fMo-l7yiSqvR2fKKS7Gl7i5pmJV0gQGbp1ULUDowTsFqR3zJA
.doubleclick.net/	1970-01-20 10:25:58	Name: test_cookie Value: CheckForPermission
.mail.ru/	1970-01-20 19:13:00	Name: VID Value: 2fbqAM0fJ0IG00000p1cP4IG:::0-0-0-930423c:CAASEHHSIuY26d34yH-EyzSDRcQaYHpsvinoF3xc11s-t2xs4MsyMRFdckmNS8yKj1vqu5U3COuIHBssMuzcVdjBITBwlRY2TEnO6Xkia72XBMy7gCDSrNcy_qrSxzFs2KxC0rdOY0Ys_HWN1fSBlYtTa2FPNQ
firststeps.ru/	1970-01-20 10:27:24	Name: tmr_detect Value: 0%7C1679157631013

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
counter.rambler.ru
firststeps.ru
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
static.doubleclick.net
top-fwz1.mail.ru
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.gstatic.com
2a00:1450:4001:801::2002
2a00:1450:4001:806::2003
2a00:1450:4001:810::2003
2a00:1450:4001:811::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::2002
2a00:1450:4001:827::2002
2a00:1450:4001:82b::2006
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2004
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
81.19.89.17
82.146.60.93
95.163.52.67
1f27cef2cdab4414f7ae523c7750967967ce9b313ee5c47d37cca22cb19f91ab
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116
2a80f7db966e5f579356c630a7f7521bf77821c4cd2ea27d2553bdbd9953c3c6
2c7dbbbe69bc7f1922d8133767d1931071bb2ac3e96c4d161862c4e8f952e5e0
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb
4bf074a3df683bfce4b1696fa1c2de2e04021c2e203167d96d07433d143afbab
505bddd9e4c1a6bee59ac37cad59fecaaf71678832312ae2f80ae8d9b001f0ec
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55fde6c047db9778c2759d56f7eee1cedee308ff390099971f06b9374580dda7
5f658fcb0d377cdd3f187973457b6dead2feb66e5dc5776abddefe6fdec523fe
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
650c23f94db739f87467458e1d7b657606e5100edfbf8aa269a441e521e70a8f
6a62abc449d6babe60b6c469cfe4b63bb75cac9788e9f40dad09dc7a0021b271
7157d26f3067dc7d90b2076a0d7181365046fbffe59447ed9cfae3d2aab6a5bf
73e2350294e349872c02379dbbe702b9ad6ba482358ba95335ebf57d998d79df
747fa07418f87a681ad185531d9b9cebdf948849ae2c8f0548d9e35d9c2844eb
80729beddfaf3e2724e2bfbaa0aa8d27ccf9d518a006e0124e1a967f8bf92254
86358469a3188d8dae051045546110638b6c55e8d4ff55859c381ac202ed4769
92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5
9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
ca5f2d1528dac98321fb658b4be737cebc3f99f282b46989fcbd29d032217c00
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d9083c72cfff666ad2a8dcac8ac28eff4cf686fc3dda04064ef62154bf3799f4
dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f960d8fd981bb5684f0b55f531c3d1918963cb87f2eacc21689139fb5cc698f9
fb7989597f1a10a56bd83de6a26eefec44a0c704979fb5e06f02195bc9cebfce

firststeps.ru Open in urlscan Pro 82.146.60.93 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

42 Requests

98 %HTTPS

80 %IPv6

11 Domains

15 Subdomains

16 IPs

2 Countries

610 kBTransfer

1662 kBSize

9 Cookies

0 Outgoing links

Page URL History

Redirected requests

42 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

firststeps.ru Open in urlscan Pro
82.146.60.93 Public Scan

Screenshot
Live screenshot

Full Image

42
Requests

98 %
HTTPS

80 %
IPv6

11
Domains

15
Subdomains

16
IPs

2
Countries

610 kB
Transfer

1662 kB
Size

9
Cookies

42 HTTP transactions
1 data transactions