chinas-lafa.ru Open in urlscan Pro
185.4.64.72 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.sale-aliexpress.ru/
Effective URL:
https://chinas-lafa.ru/
Submission: On March 21 via automatic, source certstream-suspicious (March 21st 2023, 5:48:02 am UTC) — Scanned from DE

Summary HTTP 226 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 26 IPs in 10 countries across 31 domains to perform 226 HTTP transactions. The main IP is 185.4.64.72, located in Moscow, Russian Federation and belongs to RECONN, RU. The main domain is chinas-lafa.ru.
TLS certificate: Issued by R3 on February 20th 2023. Valid for: 3 months.

This is the only time chinas-lafa.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	45.130.41.10 45.130.41.10	198610 (BEGET-AS) (BEGET-AS)
39	185.4.64.72 185.4.64.72	12722 (RECONN) (RECONN)
5	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
44	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
5 13	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
7	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
35	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
6 17	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	185.89.210.244 185.89.210.244	29990 (ASN-APPNEX) (ASN-APPNEX)
2	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	104.111.217.42 104.111.217.42	16625 (AKAMAI-AS) (AKAMAI-AS)
18	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
2	2a02:fa8:8806... 2a02:fa8:8806:20::2010	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1 1	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	2a05:d018:d29... 2a05:d018:d29:3605:209d:be7a:13db:f2df	16509 (AMAZON-02) (AMAZON-02)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	46.228.164.11 46.228.164.11	56396 (AMOBEE) (AMOBEE)
1	2620:116:800d... 2620:116:800d:21:7eb1:3826:be7e:d981	16509 (AMAZON-02) (AMAZON-02)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2 2	213.155.156.165 213.155.156.165	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1 1	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
4	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2	141.101.90.96 141.101.90.96	13335 (CLOUDFLAR...) (CLOUDFLARENET)
226	26

2 45.130.41.10 (Russian Federation) 2 redirects

ASN198610 (BEGET-AS, RU)

www.sale-aliexpress.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aliexpress-lafa.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 185.4.64.72 (Moscow, Russian Federation)

ASN12722 (RECONN, RU)
PTR: valletta.coulated.eu

chinas-lafa.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a02:6b8::1:119 (Moscow, Russian Federation) 5 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 142.250.186.162 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.210.244 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.217.42 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-42.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:20::2010 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.62.186 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3605:209d:be7a:13db:f2df (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.228.164.11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:7eb1:3826:be7e:d981 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.165 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-165.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.75.86.98 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.101.90.96 (United States)

ASN13335 (CLOUDFLARENET, US)

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
79	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 134	658 KB
39	doubleclick.net 6 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 32 cm.g.doubleclick.net — Cisco Umbrella Rank: 210 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 310	209 KB
39	chinas-lafa.ru chinas-lafa.ru	555 KB
18	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 272	682 KB
13	gstatic.com fonts.gstatic.com www.gstatic.com	163 KB
10	yandex.com 3 redirects mc.yandex.com — Cisco Umbrella Rank: 9360	3 KB
7	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 68 www.google.com — Cisco Umbrella Rank: 2	2 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 185	291 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34	4 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 524	3 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 214	3 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 8720	861 B
3	yandex.ru 2 redirects mc.yandex.ru — Cisco Umbrella Rank: 3749	73 KB
2	o2online.de portal.o2online.de — Cisco Umbrella Rank: 50195	1 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4624	655 B
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 770 r.turn.com — Cisco Umbrella Rank: 3354	869 B
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 717	1 KB
2	yahoo.com 2 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 439	1 KB
2	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2706	207 B
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1230	344 B
2	openx.net us-u.openx.net — Cisco Umbrella Rank: 420	418 B
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 706	340 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 31897	613 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 649	465 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 1500	173 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 295	265 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 736	712 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 595	542 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 860	607 B
1	aliexpress-lafa.ru 1 redirects aliexpress-lafa.ru	137 B
1	sale-aliexpress.ru 1 redirects www.sale-aliexpress.ru	111 B
226	31

	Domain	Requested by
44	pagead2.googlesyndication.com	chinas-lafa.ru pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com s0.2mdn.net
39	chinas-lafa.ru	chinas-lafa.ru
35	tpc.googlesyndication.com	googleads.g.doubleclick.net chinas-lafa.ru tpc.googlesyndication.com s0.2mdn.net pagead2.googlesyndication.com
18	s0.2mdn.net	chinas-lafa.ru s0.2mdn.net
18	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net chinas-lafa.ru
17	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
10	mc.yandex.com	3 redirects chinas-lafa.ru mc.yandex.ru
7	fonts.gstatic.com	fonts.googleapis.com
6	www.gstatic.com	googleads.g.doubleclick.net
6	www.googletagservices.com	googleads.g.doubleclick.net
5	fonts.googleapis.com	chinas-lafa.ru googleads.g.doubleclick.net
4	googleads4.g.doubleclick.net	chinas-lafa.ru
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	mc.yandex.ru	2 redirects chinas-lafa.ru
2	portal.o2online.de
2	d5p.de17a.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	pr-bh.ybp.yahoo.com	2 redirects
2	dclk-match.dotomi.com	googleads.g.doubleclick.net
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
1	onetag-sys.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	r.turn.com
1	ad.turn.com	1 redirects
1	tr.blismedia.com	googleads.g.doubleclick.net
1	match.adsrvr.org	googleads.g.doubleclick.net
1	um.simpli.fi	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	aliexpress-lafa.ru	1 redirects
1	www.sale-aliexpress.ru	1 redirects
226	37

This site contains links to these domains. Also see Links.

Domain
dassdg.ru

Subject Issuer	Validity	Valid
chinas-lafa.ru R3	`2023-02-20` - `2023-05-21`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-03-17` - `2023-08-27`	5 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-02-21` - `2023-05-22`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-02-12` - `2023-05-13`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-27` - `2024-02-26`	a year	crt.sh

This page contains 25 frames:

Primary Page: https://chinas-lafa.ru/
Frame ID: 7CC4952948D9EB839D27D8F9EA2EF63F
Requests: 77 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20190131/zrt_lookup.html
Frame ID: 9AD5E29DF652C4C8D5CE6A998F8D7905
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&adk=1812271804&adf=3025194257&lmt=1679366080&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x810_l%7C212x810_r&format=0x0&url=https%3A%2F%2Fchinas-lafa.ru%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377676149&bpp=6&bdt=533&idt=158&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4733014202115&frm=20&pv=2&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=180
Frame ID: C7C2019E06DB235EE3962AC308FB5428
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=280&adk=2801298807&adf=2498843383&pi=t.aa~a.1647758531~rp.1&w=1090&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=1090x280&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377676155&bpp=2&bdt=540&idt=181&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=255&ady=241&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WYoxzWmJ79&p=https%3A//chinas-lafa.ru&dtd=186
Frame ID: D2E09E56383C10786FDF33DF8E20605E
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=2562254491&adf=1605564971&pi=t.aa~a.3108187763~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=-M&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280&nras=3&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=koPFbdLr6Z&p=https%3A//chinas-lafa.ru&dtd=9
Frame ID: 5B013A62996EF995E160AA6954D82869
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=3254586875&adf=2788751979&pi=t.aa~a.3650758574~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=1&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280%2C300x600&nras=4&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2817&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=bkIEeJuSsf&p=https%3A//chinas-lafa.ru&dtd=15
Frame ID: DFCBC8F2913C54EC7906ACDEAFA34C37
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
Frame ID: DFFD52991C0D0BFA0207D0B187832F53
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
Frame ID: 0CF880361BDC967C4CA5049C65989859
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
Frame ID: CA64B2E125CB5E03468E7A3A006F0321
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js
Frame ID: 5EB8D23153774DF015D51699DAA3560B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F52169193DC55BE776EB074E5697AEFF
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiMp4PjATAB&v=APEucNW_8s6Bs05fTZbhl4YfGxmYxubT4D3UEtSiwkiMAG7PhQQMjw7wf_GJOQeHCfaiqAPaK6hGpeo331TL4Pz_LckpFJrQ78uf9cGRAw8EytUGWOiH-Ucw_XS7L0OX6-ADPHVNn-3MW2oXK1be6mmnUGuLIpLCpihRCsJxKqOLtYTJ95Lb8VQ
Frame ID: FE7C42BBFCD1A1A4EB98C2E9290CC054
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiMp4PjATAB&v=APEucNUOjKJIBrGeHrGdMRc-67ihgiTenjRpx7_kaXXAJ3RkKrng1vJILZ752FibCgiNoL4jOdkFAZtd0AQiVK2suiMQWr3ZViONbePspbjdTG9B1_ApocH7WpfyMC2ZLqz5yHK9VFU9upXCpqmpJGysDFzbUo_v1TFskV17n3UGWVFg0ioZYoA
Frame ID: 542E7DC3084E147711B114EA5B312B56
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js
Frame ID: E4B25CA11DE3D7BFF6AFB4E315AFB082
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js
Frame ID: 44BFAC8C28D8790ECA18A349585094AD
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4184BB8BEA324D532BCACE5669CC7322
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4B6B329C41CBCE4E93B42CBABC3D8704
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D6B276B5B177F21EAA2A82F5BC9F4589
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 80148A127CB20F22B5DC57281EE120F3
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=fncDBViWvO&t=1&renderingType=2&ev=01_247
Frame ID: F052384797E8D7C510CE685BE6954F9E
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=YbDXC8TdOZ&t=1&renderingType=2&ev=01_247
Frame ID: 4629A58910945E79018020032BE443F7
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js
Frame ID: FC1E4D5C33175F8963B4954D12974E13
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: AB24BC91D372DE17EC85DD2C2E7A2213
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0582407A1A622EFBB479A90E39971CEB
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js
Frame ID: CFC4457A765217F86B829B1C63B8D4DD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Алиэкспресс на русском — сайт помощи покупателям

Page URL History Show full URLs

https://www.sale-aliexpress.ru/ HTTP 301
https://chinas-lafa.ru/ Page URL

Detected technologies

WooCommerce (Ecommerce) Expand

Overall confidence: 100%
Detected patterns

/woocommerce(?:\.min)?\.js(?:\?ver=([0-9.]+))?

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

226
Requests

92 %
HTTPS

45 %
IPv6

31
Domains

37
Subdomains

26
IPs

10
Countries

2645 kB
Transfer

6435 kB
Size

33
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://dassdg.ru/index.php?devid=newali2
Title: <img class="aligncenter wp-image-24449 size-full" src="https://chinas-lafa.ru/wp-content/uploads/2020/10/hb305ef3fd434437c8e75007ad24a7529r.png" alt="" width="300" height="209" />

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.sale-aliexpress.ru/ HTTP 301
https://chinas-lafa.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://aliexpress-lafa.ru/wp-content/uploads/2018/12/backly.png HTTP 301
https://chinas-lafa.ru/wp-content/uploads/2018/12/backly.png

Request Chain 61

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9949.s3WNqgX8edsWbWJFh_kQw74fX8aqE3TOGZL8-RaNwuOL2f0L9pp1U9guITWjWTz2.qshGngOpdFU30fwBKMkNuHXN-vg%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9949.JVFCCYCxDu-kTvXrKJAyH-oDKLpczK_CNQXu3Qj6Rag5a5e_HInwli1q45Er_jzB2TwehQbW7NuTdvLxwY7koOnQ14NQ5sKCkprCnYIylbE%2C.BeU_kRXS1UjduGUfvhGkUV9XVbo%2C

Request Chain 63

https://mc.yandex.com/watch/61048837?wmode=7&page-url=https%3A%2F%2Fchinas-lafa.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A1l9q8t2xwu9apk6vq4sag7%3Afp%3A1279%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A287608846930%3Ahid%3A75407273%3Az%3A0%3Ai%3A20230321054756%3Aet%3A1679377676%3Ac%3A1%3Arn%3A595402844%3Arqn%3A1%3Au%3A1679377676750420579%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A207%2C171%2C167%2C1%2C389%2C0%2C%2C325%2C0%2C%2C%2C%2C1314%3Aco%3A0%3Acpf%3A1%3Ans%3A1679377674680%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1679377677%3At%3A%D0%90%D0%BB%D0%B8%D1%8D%D0%BA%D1%81%D0%BF%D1%80%D0%B5%D1%81%D1%81%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%E2%80%94%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BF%D0%BE%D0%BC%D0%BE%D1%89%D0%B8%20%D0%BF%D0%BE%D0%BA%D1%83%D0%BF%D0%B0%D1%82%D0%B5%D0%BB%D1%8F%D0%BC&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(2) HTTP 302
https://mc.yandex.com/watch/61048837/1?wmode=7&page-url=https%3A%2F%2Fchinas-lafa.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A1l9q8t2xwu9apk6vq4sag7%3Afp%3A1279%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A287608846930%3Ahid%3A75407273%3Az%3A0%3Ai%3A20230321054756%3Aet%3A1679377676%3Ac%3A1%3Arn%3A595402844%3Arqn%3A1%3Au%3A1679377676750420579%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A207%2C171%2C167%2C1%2C389%2C0%2C%2C325%2C0%2C%2C%2C%2C1314%3Aco%3A0%3Acpf%3A1%3Ans%3A1679377674680%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1679377677%3At%3A%D0%90%D0%BB%D0%B8%D1%8D%D0%BA%D1%81%D0%BF%D1%80%D0%B5%D1%81%D1%81%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%E2%80%94%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BF%D0%BE%D0%BC%D0%BE%D1%89%D0%B8%20%D0%BF%D0%BE%D0%BA%D1%83%D0%BF%D0%B0%D1%82%D0%B5%D0%BB%D1%8F%D0%BC&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29

Request Chain 64

https://mc.yandex.com/sync_cookie_image_check_secondary HTTP 302
https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=9949.NDDof4Jo0djuqvjy-JMhaXy9_ZDfDHXIzHm9TKNv8smSDbJ85GCrGA5j7nF8NP1H.NG61nbBkeyZDL2G8JcAD3nLy3-s%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide_secondary?token=9949.9ptj3YC-pYMNDMYmxQvM_6D_ZfuSjr2i-uNeCuC4ymmQPbKYVb7dwd2c0luHQi3hRADrQOMMVlLzhxOzEqt32p4M73s9vPTt7vZldNkCRFo%2C.l_ZfR7Cj_UaG9xGU8ZwdzTnt6o0%2C

Request Chain 145

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIttrwGvM7dEo_oj8nt8V-k&google_cver=1

Request Chain 146

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZBlFDdSvGZvsBihS.Glw9wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIttrwGvM7dEo_oj8nt8V-k&google_cver=1&google_hm=2

Request Chain 147

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDaCILX4EGK8lRjya9XVCoM&google_cver=1

Request Chain 148

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODk1MzM5Mzk5MDcyNzg1NzQxNA%3D%3D

Request Chain 149

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 156

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOSLNWj-kYVR8KFndV-17O8&google_cver=1

Request Chain 158

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESENosRxCZcMUbq7WVAy12IOw&google_cver=1

Request Chain 177

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEAbPkk72gCJUNHFujlRJdyo&google_cver=1&google_push=Aa02lx-PKjsraNlchv_TAje_TTLenPtFFLs-DwvKQ5agO2nRsTdnXm3IdoBmMQLf4pi3I-TAJp_37xOr5uPKU-QCWbyNZw6xCRBr HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAbPkk72gCJUNHFujlRJdyo&google_push=Aa02lx-PKjsraNlchv_TAje_TTLenPtFFLs-DwvKQ5agO2nRsTdnXm3IdoBmMQLf4pi3I-TAJp_37xOr5uPKU-QCWbyNZw6xCRBr

Request Chain 178

https://um.simpli.fi/gp_match?google_gid=CAESEBeMB8Eeq29Eyyxuu9Kk-3c&google_cver=1&google_push=Aa02lx920mNw1Lqm1vwa7g5DSYBx0Ote6ffWQPhWK0bJ33L-oYp5lrAY9HQN7tgUU-kdIg2mcMpx-B8exV0J5S7n5asI41dmWPFg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E0FEDC37CFE14E0EB1722EBAFC56A17D&google_push=Aa02lx920mNw1Lqm1vwa7g5DSYBx0Ote6ffWQPhWK0bJ33L-oYp5lrAY9HQN7tgUU-kdIg2mcMpx-B8exV0J5S7n5asI41dmWPFg

Request Chain 181

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEB9XyF_lSamEh2zFef3ZeH8&google_cver=1&google_push=Aa02lx-13wZ4Z-x4vgqJVryxVqBSSSfhp4N5e6LzK2gTDSuJFaSDgD0GiEqMeCjriw7-lnhDZmFsWmhVTFuMjKuD14J82Y9JSKSI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx-13wZ4Z-x4vgqJVryxVqBSSSfhp4N5e6LzK2gTDSuJFaSDgD0GiEqMeCjriw7-lnhDZmFsWmhVTFuMjKuD14J82Y9JSKSI&google_hm=eS1kN2dMeDdwRTJwRVBlYXZUSGlNa0ppblRXN2dZakRBOX5B

Request Chain 182

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEDx7PLEUjS-zO-RVcw7RF6w&google_cver=1&google_push=Aa02lx-LTQnU3MpqYxNtiqmIRcslnRJEqFUptnZmEyqm1CwCUm29k61AJfKWjMT21MuYrdVn5i6slj0IM3_pfj2stDMFjzBJpsg HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEDx7PLEUjS-zO-RVcw7RF6w&google_cver=1&google_push=Aa02lx-LTQnU3MpqYxNtiqmIRcslnRJEqFUptnZmEyqm1CwCUm29k61AJfKWjMT21MuYrdVn5i6slj0IM3_pfj2stDMFjzBJpsg&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XV0kfaRlQ9afwK4Qy10TeQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx-LTQnU3MpqYxNtiqmIRcslnRJEqFUptnZmEyqm1CwCUm29k61AJfKWjMT21MuYrdVn5i6slj0IM3_pfj2stDMFjzBJpsg

Request Chain 185

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENnO-66jX125GGNv2xWB34Q&google_cver=1&google_push=Aa02lx_YT6K857BwsaEDnvNPl92CDJWy3P9gFHSSjnzuW-z61MTr41TiYGufPUS5vkEk1ZARAFSygepIjkDHq17aQPUbPFlAqVBN9dg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjU0NTE0NDQ2ODk3NjczNzQ1OQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENnO-66jX125GGNv2xWB34Q&google_cver=1

Request Chain 188

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEBeZUtXB71clq5B8eEp09_I&google_cver=1&google_push=Aa02lx85gOLH_ek1JTaB2ZV49ioUYojfQXM5zO0CY9hWEPi_kGNMGXxCETnGN6EKblGcq1d2qZkF8qK-TluuClBPaICbV2Z6kUnigZYz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx85gOLH_ek1JTaB2ZV49ioUYojfQXM5zO0CY9hWEPi_kGNMGXxCETnGN6EKblGcq1d2qZkF8qK-TluuClBPaICbV2Z6kUnigZYz&google_hm=SlQZohWMQkS4oIkL0DMPUms

Request Chain 189

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEB9XyF_lSamEh2zFef3ZeH8&google_cver=1&google_push=Aa02lx9kVTVNsmB_6IvoIPYZWwbCnsA099BFDNKKcF3Zwk7oAQhRRpzKdF4w_SUcI6Wd1ZLTL4VyHlVDsmp9BeSTM2hgaqhTIZMZ0Qyk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx9kVTVNsmB_6IvoIPYZWwbCnsA099BFDNKKcF3Zwk7oAQhRRpzKdF4w_SUcI6Wd1ZLTL4VyHlVDsmp9BeSTM2hgaqhTIZMZ0Qyk&google_hm=eS0zZ1J0MEpoRTJwRWl1SVBheDRiYUlXWUc2dmxRZ0tpNn5B

Request Chain 190

https://d5p.de17a.com/cookies/google?google_gid=CAESEDq6cISFwB5hkxg4rSSjimg&google_cver=1&google_push=Aa02lx-fdmYL61bs9BPDBsqUpQK9-WbsqAYW3ZUKLWk8RSgY377eBR9kXPGsOfl4qXCGUsdQMbaVcOxs8x5VG2ropjdt9yV920WuZ9Rs HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEDq6cISFwB5hkxg4rSSjimg&google_cver=1&google_push=Aa02lx-fdmYL61bs9BPDBsqUpQK9-WbsqAYW3ZUKLWk8RSgY377eBR9kXPGsOfl4qXCGUsdQMbaVcOxs8x5VG2ropjdt9yV920WuZ9Rs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx-fdmYL61bs9BPDBsqUpQK9-WbsqAYW3ZUKLWk8RSgY377eBR9kXPGsOfl4qXCGUsdQMbaVcOxs8x5VG2ropjdt9yV920WuZ9Rs

Request Chain 191

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEKCQJ_x6giJtMoJ1sU1N9LY&google_cver=1&google_push=Aa02lx_hhscZIbFRrnPFZT7rd8nYHBeFjq9fDFx52t8QpCMW9aWJpxuLPbh9WOk4MQk0cFpJtS8k9RjpIneXs_uN3AslnEQsHfsPj67H HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx_hhscZIbFRrnPFZT7rd8nYHBeFjq9fDFx52t8QpCMW9aWJpxuLPbh9WOk4MQk0cFpJtS8k9RjpIneXs_uN3AslnEQsHfsPj67H

226 HTTP transactions
17 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
chinas-lafa.ru/
Redirect Chain

https://www.sale-aliexpress.ru/
https://chinas-lafa.ru/

116 KB
19 KB

545ms
167ms

Document
text/html

185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 4ab434331df382556bb4eb595304b314192a110da9dc1e09864bcba1e81201d8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Tue, 21 Mar 2023 02:34:40 GMT
server: nginx
vary: Accept-Encoding

Redirect headers

content-length: 317
content-type: text/html; charset=iso-8859-1
date: Tue, 21 Mar 2023 05:47:54 GMT
location: https://chinas-lafa.ru/
server: nginx-reuseport/1.21.1

GET
H2 200 wc-blocks-vendors-style-5879503df6db87473470b138e49fcc23.css
chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/ 10 KB
2 KB 84ms
80ms Stylesheet
text/css 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style-5879503df6db87473470b138e49fcc23.css
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 4a25eb6972f4a513da7ead5d8c0f74832ed42b1ae5e1f13ed3ea36f0865a59c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Thu, 26 Jan 2023 15:15:12 GMT
server: nginx
etag: W/"63d29900-28c3"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wc-blocks-style-5b82df54451145d470af4e7c2a8548fa.css
chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/ 239 KB
24 KB 93ms
89ms Stylesheet
text/css 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style-5b82df54451145d470af4e7c2a8548fa.css
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 9cab18dfde5e759ec0150d15909fed33098e3998dbdb6c6c3f2e680eaf42a236

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Thu, 26 Jan 2023 15:15:12 GMT
server: nginx
etag: W/"63d29900-3ba31"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 classic-themes.min.css
chinas-lafa.ru/wp-includes/css/ 217 B
391 B 95ms
91ms Stylesheet
text/css 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-includes/css/classic-themes.min.css
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Sat, 14 Jan 2023 05:35:59 GMT
server: nginx
etag: "63c23f3f-d9"
content-type: text/css
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 217
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 styles-6b41df7c82e49d100abdba2f1bceb370.css
chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/css/ 2 KB
1 KB 95ms
91ms Stylesheet
text/css 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/css/styles-6b41df7c82e49d100abdba2f1bceb370.css
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 76ae9cfefc587779be483adfc76d0d3406e5bcef31c2005dac224bd5e1079841

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Thu, 26 Jan 2023 15:15:12 GMT
server: nginx
etag: W/"63d29900-8f8"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 styles.min.css
chinas-lafa.ru/wp-content/plugins/expert-review/assets/public/css/ 100 KB
10 KB 173ms
169ms Stylesheet
text/css 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/plugins/expert-review/assets/public/css/styles.min.css
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: a980b0b6b4b4f9cfdb443b03cc7d00e2a9ace7bbbb5c3d1bbd1064ec80339a59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Thu, 26 Aug 2021 16:38:41 GMT
server: nginx
etag: W/"6127c391-18fef"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 woocommerce-layout-d3556967b5f2a3743d20361bd65d4544.css
chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/woocommerce/assets/css/ 17 KB
3 KB 173ms
170ms Stylesheet
text/css 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/woocommerce/assets/css/woocommerce-layout-d3556967b5f2a3743d20361bd65d4544.css
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: d1d3bda3abb4a198ac62f317ba910adede1affc22020165d7f2919a46f6c481f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Thu, 26 Jan 2023 15:15:12 GMT
server: nginx
etag: W/"63d29900-458f"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 woocommerce-smallscreen-831476ff0ea4ff5ecffe89b7180c7688.css
chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/woocommerce/assets/css/ 7 KB
1 KB 174ms
171ms Stylesheet
text/css 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen-831476ff0ea4ff5ecffe89b7180c7688.css
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 3ddf90d6f5bc7849f1b0840de0475a0506924a1c770f325934f5ea8a87e270a7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Thu, 26 Jan 2023 15:15:12 GMT
server: nginx
etag: W/"63d29900-1b81"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 woocommerce-6b8fcf5dd8d28739be6aae0448496d31.css
chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/woocommerce/assets/css/ 62 KB
9 KB 174ms
171ms Stylesheet
text/css 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/woocommerce/assets/css/woocommerce-6b8fcf5dd8d28739be6aae0448496d31.css
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 4ba56e2af3a3cfc4a267c21e8b77e1e6f5d34b3c663be871eb8b1dd9d4094607

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Thu, 26 Jan 2023 15:15:12 GMT
server: nginx
etag: W/"63d29900-f8fd"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wpp-3d9c41dcd095c9b189c9b9db243a4ccd.css
chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/wordpress-popular-posts/assets/css/ 292 B
466 B 174ms
171ms Stylesheet
text/css 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/wordpress-popular-posts/assets/css/wpp-3d9c41dcd095c9b189c9b9db243a4ccd.css
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 6b67b2995f11a31d6c53e0b447c49c7db7e40a771a18eadeb8f8f5720fa78327

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Thu, 26 Jan 2023 15:15:12 GMT
server: nginx
etag: "63d29900-124"
content-type: text/css
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 292
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 154ms
49ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C400i%2C700&subset=cyrillic&display=swap

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4088c4396769f8eda76e6f28917417d031b5d62da99e90135de61cefa16dfafa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 21 Mar 2023 04:00:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 21 Mar 2023 05:47:55 GMT

GET
H2 200 style.min.css
chinas-lafa.ru/wp-content/themes/root/assets/css/ 163 KB
33 KB 174ms
172ms Stylesheet
text/css 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/themes/root/assets/css/style.min.css
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: bb634caf818dca49be8d3dc845f77ddd0b9b7871f3d3184a0e9a110bb45b8e9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 14 Jan 2023 06:41:27 GMT
server: nginx
etag: W/"63c24e97-28a9a"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 app-5b1b611d9890590e817c782ca7274fc4.css
chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/simple-lightbox/client/css/ 230 B
404 B 175ms
172ms Stylesheet
text/css 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/cache/min/1/wp-content/plugins/simple-lightbox/client/css/app-5b1b611d9890590e817c782ca7274fc4.css
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: a72972ba5538156db48b6714082da0291d6098067f3d652ca9cc5dcd4ca3485f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Thu, 26 Jan 2023 15:15:12 GMT
server: nginx
etag: "63d29900-e6"
content-type: text/css
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 230
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
chinas-lafa.ru/wp-content/plugins/wp-coupons-and-deals/assets/css/dist/ 71 KB
11 KB 175ms
173ms Stylesheet
text/css 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/plugins/wp-coupons-and-deals/assets/css/dist/style.min.css
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 798b29407614413f2456386987e82e4f090d486596674d35e7f163beb9102935

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 14 Jan 2023 05:38:58 GMT
server: nginx
etag: W/"63c23ff2-11a9e"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
chinas-lafa.ru/wp-content/themes/root_child/ 266 B
440 B 175ms
173ms Stylesheet
text/css 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/themes/root_child/style.css
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 052896930d987cb9c366d2fadbd2e8744cf4d5939d2e947f2047fdb64aabf620

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Sat, 19 Feb 2022 07:31:12 GMT
server: nginx
etag: "62109cc0-10a"
content-type: text/css
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 266
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
chinas-lafa.ru/wp-includes/js/jquery/ 88 KB
30 KB 176ms
174ms Script
application/javascript 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-includes/js/jquery/jquery.min.js
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 14 Jan 2023 05:35:59 GMT
server: nginx
etag: W/"63c23f3f-15e54"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wpp.min.js Show response
chinas-lafa.ru/wp-content/plugins/wordpress-popular-posts/assets/js/ 3 KB
2 KB 83ms
80ms Script
application/javascript 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 9a3d1f5824ad4bd991a67acab64088920e43d25545ca6b4cb78736dc35b696a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 17 Sep 2022 17:01:06 GMT
server: nginx
etag: W/"6325fd52-bd7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 main.js Show response
chinas-lafa.ru/wp-content/plugins/wp-coupons-and-deals/assets/js/ 31 KB
6 KB 85ms
82ms Script
application/javascript 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/plugins/wp-coupons-and-deals/assets/js/main.js
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 7743f39ddc516c5d0540ce147ac3ba086974ec1dda39ef4fbb87b3a7915fb021

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 14 Jan 2023 05:38:58 GMT
server: nginx
etag: W/"63c23ff2-7cee"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fontawesome-webfont.ttf
chinas-lafa.ru/wp-content/themes/root/fonts/ 162 KB
162 KB 176ms
174ms Font
application/octet-stream 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/themes/root/fonts/fontawesome-webfont.ttf
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: aa58f33f239a0fb02f5c7a6c45c043d7a9ac9a093335806694ecd6d4edc0d6a8

Request headers

Referer: https://chinas-lafa.ru/
Origin: https://chinas-lafa.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Sat, 14 Jan 2023 06:41:27 GMT
server: nginx
accept-ranges: bytes
etag: "63c24e97-286ac"
content-length: 165548
content-type: application/octet-stream

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
48 KB 179ms
80ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a1ec18f222d82f28b5e6614fb3f68b6aaa1cdf0c70c17d63a59b089b91abf1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48923
x-xss-protection: 0
server: cafe
etag: 3296334842195324014
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 05:47:56 GMT

GET
H2 200 fontawesome-webfont.woff2
chinas-lafa.ru/wp-content/themes/root/fonts/ 75 KB
76 KB 176ms
175ms Font
font/woff2 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/themes/root/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://chinas-lafa.ru/
Origin: https://chinas-lafa.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Sat, 14 Jan 2023 06:41:27 GMT
server: nginx
accept-ranges: bytes
etag: "63c24e97-12d68"
content-length: 77160
content-type: font/woff2

GET
H2 200 index.js Show response
chinas-lafa.ru/wp-content/plugins/contact-form-7/includes/swv/js/ 10 KB
3 KB 86ms
83ms Script
application/javascript 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/plugins/contact-form-7/includes/swv/js/index.js
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 23bb39b607b39a93d953762d2a618a3cbc69c52ceaf70d96890137ca1d2b0228

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 14 Jan 2023 06:30:38 GMT
server: nginx
etag: W/"63c24c0e-2945"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 index.js Show response
chinas-lafa.ru/wp-content/plugins/contact-form-7/includes/js/ 12 KB
4 KB 87ms
85ms Script
application/javascript 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/plugins/contact-form-7/includes/js/index.js
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: f84293668b02b8c83c20c5c2cf51f8a5a64ac5a15d34be26c85382496b107700

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 14 Jan 2023 06:30:38 GMT
server: nginx
etag: W/"63c24c0e-316c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 scripts.min.js Show response
chinas-lafa.ru/wp-content/plugins/expert-review/assets/public/js/ 12 KB
4 KB 89ms
87ms Script
application/javascript 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/plugins/expert-review/assets/public/js/scripts.min.js
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 68d17341a90b4af7400a9096afe504bf2d21bf378c5f3e594436dbba105afe84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Thu, 26 Aug 2021 16:38:41 GMT
server: nginx
etag: W/"6127c391-2f87"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.blockUI.min.js Show response
chinas-lafa.ru/wp-content/plugins/woocommerce/assets/js/jquery-blockui/ 9 KB
4 KB 90ms
88ms Script
application/javascript 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 18336635cd5e9edf2aff3ae18b67250684311c2a459457091b063dafba57d526

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 14 Jan 2023 05:38:40 GMT
server: nginx
etag: W/"63c23fe0-2521"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js.cookie.min.js Show response
chinas-lafa.ru/wp-content/plugins/woocommerce/assets/js/js-cookie/ 2 KB
1 KB 91ms
89ms Script
application/javascript 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 14 Jan 2023 05:38:40 GMT
server: nginx
etag: W/"63c23fe0-72a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 woocommerce.min.js Show response
chinas-lafa.ru/wp-content/plugins/woocommerce/assets/js/frontend/ 2 KB
989 B 91ms
89ms Script
application/javascript 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: a256fccecac3b32ab73c91d79a18747519a1a18023be05465c933b03523a82e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 14 Jan 2023 05:38:40 GMT
server: nginx
etag: W/"63c23fe0-85b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cart-fragments.min.js Show response
chinas-lafa.ru/wp-content/plugins/woocommerce/assets/js/frontend/ 3 KB
1 KB 92ms
90ms Script
application/javascript 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 2d022db650d194d935faea46a40e5512235b43bc3f8b181e32ce6d3dd745f4e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 14 Jan 2023 05:38:40 GMT
server: nginx
etag: W/"63c23fe0-b7a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 scripts.min.js Show response
chinas-lafa.ru/wp-content/themes/root/assets/js/ 7 KB
3 KB 92ms
91ms Script
application/javascript 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/themes/root/assets/js/scripts.min.js
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 68babdfc4950d6f622a966498dbe69a5d2c99665f0388af533848f4f7c165cb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 14 Jan 2023 06:41:27 GMT
server: nginx
etag: W/"63c24e97-1d5e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 clipboard.min.js Show response
chinas-lafa.ru/wp-includes/js/ 9 KB
3 KB 93ms
92ms Script
application/javascript 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-includes/js/clipboard.min.js
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 700c8bd73d93522ca53cdc35e2a71e96caf7c344bc7a8391f3af90c10b917033

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 14 Jan 2023 05:35:59 GMT
server: nginx
etag: W/"63c23f3f-2331"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lazyload.min.js Show response
chinas-lafa.ru/wp-content/plugins/wp-rocket/assets/js/lazyload/12.0/ 5 KB
2 KB 94ms
92ms Script
application/javascript 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/wp-content/plugins/wp-rocket/assets/js/lazyload/12.0/lazyload.min.js
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 1e3bbf2a6d9503811213baca9f5e309618ca968136199ca532a0a5167c0b0f1c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
content-encoding: gzip
last-modified: Sat, 17 Jul 2021 07:07:59 GMT
server: nginx
etag: W/"60f281cf-15d1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1259e384f61c72a215e1c9b25c3cbc9d42d98c7ac4cb2fb290fc34ab6cc58bd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43f9c247438df69c6c2bc91f8267dde1862558c1032a04148838e324fb42f7e1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7be2fc598e2bb1478e0800c4af94de1811ce909e79b9ef67324b51843073aafb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ae732203f63d8eec2a0f935869470b71b5644926c8d13d898ec7dd109918dc4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 211 KB
73 KB 319ms
148ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

8121f170870193846463a78fa548049a57646e1d4eaa36cf33f6e8aa5f8f2d1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Mon, 20 Mar 2023 09:05:34 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "6417f7ae-120bb"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 73915
expires: Tue, 21 Mar 2023 06:47:56 GMT

GET
H2

200

backly.png
chinas-lafa.ru/wp-content/uploads/2018/12/
Redirect Chain

https://aliexpress-lafa.ru/wp-content/uploads/2018/12/backly.png
https://chinas-lafa.ru/wp-content/uploads/2018/12/backly.png

8 KB
8 KB

81ms
80ms

Image
image/png

185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chinas-lafa.ru/wp-content/uploads/2018/12/backly.png
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 18d776fb6668d0ef688694a98545815994f4308db2cd10a7ea1649de0dc28f35

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:56 GMT
last-modified: Mon, 16 Mar 2020 11:18:27 GMT
server: nginx
etag: "5e6f6083-20a7"
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 8359
expires: Thu, 31 Dec 2037 23:55:55 GMT

Redirect headers

location: https://chinas-lafa.ru/wp-content/uploads/2018/12/backly.png
date: Tue, 21 Mar 2023 05:47:56 GMT
server: nginx-reuseport/1.21.1
content-length: 350
content-type: text/html; charset=iso-8859-1

GET
DATA 200
OK truncated
/ 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f64f60b60f581caadfa1cf9b012ca732c4f4a24c8475027e7b7a225f20ce4278

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 966 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2d6b8ecb2f70ad50610c2956c63e8b068d64b18b39ab2d3736fa5a81c8a2cac9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 541 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0cc98d8e92a98749ce2cc2ecfd5cba57cdffa8e04048f66785646ddd3a2d6f75

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2c52a5a147e63e95afb2e063a0af8dc27e920bb027b2b8b1ffe1867bc8fb5b3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
9 KB 140ms
50ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C400i%2C700&subset=cyrillic&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://chinas-lafa.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 16:23:53 GMT
x-content-type-options: nosniff
age: 480243
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9628
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 16:23:53 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 130ms
40ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C400i%2C700&subset=cyrillic&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://chinas-lafa.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 08:06:08 GMT
x-content-type-options: nosniff
age: 337308
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Mar 2024 08:06:08 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 178ms
88ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C400i%2C700&subset=cyrillic&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://chinas-lafa.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:05:36 GMT
x-content-type-options: nosniff
age: 402140
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 14:05:36 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
10 KB 162ms
81ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C400i%2C700&subset=cyrillic&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://chinas-lafa.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 01:23:47 GMT
x-content-type-options: nosniff
age: 534249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9644
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 01:23:47 GMT

POST
H2 200 / Show response
chinas-lafa.ru/ 260 B
406 B 199ms
198ms XHR
application/json 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to

Full URL: https://chinas-lafa.ru/?wc-ajax=get_refreshed_fragments
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/wp-includes/js/jquery/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 307a4591edefbe1dc23df1c2e891454e4e908b771d881f6cc3e19c54942bf575

Request headers

Accept: */*
Referer: https://chinas-lafa.ru/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:56 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 LafaLogo-e1546191454950.png
chinas-lafa.ru/wp-content/uploads/2018/12/ 2 KB
2 KB 81ms
81ms Image
image/png 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chinas-lafa.ru/wp-content/uploads/2018/12/LafaLogo-e1546191454950.png
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: a10283381ca468005bdfb498c8ee591c121f8b64a93eade5fdb762ca2ad8bd80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Mon, 16 Mar 2020 11:18:27 GMT
server: nginx
etag: "5e6f6083-653"
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 1619
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 screenshot_3-330x140.png
chinas-lafa.ru/wp-content/uploads/2021/10/ 27 KB
27 KB 83ms
82ms Image
image/png 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chinas-lafa.ru/wp-content/uploads/2021/10/screenshot_3-330x140.png
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 780d7ba204df4bf6e7eeac03ffd0c7520ee2113aa39fdd521f03c4909f8ff200

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Thu, 28 Oct 2021 05:47:02 GMT
server: nginx
etag: "617a3956-6c1b"
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 27675
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 hb305ef3fd434437c8e75007ad24a7529r.png
chinas-lafa.ru/wp-content/uploads/2020/10/ 42 KB
43 KB 83ms
83ms Image
image/png 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chinas-lafa.ru/wp-content/uploads/2020/10/hb305ef3fd434437c8e75007ad24a7529r.png
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: bc3d3b23ecf6cbb7b5b0654e17b7dd3fe3280f35829712c9fcd485829a0d4108

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Wed, 28 Oct 2020 06:27:53 GMT
server: nginx
etag: "5f990f69-a96d"
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 43373
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 screenshot_3-330x140.png
chinas-lafa.ru/wp-content/uploads/2021/08/ 22 KB
22 KB 85ms
83ms Image
image/png 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chinas-lafa.ru/wp-content/uploads/2021/08/screenshot_3-330x140.png
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 2b47ce393ee927d93c3f2f7294f5b467e8662cba5c61e98f91761b96764b3c9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Fri, 20 Aug 2021 13:57:08 GMT
server: nginx
etag: "611fb4b4-5787"
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 22407
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 meyzu-330x140.jpg
chinas-lafa.ru/wp-content/uploads/2021/04/ 4 KB
4 KB 85ms
84ms Image
image/jpeg 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chinas-lafa.ru/wp-content/uploads/2021/04/meyzu-330x140.jpg
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 0e01cb2c163c8cca3deba719e4e5620244fd231cb641a2f6fb787e2201c91f9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Tue, 13 Apr 2021 14:28:08 GMT
server: nginx
etag: "6075aa78-1112"
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 4370
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 dooling-330x140.jpg
chinas-lafa.ru/wp-content/uploads/2021/04/ 5 KB
5 KB 86ms
85ms Image
image/jpeg 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chinas-lafa.ru/wp-content/uploads/2021/04/dooling-330x140.jpg
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: f4bf6742a3b2dbbbbbb39be2ce47b2940ae05774099b714911e2d57f5dba857e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Tue, 13 Apr 2021 13:57:50 GMT
server: nginx
etag: "6075a35e-138b"
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 5003
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Markery-shop5575131-store-330x140.jpg
chinas-lafa.ru/wp-content/uploads/2021/03/ 19 KB
19 KB 87ms
86ms Image
image/jpeg 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chinas-lafa.ru/wp-content/uploads/2021/03/Markery-shop5575131-store-330x140.jpg
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 986c8a6074a6717f62e027cb56a312c44b713d8d2b1d6e8572ba093b790ea3ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Sun, 28 Mar 2021 09:06:18 GMT
server: nginx
etag: "6060470a-4bf5"
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 19445
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bobot-330x140.jpg
chinas-lafa.ru/wp-content/uploads/2021/04/ 9 KB
9 KB 88ms
88ms Image
image/jpeg 185.4.64.72
RECONN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chinas-lafa.ru/wp-content/uploads/2021/04/bobot-330x140.jpg
Requested by: Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.4.64.72 Moscow, Russian Federation, ASN12722 (RECONN, RU),
Reverse DNS: valletta.coulated.eu
Software: nginx /
Resource Hash: 9ce833bc46f70606effbdcbe468c005d00d546f0b51e5fc5c6b2089ba3fed3ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:55 GMT
last-modified: Sun, 04 Apr 2021 08:40:37 GMT
server: nginx
etag: "60697b85-22ac"
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 8876
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303150101/ 350 KB
117 KB 83ms
82ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5961121494812113&plah=chinas-lafa.ru

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba0fee1ef54f6bcb9d8be8cff022c756a26e71df521723f8524d0fbbdf4a9f7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119457
x-xss-protection: 0
server: cafe
etag: 2698249756674122296
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 05:47:56 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230315/r20190131/ Frame 9AD5 10 KB
5 KB 183ms
39ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230315/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://chinas-lafa.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 43614
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Mar 2023 17:41:02 GMT
etag: 2378337311435320485
expires: Mon, 03 Apr 2023 17:41:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 395 B
607 B 183ms
49ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=chinas-lafa.ru&callback=_gfp_s_&client=ca-pub-5961121494812113

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5961121494812113&plah=chinas-lafa.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

efd39710c4bf748f75f2943601d802959a134eb4580c02d9775903dfac19148b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 157ms
48ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=chinas-lafa.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 162ms
52ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=chinas-lafa.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C7C2 392 KB
65 KB 655ms
655ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&adk=1812271804&adf=3025194257&lmt=1679366080&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x810_l%7C212x810_r&format=0x0&url=https%3A%2F%2Fchinas-lafa.ru%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377676149&bpp=6&bdt=533&idt=158&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4733014202115&frm=20&pv=2&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=180

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19fc3d0a652f757ad0346ec539364268680f22f70bc926c49438595444e8e17e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://chinas-lafa.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 66686
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 05:47:56 GMT
expires: Tue, 21 Mar 2023 05:47:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D2E0 97 KB
33 KB 486ms
486ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=280&adk=2801298807&adf=2498843383&pi=t.aa~a.1647758531~rp.1&w=1090&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=1090x280&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377676155&bpp=2&bdt=540&idt=181&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=255&ady=241&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WYoxzWmJ79&p=https%3A//chinas-lafa.ru&dtd=186

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdd1c0385a9d428e0fe9925d7f4c988bb39299a8e595910b8e9daaece6f148d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://chinas-lafa.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 33830
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 05:47:56 GMT
expires: Tue, 21 Mar 2023 05:47:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9949.s3WNqgX8edsWbWJFh_kQw74fX8aqE3TOGZL8-RaNwuOL2f0L9pp1U9guITWjWTz2.qshGngOpdFU30fwBKMkNuHXN-vg%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9949.JVFCCYCxDu-kTvXrKJAyH-oDKLpczK_CNQXu3Qj6Rag5a5e_HInwli1q45Er_jzB2TwehQbW7NuTdvLxwY7koOnQ14NQ5sKCkprCnYIylbE%2C.BeU_kRXS1UjduGUfvhGkUV9XVbo%2C

43 B
67 B

77ms
77ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9949.JVFCCYCxDu-kTvXrKJAyH-oDKLpczK_CNQXu3Qj6Rag5a5e_HInwli1q45Er_jzB2TwehQbW7NuTdvLxwY7koOnQ14NQ5sKCkprCnYIylbE%2C.BeU_kRXS1UjduGUfvhGkUV9XVbo%2C

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:56 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9949.JVFCCYCxDu-kTvXrKJAyH-oDKLpczK_CNQXu3Qj6Rag5a5e_HInwli1q45Er_jzB2TwehQbW7NuTdvLxwY7koOnQ14NQ5sKCkprCnYIylbE%2C.BeU_kRXS1UjduGUfvhGkUV9XVbo%2C
date: Tue, 21 Mar 2023 05:47:56 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
113 B 76ms
76ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:56 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 20 Mar 2023 09:05:34 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "6417f7ae-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Tue, 21 Mar 2023 06:47:56 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/61048837/
Redirect Chain

https://mc.yandex.com/watch/61048837?wmode=7&page-url=https%3A%2F%2Fchinas-lafa.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A1l9q8t2xwu9apk6vq4sag7%3Afp%3A1279%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%...
https://mc.yandex.com/watch/61048837/1?wmode=7&page-url=https%3A%2F%2Fchinas-lafa.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A1l9q8t2xwu9apk6vq4sag7%3Afp%3A1279%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-U...

454 B
564 B

84ms
84ms

XHR
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/61048837/1?wmode=7&page-url=https%3A%2F%2Fchinas-lafa.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A1l9q8t2xwu9apk6vq4sag7%3Afp%3A1279%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A287608846930%3Ahid%3A75407273%3Az%3A0%3Ai%3A20230321054756%3Aet%3A1679377676%3Ac%3A1%3Arn%3A595402844%3Arqn%3A1%3Au%3A1679377676750420579%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A207%2C171%2C167%2C1%2C389%2C0%2C%2C325%2C0%2C%2C%2C%2C1314%3Aco%3A0%3Acpf%3A1%3Ans%3A1679377674680%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1679377677%3At%3A%D0%90%D0%BB%D0%B8%D1%8D%D0%BA%D1%81%D0%BF%D1%80%D0%B5%D1%81%D1%81%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%E2%80%94%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BF%D0%BE%D0%BC%D0%BE%D1%89%D0%B8%20%D0%BF%D0%BE%D0%BA%D1%83%D0%BF%D0%B0%D1%82%D0%B5%D0%BB%D1%8F%D0%BC&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

da37c380b64bff483e614c6afecdec9c85f3860f1cac85c7354d569f2a99b10c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:56 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Tue, 21-Mar-2023 05:47:56 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://chinas-lafa.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 454
x-xss-protection: 1; mode=block
expires: Tue, 21-Mar-2023 05:47:56 GMT

Redirect headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:56 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21-Mar-2023 05:47:56 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/61048837/1?wmode=7&page-url=https%3A%2F%2Fchinas-lafa.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A1l9q8t2xwu9apk6vq4sag7%3Afp%3A1279%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A287608846930%3Ahid%3A75407273%3Az%3A0%3Ai%3A20230321054756%3Aet%3A1679377676%3Ac%3A1%3Arn%3A595402844%3Arqn%3A1%3Au%3A1679377676750420579%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A207%2C171%2C167%2C1%2C389%2C0%2C%2C325%2C0%2C%2C%2C%2C1314%3Aco%3A0%3Acpf%3A1%3Ans%3A1679377674680%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1679377677%3At%3A%D0%90%D0%BB%D0%B8%D1%8D%D0%BA%D1%81%D0%BF%D1%80%D0%B5%D1%81%D1%81%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%E2%80%94%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BF%D0%BE%D0%BC%D0%BE%D1%89%D0%B8%20%D0%BF%D0%BE%D0%BA%D1%83%D0%BF%D0%B0%D1%82%D0%B5%D0%BB%D1%8F%D0%BC&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29
access-control-allow-origin: https://chinas-lafa.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Tue, 21-Mar-2023 05:47:56 GMT

GET
H2

200

sync_cookie_image_decide_secondary
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check_secondary
https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=9949.NDDof4Jo0djuqvjy-JMhaXy9_ZDfDHXIzHm9TKNv8smSDbJ85GCrGA5j7nF8NP1H.NG61nbBkeyZDL2G8JcAD3nLy3-s%2C
https://mc.yandex.com/sync_cookie_image_decide_secondary?token=9949.9ptj3YC-pYMNDMYmxQvM_6D_ZfuSjr2i-uNeCuC4ymmQPbKYVb7dwd2c0luHQi3hRADrQOMMVlLzhxOzEqt32p4M73s9vPTt7vZldNkCRFo%2C.l_ZfR7Cj_UaG9xGU8Z...

43 B
91 B

78ms
78ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide_secondary?token=9949.9ptj3YC-pYMNDMYmxQvM_6D_ZfuSjr2i-uNeCuC4ymmQPbKYVb7dwd2c0luHQi3hRADrQOMMVlLzhxOzEqt32p4M73s9vPTt7vZldNkCRFo%2C.l_ZfR7Cj_UaG9xGU8ZwdzTnt6o0%2C

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:56 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide_secondary?token=9949.9ptj3YC-pYMNDMYmxQvM_6D_ZfuSjr2i-uNeCuC4ymmQPbKYVb7dwd2c0luHQi3hRADrQOMMVlLzhxOzEqt32p4M73s9vPTt7vZldNkCRFo%2C.l_ZfR7Cj_UaG9xGU8ZwdzTnt6o0%2C
date: Tue, 21 Mar 2023 05:47:56 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ Frame D2E0 6 KB
768 B 51ms
50ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=280&adk=2801298807&adf=2498843383&pi=t.aa~a.1647758531~rp.1&w=1090&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=1090x280&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377676155&bpp=2&bdt=540&idt=181&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=255&ady=241&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WYoxzWmJ79&p=https%3A//chinas-lafa.ru&dtd=186

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 21 Mar 2023 05:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 21 Mar 2023 04:03:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 21 Mar 2023 05:47:56 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame D2E0 2 KB
818 B 167ms
54ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44259
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame D2E0 0
0 101ms
100ms Fetch
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CJdklDEUZZP2lF5rvtwez-7v4CuHF-M5uqcKLirkIyrqM8b4BEAEg84nDOWCVgoCAtAegAcixqc0DyAEJqAMByAPLBKoEyAFP0DgeXFhmcRrFbrRq4lBz-gqSFgAkTNr_BUyttUtdSmKWxjLgVntBWMCyi7eYD8pzGchPe5jqciGtk3PyYtkrgE6R_w3j4oP7AbLXwQuszuneN36SwCZPaOJlb273a6Kf49Q45TDyNeJQWlyxhvGZ75jSjFyRKJOk4kKD2vQWsWCjUjl4WDbLaivkKjWhVggKN_cMm1-QTxW6b4WzPnpY6q7cgk6151sqYyY5gZogNrQi0yl1ksE4bWKctKv7g2I-828SWg64JcAE0fb5neQBkgUECAQYAZIFBAgFGASgBi6AB-Tq4jWoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBRC7xZIC0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwG4E-QD2BMMiBQZ0BUBgBcBshccChoIABIUcHViLTU5NjExMjE0OTQ4MTIxMTMYAA&sigh=Zd5Bakz1U4c&uach_m=[UACH]&cid=CAQSGwDUE5ymQ0N0WyYCZ4Crct91M3vAwJJ5cdZsNRgB&template_id=484

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=280&adk=2801298807&adf=2498843383&pi=t.aa~a.1647758531~rp.1&w=1090&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=1090x280&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377676155&bpp=2&bdt=540&idt=181&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=255&ady=241&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WYoxzWmJ79&p=https%3A//chinas-lafa.ru&dtd=186
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 21 Mar 2023 05:47:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 21 Mar 2023 05:47:56 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/6528039975527766319/ Frame D2E0 9 KB
10 KB 184ms
77ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6528039975527766319/14763004658117789537?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51b9a80bb5b987880dbde1d15bc552bb7ef1881b7d6a25b18bda20341b12e2cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 05:44:19 GMT
x-content-type-options: nosniff
age: 259417
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9591
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 15:56:27 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 17 Mar 2024 05:44:19 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/841684701835869913/ Frame D2E0 2 KB
2 KB 190ms
83ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/841684701835869913/14763004658117789537?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1490aad284b9af37c925810fe6cad4bf2b972ffbf906462c0e391d3218bd1224

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 07:03:15 GMT
x-content-type-options: nosniff
age: 81881
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2231
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 11:20:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 19 Mar 2024 07:03:15 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame D2E0 22 KB
9 KB 133ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44259
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame D2E0 3 KB
1 KB 147ms
55ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44259
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame D2E0 20 KB
8 KB 138ms
46ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44259
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D2E0 158 KB
49 KB 60ms
52ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe14bc8a4e294c047589838fd09a3efc81771751a0be03ea8ec99e734e965fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679312138029146"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Mar 2023 05:47:56 GMT

GET
H2 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame D2E0 34 KB
15 KB 133ms
39ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 21:13:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203670
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 21:13:26 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C7C2 0
20 B 114ms
114ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=39&version=r20230315&sample=0.01

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&adk=1812271804&adf=3025194257&lmt=1679366080&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x810_l%7C212x810_r&format=0x0&url=https%3A%2F%2Fchinas-lafa.ru%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377676149&bpp=6&bdt=533&idt=158&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4733014202115&frm=20&pv=2&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=180

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame D2E0 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 38fdf5b836235c43a1fc58abe120c6d09f73981951dd157d5eb3f9d79842aebb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303150101/ 149 KB
51 KB 69ms
69ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303150101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb9f862237742c353af48b3ffeff1b938448e51f1e08f68a5900d47e5aa68ee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52111
x-xss-protection: 0
server: cafe
etag: 755344259060708808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 05:47:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 85ms
84ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=rasra::pm&rt=1%2C3%2C4&c=ca-pub-5961121494812113&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 50ms
49ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=chinas-lafa.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 62ms
62ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=chinas-lafa.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5B01 18 KB
8 KB 308ms
308ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=2562254491&adf=1605564971&pi=t.aa~a.3108187763~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=-M&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280&nras=3&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=koPFbdLr6Z&p=https%3A//chinas-lafa.ru&dtd=9

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

754359e513ba28b355a92efe7b18e9a644a4a13f5f3cff99e39b14151b23b978

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://chinas-lafa.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 8513
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 05:47:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DFCB 17 KB
8 KB 336ms
335ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=3254586875&adf=2788751979&pi=t.aa~a.3650758574~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=1&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280%2C300x600&nras=4&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2817&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=bkIEeJuSsf&p=https%3A//chinas-lafa.ru&dtd=15

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0cd586cf9a8ba732def6180c1ba1475c337b4212f13644bcfd0dcb7c8a8d7078

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://chinas-lafa.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 8179
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 05:47:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=4&wpc=ca-pub-5961121494812113&w=1600&h=1200&pp=0&ppp=0&eatf=false&eatfAbg=false&reatf=false&a=6%2C1%2C5%2C7&apv=20230319_103449&sat=1679354131972&afm=0&as_count=0&d_count=0&ng_count=0&am_count=4&atf_count=1&mdns=0&alldns=0.273&allp=62&fd=(0%2C21%2C8)%2C(1%2C0%2C0)%2C(2%2C2%2C2)&pgh=6450&abl=false&rr=n&su=chinas-lafa.ru&pvc=4257565016348634&r=0.1&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D2E0 15 KB
15 KB 49ms
48ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 23:09:06 GMT
x-content-type-options: nosniff
age: 369531
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 23:09:06 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D2E0 15 KB
16 KB 40ms
39ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 08:06:08 GMT
x-content-type-options: nosniff
age: 337309
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Mar 2024 08:06:08 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D2E0 15 KB
15 KB 55ms
55ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:05:36 GMT
x-content-type-options: nosniff
age: 402141
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 14:05:36 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=rasra::pr&rt=1%2C3%2C4&c=ca-pub-5961121494812113&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 50ms
50ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=chinas-lafa.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 48ms
48ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=chinas-lafa.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/ Frame DFFD 10 KB
4 KB 40ms
40ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://chinas-lafa.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23184
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Mar 2023 23:21:33 GMT
etag: 2378337311435320485
expires: Mon, 03 Apr 2023 23:21:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/ Frame 0CF8 10 KB
4 KB 40ms
40ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://chinas-lafa.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23184
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Mar 2023 23:21:33 GMT
etag: 2378337311435320485
expires: Mon, 03 Apr 2023 23:21:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/ Frame CA64 10 KB
4 KB 40ms
39ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://chinas-lafa.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23184
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Mar 2023 23:21:33 GMT
etag: 2378337311435320485
expires: Mon, 03 Apr 2023 23:21:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js Show response
pagead2.googlesyndication.com/bg/ Frame 5EB8 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87b72bb230a3d085fedbcd93626ad07d8fab3a75cd623e8bd11254f2850e696e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 05:03:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 348242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14251
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Mar 2024 05:03:55 GMT

GET
H2 200 914be99cd47eba54dcad56263af893ff.js Show response
www.gstatic.com/mysidia/ Frame DFFD 10 KB
4 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/914be99cd47eba54dcad56263af893ff.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1665e53681ca0c9d196425fb71f94996ef4a495a489c7dda67bead9799615d98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 22:04:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 200603
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4426
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 22:04:34 GMT

GET
H2 200 4471e8cf2b0d0f14a71f816ec3ea39a0.js Show response
www.gstatic.com/mysidia/ Frame DFFD 11 KB
5 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4471e8cf2b0d0f14a71f816ec3ea39a0.js?tag=text/vanilla_highlight_ms

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad89e0a7ba5bc269ae857d3d45bbf5ce07e8092879ed4c27d72e3e8809878217

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 21:14:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203637
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4799
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 21:14:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame DFFD 8 KB
895 B 50ms
49ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 21 Mar 2023 04:02:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 21 Mar 2023 05:47:57 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame DFFD 2 KB
799 B 52ms
49ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame DFFD 22 KB
9 KB 42ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame DFFD 3 KB
1 KB 52ms
49ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame DFFD 20 KB
8 KB 46ms
44ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DFFD 158 KB
48 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe14bc8a4e294c047589838fd09a3efc81771751a0be03ea8ec99e734e965fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679312138029146"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Mar 2023 05:47:57 GMT

GET
H2 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame DFFD 34 KB
14 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 21:13:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203671
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 21:13:26 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 0CF8 8 KB
895 B 56ms
56ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 21 Mar 2023 05:41:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 21 Mar 2023 05:47:57 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 0CF8 2 KB
799 B 45ms
45ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame 0CF8 22 KB
9 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 0CF8 3 KB
1 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 0CF8 20 KB
8 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0CF8 158 KB
48 KB 83ms
82ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe14bc8a4e294c047589838fd09a3efc81771751a0be03ea8ec99e734e965fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679312138029146"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Mar 2023 05:47:57 GMT

GET
H2 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame 0CF8 34 KB
14 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 21:13:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203671
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 21:13:26 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame CA64 6 KB
672 B 50ms
49ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 21 Mar 2023 04:25:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 21 Mar 2023 05:47:57 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame CA64 2 KB
799 B 44ms
44ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame CA64 22 KB
9 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame CA64 3 KB
1 KB 64ms
64ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame CA64 20 KB
8 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CA64 158 KB
48 KB 91ms
90ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe14bc8a4e294c047589838fd09a3efc81771751a0be03ea8ec99e734e965fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679312138029146"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Mar 2023 05:47:57 GMT

GET
H2 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame CA64 34 KB
14 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 21:13:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203671
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 21:13:26 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/841684701835869913/ Frame DFFD 2 KB
2 KB 40ms
40ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/841684701835869913/14763004658117789537?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1490aad284b9af37c925810fe6cad4bf2b972ffbf906462c0e391d3218bd1224

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 07:03:15 GMT
x-content-type-options: nosniff
age: 81882
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2231
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 11:20:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 19 Mar 2024 07:03:15 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame DFFD 0
0 83ms
82ms Fetch
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CVAe8DEUZZPmVFsLSx_APm_ymwA3hxfjObsWZ2uSUCILr0uCyARABIPOJwzlglYKAgLQHoAHIsanNA8gBAagDAaoExQFP0CXNanYubBepY478g2K-YOX7EDmIVEQq6qK10fpbuTHKKmuXS3GB3UQP4Q6BUfMYV99JaiftP3IHGo0eu0XVk_qFmucFVEPDLvS8OfsI57kwHpfuCrf1XvAJ7WK1LDiktrAquGEpdDwDqtmQG_z1zhUlrFW4Xnp5POh3ZXNHgj1_FExdfJZFCgDDoNHVVe3vy1WZKZFNXVFpvEj9Va5aKUwMWuGLpXqaH-0TioWYKt1DFyLvbQjK06fGf7UDXeELKB19J8AE6viq5usBkgUECAQYAZIFBAgFGASAB-Tq4jWoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBRCPksgC0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwyIFBbQFQGAFwGyFxwKGggAEhRwdWItNTk2MTEyMTQ5NDgxMjExMxgA&sigh=EXP6LKjiCZs&uach_m=[UACH]&cid=CAQSGwDUE5ymjaT6A2aQLPnOIch-6Kg1L888wMClVRgB&template_id=5001

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F521 143 B
166 B 40ms
40ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3075
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 04:56:42 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame DFFD 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 07ae7e13e4f9c290bacd59e7547960f6398063bb0799c2b4a1a3277f6523080e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B01 42 B
63 B 80ms
80ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D85LlOCSFvAffQCi9dT1blyiqwmLHHnUoW2jFvSmpRHfDAWl0BFptCERfgi1Ej9hfuB0b9mNXCLLmDvHKFGn0dkWI9aBAzn4zgXOlYv4vdj6OcriQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=2562254491&adf=1605564971&pi=t.aa~a.3108187763~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=-M&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280&nras=3&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=koPFbdLr6Z&p=https%3A//chinas-lafa.ru&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B01 0
20 B 81ms
79ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12393228130390953967&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5B01 78 KB
27 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 05:47:57 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 5B01 3 KB
1 KB 48ms
46ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 5B01 20 KB
8 KB 48ms
45ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 5B01 0
0 147ms
50ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSC3hTOL37_XfQKDDghcOg_-g6I21-IK0GYWA7nz-C37mltenw7A6mxoVeRAdy-U8cGGjPxHM50YNjCh99qmkXirH5-eg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=2562254491&adf=1605564971&pi=t.aa~a.3108187763~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=-M&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280&nras=3&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=koPFbdLr6Z&p=https%3A//chinas-lafa.ru&dtd=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5B01 158 KB
48 KB 63ms
61ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe14bc8a4e294c047589838fd09a3efc81771751a0be03ea8ec99e734e965fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679312138029146"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Mar 2023 05:47:57 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FE7C 624 B
245 B 61ms
60ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiMp4PjATAB&v=APEucNW_8s6Bs05fTZbhl4YfGxmYxubT4D3UEtSiwkiMAG7PhQQMjw7wf_GJOQeHCfaiqAPaK6hGpeo331TL4Pz_LckpFJrQ78uf9cGRAw8EytUGWOiH-Ucw_XS7L0OX6-ADPHVNn-3MW2oXK1be6mmnUGuLIpLCpihRCsJxKqOLtYTJ95Lb8VQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=2562254491&adf=1605564971&pi=t.aa~a.3108187763~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=-M&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280&nras=3&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=koPFbdLr6Z&p=https%3A//chinas-lafa.ru&dtd=9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 05:47:57 GMT
expires: Tue, 21 Mar 2023 05:47:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame DFCB 42 B
63 B 74ms
73ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AdXsnRi_CbsnSSfgzzzS1W8FASw_q2aMRcy3AOPfqGkdutbLtyZV05v-ZoTvrOH45rTaQW7mAEJmvgogmTjrm8lqqwJvowrJ8mF5ow8IByvN6yYKA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=3254586875&adf=2788751979&pi=t.aa~a.3650758574~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=1&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280%2C300x600&nras=4&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2817&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=bkIEeJuSsf&p=https%3A//chinas-lafa.ru&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DFCB 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=9633007423926922579&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame DFCB 78 KB
27 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 05:47:57 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame DFCB 3 KB
1 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame DFCB 20 KB
8 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:30:17 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame DFCB 0
0 97ms
49ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT9o6Xbi8bke2UYuOFmlID5h4dVO81lfUzi5dDF6yA6XCmbZX0lASd8SoImo3t_dlBNLXdEaBN0LctucYsSLg8bJwCgaA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=3254586875&adf=2788751979&pi=t.aa~a.3650758574~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=1&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280%2C300x600&nras=4&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2817&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=bkIEeJuSsf&p=https%3A//chinas-lafa.ru&dtd=15
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DFCB 158 KB
48 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe14bc8a4e294c047589838fd09a3efc81771751a0be03ea8ec99e734e965fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679312138029146"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Mar 2023 05:47:57 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 542E 640 B
265 B 56ms
56ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiMp4PjATAB&v=APEucNUOjKJIBrGeHrGdMRc-67ihgiTenjRpx7_kaXXAJ3RkKrng1vJILZ752FibCgiNoL4jOdkFAZtd0AQiVK2suiMQWr3ZViONbePspbjdTG9B1_ApocH7WpfyMC2ZLqz5yHK9VFU9upXCpqmpJGysDFzbUo_v1TFskV17n3UGWVFg0ioZYoA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=3254586875&adf=2788751979&pi=t.aa~a.3650758574~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=1&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280%2C300x600&nras=4&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2817&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=bkIEeJuSsf&p=https%3A//chinas-lafa.ru&dtd=15
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 05:47:57 GMT
expires: Tue, 21 Mar 2023 05:47:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/12413002693484944339/ Frame 0CF8 6 KB
6 KB 47ms
41ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12413002693484944339/14763004658117789537?w=195&h=102

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d2fc6db9fd0a507a50875736fee2a70c1320fa7fbe7d262ae80cab48d0f54c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 05:35:52 GMT
x-content-type-options: nosniff
age: 346325
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6558
x-xss-protection: 0
last-modified: Sat, 18 Feb 2023 16:40:29 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 16 Mar 2024 05:35:52 GMT

GET
DATA 200
OK truncated
/ Frame 0CF8 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0CF8 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0CF8 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63c0bbf722d9e8d58804bca9a8b4735909446c2f97dff321da6d7da2358a3971

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/17649385569929678151/ Frame CA64 27 KB
27 KB 47ms
46ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17649385569929678151/14763004658117789537?w=400&h=209

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b34b40ba1ed4be2cd366f42434f485b890f6e16dc944691f01e3b2117e4e0668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 12:06:28 GMT
x-content-type-options: nosniff
age: 63689
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28078
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 21:46:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 19 Mar 2024 12:06:28 GMT

GET
H3 200 10585753523239444892
tpc.googlesyndication.com/simgad/ Frame CA64 7 KB
7 KB 40ms
40ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10585753523239444892?w=100&h=100

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

889242ce1e192d4bea99269de7e6f0812b15b5c0c76654adba68c5fe3dd6097a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 12:14:33 GMT
x-content-type-options: nosniff
age: 322404
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6794
x-xss-protection: 0
last-modified: Fri, 15 Oct 2021 17:34:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 16 Mar 2024 12:14:33 GMT

GET
DATA 200
OK truncated
/ Frame CA64 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b4a113bed310a53eed6db1e51aca1563a51cb5b8283747deb002ce3fe8a30849

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js Show response
pagead2.googlesyndication.com/bg/ Frame E4B2 36 KB
14 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87b72bb230a3d085fedbcd93626ad07d8fab3a75cd623e8bd11254f2850e696e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 05:03:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 348242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14251
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Mar 2024 05:03:55 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame FE7C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIttrwGvM7dEo_oj8nt8V-k&google_cver=1

43 B
766 B

41ms
41ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIttrwGvM7dEo_oj8nt8V-k&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiMp4PjATAB&v=APEucNW_8s6Bs05fTZbhl4YfGxmYxubT4D3UEtSiwkiMAG7PhQQMjw7wf_GJOQeHCfaiqAPaK6hGpeo331TL4Pz_LckpFJrQ78uf9cGRAw8EytUGWOiH-Ucw_XS7L0OX6-ADPHVNn-3MW2oXK1be6mmnUGuLIpLCpihRCsJxKqOLtYTJ95Lb8VQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 21 Mar 2023 05:47:57 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIttrwGvM7dEo_oj8nt8V-k&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame FE7C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZBlFDdSvGZvsBihS.Glw9wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIttrwGvM7dEo_oj8nt8V-k&google_cver=1&google_hm=2

43 B
766 B

43ms
42ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIttrwGvM7dEo_oj8nt8V-k&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiMp4PjATAB&v=APEucNW_8s6Bs05fTZbhl4YfGxmYxubT4D3UEtSiwkiMAG7PhQQMjw7wf_GJOQeHCfaiqAPaK6hGpeo331TL4Pz_LckpFJrQ78uf9cGRAw8EytUGWOiH-Ucw_XS7L0OX6-ADPHVNn-3MW2oXK1be6mmnUGuLIpLCpihRCsJxKqOLtYTJ95Lb8VQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 21 Mar 2023 05:47:57 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIttrwGvM7dEo_oj8nt8V-k&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame FE7C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDaCILX4EGK8lRjya9XVCoM&google_cver=1

43 B
1 KB

45ms
43ms

Image
image/gif

185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDaCILX4EGK8lRjya9XVCoM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiMp4PjATAB&v=APEucNW_8s6Bs05fTZbhl4YfGxmYxubT4D3UEtSiwkiMAG7PhQQMjw7wf_GJOQeHCfaiqAPaK6hGpeo331TL4Pz_LckpFJrQ78uf9cGRAw8EytUGWOiH-Ucw_XS7L0OX6-ADPHVNn-3MW2oXK1be6mmnUGuLIpLCpihRCsJxKqOLtYTJ95Lb8VQ

Protocol

HTTP/1.1

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 21 Mar 2023 05:47:57 GMT
AN-X-Request-Uuid: aeb8999c-c9cc-4f9d-9213-f21e38ebe0b6
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDaCILX4EGK8lRjya9XVCoM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame FE7C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODk1MzM5Mzk5MDcyNzg1NzQxNA%3D%3D

170 B
243 B

53ms
53ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODk1MzM5Mzk5MDcyNzg1NzQxNA%3D%3D

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 21 Mar 2023 05:47:57 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d5782046-c534-40d5-902a-1db52e3ec9ac
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODk1MzM5Mzk5MDcyNzg1NzQxNA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F521
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

56ms
56ms

Document
text/html

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 05:47:57 GMT
expires: Tue, 21 Mar 2023 05:47:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 05:47:57 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js Show response
pagead2.googlesyndication.com/bg/ Frame 44BF 36 KB
14 KB 42ms
39ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87b72bb230a3d085fedbcd93626ad07d8fab3a75cd623e8bd11254f2850e696e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 05:03:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 348242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14251
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Mar 2024 05:03:55 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0CF8 0
18 B 85ms
84ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CASG0DEUZZPqVFsLSx_APm_ymwA2fy7Cnb8mt46TnEILntLX5ARABIPOJwzlglYKAgLQHoAGOt5iKAsgBCakCLozSnqf6sT6oAwHIA8sEqgTEAU_QZYkCcEU8XQjilJZ_c-qA1RL5DaGIwZaXQHwcv_SD8ofcB7LVHQmyWWir6jfKIBeYtq3Sww22Sqga_KkKa6-ylaujC4aLDpkcEUWw1nMEwPbc8TRksngZxDrWqc3hj2_SQnZSlxTuHcc3zMg9FidtK9wLZAD2HvkvNiobd-rmimstFwnwsAKVcPBCPHKtlvA_02o8NtNJJaYCBTI3kk2W2ofbrnxFuAmOE4ge1YZ5f4FVLCkkTaIFs4xjOTMytiG2XgHABJnL9_etBJIFBAgEGAGSBQQIBRgEoAYugAfayOf1AagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcFEJ3x6AHSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDYgUAdAVAZgWAYAXAbIXHAoaCAASFHB1Yi01OTYxMTIxNDk0ODEyMTEzGAA&sigh=uwH4eqqinTw&uach_m=[UACH]&cid=CAQSGwDUE5ymjaT6A2aQLPnOIch-6Kg1L888wMClVRgB&template_id=5000&vis=1

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CA64 0
18 B 83ms
83ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C9AjeDEUZZPuVFsLSx_APm_ymwA3z08mobYKU5_mTEai7qJblGhABIPOJwzlglYKAgLQHoAGigcKZKMgBCakCLozSnqf6sT6oAwHIA8sEqgTUAU_Q0991irPMkVYYwRm1jAj7700JkK6RbGx61YrlQhODZlaojYtPOVNTwq_OY7IIn6rNxQAsZ0mAQkF8Eho72ThbJXOY43MerLp3QNrrduo0Iu4x9Sj4PHtx040JjxL6j522rbO6lWqoWaSg7dfa5tDZEx796L--fnl2aYpBWydSb9coIJ99Sbpb3pvk6wWH_4aL7IP1_svhvBgadTgqxu4U9_4f9b92LfCdlI8rtbRNzlN5nK6_iMWtfdRVoJ5SWXIv3l4k_TDjHNbUp7WWvTwyK2cKwASTj-fU4QOSBQQIBBgBkgUECAUYBKAGLoAHormS-QKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBRCjpKQB0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwG4E-QD2BMK0BUBgBcBshccChoIABIUcHViLTU5NjExMjE0OTQ4MTIxMTMYAA&sigh=uvVSCXZXCQs&uach_m=[UACH]&cid=CAQSGwDUE5ymjaT6A2aQLPnOIch-6Kg1L888wMClVRgB&template_id=484&vis=1

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B01 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8139530844945&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B01 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8139530844945&version=m202301230201&ct=76&x=1&cor=12393228130390954000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5B01 88 KB
36 KB 84ms
84ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPXrIVgR1gZXvDH4XO5VwOA9tIbnWxjLsc10XuTnnIYau3O5z82M4vGl3B3DWJpEM-cdwa2-UKfuBsnVowCST93j09BLPywO-Oe9LZQVYHPxphH1E&cry=1&dbm_d=AKAmf-AzcsDEf4lF2P5EaZjrWOT_OJf-8rYn5AN6eSNTQ5EMsPclsZLMptlefI3_-gj27Br4jxx39w5qz2e7kzM_J9iFyNeCMYnL0NTMvkt6b3kg7SxkyQzcbz9oTNyOKdOQphmhVeAfrtDvV7u4EUs3mUqccCYlqJsBE4ThQbPqd2vrlI27t15RBdG8q5A07wWReT4qJ95M6-DAifKgfzWhR1FwQirynMQFEeTNtaMZr9HD0ppva7Vq5PVeH-eBkkUqT17UhX9tGTMFAGqLaWf3FUReByaeMUanxyd4f3MGiJaFgUnq77fLytgBLEOaZfjirQI_E5efaNPoBefbjSGZxbiH8byp0mEDGohMtmxVmdm0FYfjrxy2tWG-jwRy7Y9U5omR-Gcrf4HiVBTpRQtzeTbwEFYt3k5QJNIwd9MFAQ5IuVAOKenMl2fwAlpvIHusVwhtj7oevji_jSB1QAw9kQsj2YixKYjgL8yM6vfGKDERipvvibMXSjRr2Fk9nAzgEoDV3k8C-8aeSyATjMzKLrN5aw2B_c9YmQZ24Ou7e8Ww4Cp1e22m0_nZaI425cccK_c4c3IP2OiTL0BEzEukOKGNXTOp7ESJIfnp8OUMYOspUpuQ8v6znWDc-BRsncfkufaEbshdoPED65XzHNtqEhr1aiupHd4LhGajXDEjiaLePOC-K5-FmSO5cwcCOIultv60koWhitg1dlx_NQh7rPmqV9-2iQhAOd3NRq0Xhlt85Fcx6UApWYJw1j-iuMp96bh__11pF3vldsiU2SArhsdwpwRMa-5M7G8gGBL00X220vedXgY3FN5NMTWS82KYUN2Jcs4EdNZoCirHuOI5iPrjyN0zukI54f-dkhr3ajPzuOmW_2gPNiq6P7hZMTqhXn_hAtYVYic4EblC6p8ddbm3JNXZnCKn_hog7JLCWjRyIKFj5VpcVz-YbmROhlELxkJ-WSP0DnHxbLu9p7AEBIV12dBnPFCtrFjy4pnUJJzeqEkagRxk2RApyCviq4yOJQwo5lW3cieapQt8lvKaKTvo9o-PKFpJA3NyjPLZYrEe6TE0kRMlPXThrSJ1TmYROLySg07YWK2J0f8k6tLfpXKXiAQ6ryu9wQ5jtrNQErjq5PJ9uNGbFCGRKRdc46rd-occvzMlU0-n-OVHC0w_LDNE4Aj435IL3TEkblPDX8ZmjJeGAywZn-ratS2606jrLtsaSo0ml802wqiWulxA_6DzGsbx7JrnOhCQn9d8i2rahSmt-I_TpHSO5krG38FJraIqlKEwYf4-9jxg0u_Kb2KJUslAvloMsBsRruBY-AxFGt3BKnWbe2nupKR1mpP0K_lpTAG-1P7Ql5AT7L8Al6NIZUnWCGGqO6AF2xE6PJnZFfRkej0rsNeqzIIkyLl9gSo2bRY1w8YqGeeXq02dw1N5RhLcWJD9gvNYeCA1cUBqR_Uj06PrZ6afYIPCM5Q__TtpC1T6pEt5SRMx1lHnTEknFXdhFc1wGdBzGh1LdKYjXNtzaj6wLgjjIIGeLxJn4Jab6FTAPi4-Awsd7_lZ62IXOhIXamMSMomNI2o0eVbAVz6py8ZNElSPJf30dRql75GB2urdT5YnG0VQXqzhMPLJjKrF4jSiyK6qJrCK7ukABAYmD5WHlqs-DsUp_RAf1Uolx-kcm8s2pxVRdQIxLy5FYhJE3_ryxJO_CKcbepSD2oW8f5Z2-3vGDYZ5SpsKQ2Qne0KfqGHF-IBKp8KHnbiWNrJzPeXbC_pQUVHxhi2HvWJGzVWHerIdV2DbcxTBWjXVWExzya-z-Sai-0flC9rh-8lvpzUTmmLj-lB3FsqrN7Z99IPHo-0pEm7F1pZLNjVLj4ewDuN6-BiEplslKW4cFPP7dG5Lm9HM3v5uZ2rZJ7gLyHegM-J-ntHQZnXT7eij9Ay0cLoUtDWd15d1xc_883IrczuZmnzUx23JC6D5YcwZZXPh9-njEhGkQZb2us10TC8TuQjm9X1ddPcZupOXftlMF7uIWKfx5EzfJDqFxEzRvj8qa8mD_3PbVJqOwPUPb7g8azm4epu-TrKpmpM5u0FJQjMfLkeGIKqIYUK7V8QpO43-ZtZ5UkAaZ5StwKRhZoktCy6jDcjwLiD0UiUW_HtSTdwkX0saST1K_fyATK8ZT9xUCT-dJJu6wsQf4isSZeRXEnRt6QnGa5Wvt9x7q0_XzcrQtufhYhd5G_XPyhcm9q5d8n-VN6p_KijO-ixje9_lSKjQRB-7G0o487-pS09bv4en_dSr9IFY-pfW8T3W3TApM5QE4TPDkIAGVEPhbBau3MlcPgOo-gQNbTS8NpGDMJn7tfAs6FGln83IISsLCHEywPRNGBdKviWdQ2vRNyAK0fdCv4G1s9v3yk9LxpA1NcJSWRAC-_o30scNXc_CBxcjbHQ4HFq8giWaKRxg-4JwUtnO9n2ZSer1L5fidtPfR2GjeTdeiigZHDpcQ4lltWouioWaENifdJKATqxc5WAqOj9ocFwz-s6cwiXHpparANhKySVpk6fh_e32_3IeAKw5w6UgM1nNHWE9KJ6JdUYvYZ7SvaWCI60ukq4I7BRdS7wF1J4QFZnoChHHRrE2fLA797IPftxpuaAy-3MQn9rVPxH4TVD56rwT6_U7LJMXJ9OAEo4zjcFwxOwQXu-pXlgTs6JijctdKtjaG8wEEXCSrm7s48gaS3aF2Tf-tYy7UVCgmbgKDM_S9Y-9cLmqPtQrAcPufp_md7UtW4BiQTyRJnMDxByT_s8SIb0-wrWD8G7mQUKr4FKVOF4JJTDrV4tgdfqC0UPpYd2iP-MMWa6csIYrfJST852fQh_GDzF0_RQLN-j7n9gsgQq1S8jfd5h570K70S7qn7s_NRvp2sWghsn_gnfUp3uoroc24tatYi32HZLuqkmk5XcOHFa65EIjDiM4HjDls-xnVr8BjUu9NT7_vr3qpl7jHuHR89kDGNYhGDO_FH7K8Ug3wGwVGqYkzAVFfGLI6cci8_CkpV8DnF58bIfN9ybFimldmCAGhWBIa7wAAm3aJj4_OOuo-_xNcUvHlfXchCV1LBN7AyG2zQGLPob40wZXIZ_FQ8HMUbJWdizPI25Wg_2GWepiF1It9DtdYeSOhTkktFfBaHDnh5_Z4QxVl0caf_69ox4HIjqhmNvHPXulp3hLuuKjCphkeAyuViqVY0I7Nlh2DwFYCMslM5TPiYiO4iXt_17TlswvHJjq47vTL0XEDBzas_MAf1jAWTf-74ZSNEADhVUULKigISmBXAALM8ZP8q0WjRTcKYYqUxZOCzv8YHImztxnL_6BMuo9V-4-vBF1PrUl2iLlmOU17kI108VMdS7VN76qXy9zUHF4O1_2T5sHJgAzGI43rslcixWU1ZgfHMPx&cid=CAQSPADUE5ymMuuxr-qdbmLGeHhYgjU5q7D4Vq4p30Qj0FYCX9SFVui0n32gr4xQuX_3aikPNJzIE9cjisXv6xgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fchinas-lafa.ru%2F&ds=l&xdt=1&iif=1&cor=12393228130390954000&adk=250412560&idt=82&cac=0&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81de201b5e04f7b1bb98050a25e8799d5a15ceaa2887c4eb95e4d8baf6959ca1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=2562254491&adf=1605564971&pi=t.aa~a.3108187763~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=-M&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280&nras=3&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=koPFbdLr6Z&p=https%3A//chinas-lafa.ru&dtd=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36950
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 542E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOSLNWj-kYVR8KFndV-17O8&google_cver=1

43 B
114 B

54ms
53ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOSLNWj-kYVR8KFndV-17O8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiMp4PjATAB&v=APEucNUOjKJIBrGeHrGdMRc-67ihgiTenjRpx7_kaXXAJ3RkKrng1vJILZ752FibCgiNoL4jOdkFAZtd0AQiVK2suiMQWr3ZViONbePspbjdTG9B1_ApocH7WpfyMC2ZLqz5yHK9VFU9upXCpqmpJGysDFzbUo_v1TFskV17n3UGWVFg0ioZYoA
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOSLNWj-kYVR8KFndV-17O8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 542E 43 B
304 B 143ms
48ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiMp4PjATAB&v=APEucNUOjKJIBrGeHrGdMRc-67ihgiTenjRpx7_kaXXAJ3RkKrng1vJILZ752FibCgiNoL4jOdkFAZtd0AQiVK2suiMQWr3ZViONbePspbjdTG9B1_ApocH7WpfyMC2ZLqz5yHK9VFU9upXCpqmpJGysDFzbUo_v1TFskV17n3UGWVFg0ioZYoA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 542E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESENosRxCZcMUbq7WVAy12IOw&google_cver=1

23 B
172 B

89ms
74ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESENosRxCZcMUbq7WVAy12IOw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiMp4PjATAB&v=APEucNUOjKJIBrGeHrGdMRc-67ihgiTenjRpx7_kaXXAJ3RkKrng1vJILZ752FibCgiNoL4jOdkFAZtd0AQiVK2suiMQWr3ZViONbePspbjdTG9B1_ApocH7WpfyMC2ZLqz5yHK9VFU9upXCpqmpJGysDFzbUo_v1TFskV17n3UGWVFg0ioZYoA
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

expires: Tue, 21 Mar 2023 05:47:57 GMT
pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESENosRxCZcMUbq7WVAy12IOw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 542E 23 B
172 B 228ms
76ms Image
image/gif 104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiMp4PjATAB&v=APEucNUOjKJIBrGeHrGdMRc-67ihgiTenjRpx7_kaXXAJ3RkKrng1vJILZ752FibCgiNoL4jOdkFAZtd0AQiVK2suiMQWr3ZViONbePspbjdTG9B1_ApocH7WpfyMC2ZLqz5yHK9VFU9upXCpqmpJGysDFzbUo_v1TFskV17n3UGWVFg0ioZYoA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

expires: Tue, 21 Mar 2023 05:47:57 GMT
pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DFCB 0
20 B 75ms
75ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5973143567749&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DFCB 0
20 B 75ms
75ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5973143567749&version=m202301230201&ct=76&x=1&cor=9633007423926923000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame DFCB 89 KB
36 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D2_6Yc5LQDUM0HgsGo9OnhYrDFSE8kV2tdWuxL5vAJjvMlCX3QS4qtdw2jrUfrMadxndQnXqSbnHKaKuYyBjuLn-yrmac2Au0kgd61qpfiFeL0rjU&cry=1&dbm_d=AKAmf-B_dGQNKIbRBv9TsMrrDvfkef9J1m3S2QzZr6Sg6x9D9ADrG1OtqbYFxHcrQ-l81dJo2XZ4vlo-lfnp-YrJx9cf3KR4kdc0H-Z0HK5WO9WsFAOfvZkNcKI5He5AIHzwbQOGnclIlUSAp2Sxs7DraKns8p8AjW8pdxjuHJ9Z6k-zxHaL2ftuLRiJ5DokYuAc4Qe6CGje02OIiKnvkaD61NRbRbxf4p7NGBQN7enE5zMfCxyD_hhS2r6v8Advl7cftfgWIo21h_tnm6cpjKiRnvZ1lEIvS0X8nZ283ZX8ls5WFsPYqUplmY-OxJgWTuICkCXG51e9wN7Fk6XkBUYD_CMq6QmXFm4_ODyV_IzCjGbinkjEogL-wJhnCYiykc6tpw_a2GVwETYpqD9CxfPpuSa61GGLDo52gVC1q16Mr_oavk4h123NNnK4b6fjnhAri-M6E-M7DloBOfzSlC3GUuWh1HLT5HxoMKjCNyVLo-nzI4rLKFK5lDQGvXLdYJ032uxmafHLRLrnsyuWzWifu_-aCui_V0T6uBMqjI6ihXPJj6S-4qNOBOzMGvF27XddMTKQVns19TxopbwoLF9HW7cXz60hSyKWXojx0qg73k8v2nXAjD1sXFM73G7yaUvInTzMVgWGXKH3nSFQkovdOGc8zdL1Y2Ydg7CMFjpRO4_3H1GXFBMnkN1pfqQSdlBKHWylMtsOA_PiY6eceNYsVJ2nJ0ctstmtjmlLFn6KidaPEaX-cb50ZeFusMZIzHqK46_3TMxGAnMrqalSmZ-WwOnhmWQrTqXR3uTL2jRezfKDPlS1JJzXHkyUy_gJyZ-zu3xupUUWV4JXZTLz0eJaxDt5TscFjPqqhaRsk2l2_k-ARf-a1pxILRRopV71QxLouuQnztL_zh0E9BCrotOMk2pf0HUweHLbLYTRt9L14WohH_n6Yw-ivNg8_1kX6OZMtuyQE1o1LGRihb_RLFOQ6_6vTDZs3pMo1_yqC0OqcxRiu4M8lTWGUxLUf52XZzTK49U6JuJU1lT7SAiVPfnQv519Xp2MVBHI51itounXerrZP1p5yxWgvKI87ZBLT-iapRIevk7BjZcUaQqiys-SKr6TfPXd9HUT9vQ0BloD1MLZ-OLIey7AnFOcH5D_4jfiB8ZyB9CNcsVI-NdSVTvh5TQ6_JU6T7gdc4-5vy_L4KcLGuJkJSiPIeDKak432IZT5nXAvnSQG1YrNxCyjrCbU5z-Ipgb6mIF0acIvvLOT7Rzrr_oEf1njaCYwK09TrLyqso5Jb08-9HU1VEKqZL989crwH8C26Kk5CgSbkqQqKC5Of-hFgAvlCzHEmr5NP-BtLUgGcm0DNOaAqaA-NV1ZgJNhos3Oa_maLicBAvTiIpZot0PJwtIPUJpwkszR1qwEXBPOtDbqi7-YHlklpIm-xbbMvOYH_m59NF5FZsn7UX1aUaUFTyytA91aMCG4WTyyx31W3fiJlTqQ6-6OmGOMGZY658q95XSQGfoQfPMHuTEp29w30ibst11g0RV4S8sxSsAOgV2A6NHe9zJPlU-RMD-p4or6OJOKCmWkxWnVJ2VNBt9AASyVfm-N_XpWzRGA9_hL4YwGoTLNJQAso4HdDPP8ZzVy8X9AvaLGnvEbkCCLMccjAmjKMbiYOyVHp1RGfY7NK-vmUk3gcwEjpG84-26vsJk1Z3TqrPew_q_fJheVSI8h6QUXXh-VTs7D8zMi2Mz2fFmL54aBUR8RcfhALudIuqCNWvT4hVwYzRcY0TUN_Av-KYUJF_N_hb6k7JxQDW3PqKScRM56aeEcLi-EpGtIRgZq-YGYe76gbR8mTmeTYY0cVqb-LDzBeVqcFs9FgBYVTnFGpw3NmBQnd8P01a8I8AxQs5QFMBfe9RsbBtXxlygFN9t73jR0BVDaWKKOIGM3TNKbneJsyuH971fK7Lg_C16brmozrgPgxBJdP0k0MaqFBqfsg2RH2wDfscWa5Ltvm-1Hv1J5dVkkw0rBu6BNOKXfRCebxM7M8VdMIDR5FOgMA-fLRJiCLYDOIrCTuJ2ok6_eRQVO3hqumP9WEhdtx8HBaGS3lUJnWkxR_ae7V1qoIIKP76nagLSS2ipNzUFEOxtcHuO2OR1b2UszZYn5E2-jWX47xqLZ68TAp76f-yXaGSyvYdh8uIQgSiuBhmJpMHiEy4SYlxbLlgRw77jzCrkhd_eL9kSK_WZ7D9SWz5u8RKF9B8oq4u8tQ7K6h8ewFjbdyygYK4pdDtKWUZLaZ8xj2lAx1hoGMEUOd8nkmL4Kb2dxF5UhHi_SF6hyqraYBGn0Y42j92kg-R9SIGOHEwGkLwB1BCp0y3P_ue96bB3I87ySxuYe6cOZBGeh6dqjocnC5_uF7E_icnb9rJf2qSlLbYefaKMl5e4FV3dki6nVJPSLVBXtgts2GC5cIvbWk8xDFBhh_TAZL2uK6aL_2PQ6f893qlUd6RdOJrub0Z_Y5L6kg60KTwVuzbChJaD-fmIIhHOZgkYaxlzzcYbuCAnlqtfmuiqvnf_jLXag0COuhzvkaUcnbHRGHTMTp_D472Gk6ztaZjVxLrdgLX0ws7nlVLwpW8_TMTJb9yvTskfNC7OJ8Do-sHg2CnX-V7CFmV1Xh7mBmfCmqpzMGhd_oH_vA--gZVl_fgZ3oY5raCSL-H1ElMfOgqXLWUiQXFu6MZULgZN660Wp9IB3Kw6MZBgHMKWFYOGQM6yT3MpwDETuBp4jQTXOYqWZwYFx_lu5f0Ykszzar11xmF5c08_k-uFjj33KZTrjpEN5pK_UCh-do0_9be2zkLmFbmhiZFCmyb1E4MYbEQJmqt_EaR3K7ReuEotEnSPc7Xp0C_OosIt8XMhqWsow4Y_HjDv-LzJ-lJ5MNKzrALfbFWc66HiiybO499PXnayOEROjRuJmOFzENBQsdOHKn6ihAeZ3kY0g5oBWbvi8m-nW3JJ240fmcYzJh_rQfO0w8Ce61eBHfNLp3Cby5eH7I8g_lcLHvuzCBxPSTtoOcgX-lkdNHPkjr7TW2bl3DFBzAti44C9qU2wv-hepswlztQ4nG7CmG6DTrsYHGrN5F30A8L8J8W1rdm7c7rJFWldyQacb2rVZnb3-NfJMY7gqufRQFA9FlN4jX0Ctlt4xDxxUesoE-N983ZfFNr-Jsv1rNpUF2ZW0DIfEPT8YMS6HZK7yYmH5_LOTdRkqE6Pt25AcFBxMdG2oMtwImD7d4MX5bqOLmc6ZIhyss3IDfLwvUerrPP6PQfpDIrJgjwsjgnDQtVcSHeQkrfkVYPkmMABowMSjmKK3b8VLJc-AmZ7PrdlF0iZVfZuqAFuO6VswG3qpHtyKAuIJJyEar8dRercneSSJx-pN2j8NkE&cid=CAQSPADUE5ym649U_iDUSGCZCBJRt7O5kp0jNp-jIb64Sxz9JYh2nbIvLmjAJM9FF0HTPuu2mDxehxM7CNWUehgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fchinas-lafa.ru%2F&ds=l&xdt=1&iif=1&cor=9633007423926923000&adk=1964084972&idt=73&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

930d5ad71205bbdbcce233b9bd6da8a69728bdece8407b5aa79542e5d76dbac0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=3254586875&adf=2788751979&pi=t.aa~a.3650758574~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=1&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280%2C300x600&nras=4&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2817&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=bkIEeJuSsf&p=https%3A//chinas-lafa.ru&dtd=15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37030
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 5B01 170 KB
59 KB 160ms
40ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 07:15:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81131
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 07:15:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230315/r20110914/elements/html/ Frame 5B01 11 KB
4 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230315/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPXrIVgR1gZXvDH4XO5VwOA9tIbnWxjLsc10XuTnnIYau3O5z82M4vGl3B3DWJpEM-cdwa2-UKfuBsnVowCST93j09BLPywO-Oe9LZQVYHPxphH1E&cry=1&dbm_d=AKAmf-AzcsDEf4lF2P5EaZjrWOT_OJf-8rYn5AN6eSNTQ5EMsPclsZLMptlefI3_-gj27Br4jxx39w5qz2e7kzM_J9iFyNeCMYnL0NTMvkt6b3kg7SxkyQzcbz9oTNyOKdOQphmhVeAfrtDvV7u4EUs3mUqccCYlqJsBE4ThQbPqd2vrlI27t15RBdG8q5A07wWReT4qJ95M6-DAifKgfzWhR1FwQirynMQFEeTNtaMZr9HD0ppva7Vq5PVeH-eBkkUqT17UhX9tGTMFAGqLaWf3FUReByaeMUanxyd4f3MGiJaFgUnq77fLytgBLEOaZfjirQI_E5efaNPoBefbjSGZxbiH8byp0mEDGohMtmxVmdm0FYfjrxy2tWG-jwRy7Y9U5omR-Gcrf4HiVBTpRQtzeTbwEFYt3k5QJNIwd9MFAQ5IuVAOKenMl2fwAlpvIHusVwhtj7oevji_jSB1QAw9kQsj2YixKYjgL8yM6vfGKDERipvvibMXSjRr2Fk9nAzgEoDV3k8C-8aeSyATjMzKLrN5aw2B_c9YmQZ24Ou7e8Ww4Cp1e22m0_nZaI425cccK_c4c3IP2OiTL0BEzEukOKGNXTOp7ESJIfnp8OUMYOspUpuQ8v6znWDc-BRsncfkufaEbshdoPED65XzHNtqEhr1aiupHd4LhGajXDEjiaLePOC-K5-FmSO5cwcCOIultv60koWhitg1dlx_NQh7rPmqV9-2iQhAOd3NRq0Xhlt85Fcx6UApWYJw1j-iuMp96bh__11pF3vldsiU2SArhsdwpwRMa-5M7G8gGBL00X220vedXgY3FN5NMTWS82KYUN2Jcs4EdNZoCirHuOI5iPrjyN0zukI54f-dkhr3ajPzuOmW_2gPNiq6P7hZMTqhXn_hAtYVYic4EblC6p8ddbm3JNXZnCKn_hog7JLCWjRyIKFj5VpcVz-YbmROhlELxkJ-WSP0DnHxbLu9p7AEBIV12dBnPFCtrFjy4pnUJJzeqEkagRxk2RApyCviq4yOJQwo5lW3cieapQt8lvKaKTvo9o-PKFpJA3NyjPLZYrEe6TE0kRMlPXThrSJ1TmYROLySg07YWK2J0f8k6tLfpXKXiAQ6ryu9wQ5jtrNQErjq5PJ9uNGbFCGRKRdc46rd-occvzMlU0-n-OVHC0w_LDNE4Aj435IL3TEkblPDX8ZmjJeGAywZn-ratS2606jrLtsaSo0ml802wqiWulxA_6DzGsbx7JrnOhCQn9d8i2rahSmt-I_TpHSO5krG38FJraIqlKEwYf4-9jxg0u_Kb2KJUslAvloMsBsRruBY-AxFGt3BKnWbe2nupKR1mpP0K_lpTAG-1P7Ql5AT7L8Al6NIZUnWCGGqO6AF2xE6PJnZFfRkej0rsNeqzIIkyLl9gSo2bRY1w8YqGeeXq02dw1N5RhLcWJD9gvNYeCA1cUBqR_Uj06PrZ6afYIPCM5Q__TtpC1T6pEt5SRMx1lHnTEknFXdhFc1wGdBzGh1LdKYjXNtzaj6wLgjjIIGeLxJn4Jab6FTAPi4-Awsd7_lZ62IXOhIXamMSMomNI2o0eVbAVz6py8ZNElSPJf30dRql75GB2urdT5YnG0VQXqzhMPLJjKrF4jSiyK6qJrCK7ukABAYmD5WHlqs-DsUp_RAf1Uolx-kcm8s2pxVRdQIxLy5FYhJE3_ryxJO_CKcbepSD2oW8f5Z2-3vGDYZ5SpsKQ2Qne0KfqGHF-IBKp8KHnbiWNrJzPeXbC_pQUVHxhi2HvWJGzVWHerIdV2DbcxTBWjXVWExzya-z-Sai-0flC9rh-8lvpzUTmmLj-lB3FsqrN7Z99IPHo-0pEm7F1pZLNjVLj4ewDuN6-BiEplslKW4cFPP7dG5Lm9HM3v5uZ2rZJ7gLyHegM-J-ntHQZnXT7eij9Ay0cLoUtDWd15d1xc_883IrczuZmnzUx23JC6D5YcwZZXPh9-njEhGkQZb2us10TC8TuQjm9X1ddPcZupOXftlMF7uIWKfx5EzfJDqFxEzRvj8qa8mD_3PbVJqOwPUPb7g8azm4epu-TrKpmpM5u0FJQjMfLkeGIKqIYUK7V8QpO43-ZtZ5UkAaZ5StwKRhZoktCy6jDcjwLiD0UiUW_HtSTdwkX0saST1K_fyATK8ZT9xUCT-dJJu6wsQf4isSZeRXEnRt6QnGa5Wvt9x7q0_XzcrQtufhYhd5G_XPyhcm9q5d8n-VN6p_KijO-ixje9_lSKjQRB-7G0o487-pS09bv4en_dSr9IFY-pfW8T3W3TApM5QE4TPDkIAGVEPhbBau3MlcPgOo-gQNbTS8NpGDMJn7tfAs6FGln83IISsLCHEywPRNGBdKviWdQ2vRNyAK0fdCv4G1s9v3yk9LxpA1NcJSWRAC-_o30scNXc_CBxcjbHQ4HFq8giWaKRxg-4JwUtnO9n2ZSer1L5fidtPfR2GjeTdeiigZHDpcQ4lltWouioWaENifdJKATqxc5WAqOj9ocFwz-s6cwiXHpparANhKySVpk6fh_e32_3IeAKw5w6UgM1nNHWE9KJ6JdUYvYZ7SvaWCI60ukq4I7BRdS7wF1J4QFZnoChHHRrE2fLA797IPftxpuaAy-3MQn9rVPxH4TVD56rwT6_U7LJMXJ9OAEo4zjcFwxOwQXu-pXlgTs6JijctdKtjaG8wEEXCSrm7s48gaS3aF2Tf-tYy7UVCgmbgKDM_S9Y-9cLmqPtQrAcPufp_md7UtW4BiQTyRJnMDxByT_s8SIb0-wrWD8G7mQUKr4FKVOF4JJTDrV4tgdfqC0UPpYd2iP-MMWa6csIYrfJST852fQh_GDzF0_RQLN-j7n9gsgQq1S8jfd5h570K70S7qn7s_NRvp2sWghsn_gnfUp3uoroc24tatYi32HZLuqkmk5XcOHFa65EIjDiM4HjDls-xnVr8BjUu9NT7_vr3qpl7jHuHR89kDGNYhGDO_FH7K8Ug3wGwVGqYkzAVFfGLI6cci8_CkpV8DnF58bIfN9ybFimldmCAGhWBIa7wAAm3aJj4_OOuo-_xNcUvHlfXchCV1LBN7AyG2zQGLPob40wZXIZ_FQ8HMUbJWdizPI25Wg_2GWepiF1It9DtdYeSOhTkktFfBaHDnh5_Z4QxVl0caf_69ox4HIjqhmNvHPXulp3hLuuKjCphkeAyuViqVY0I7Nlh2DwFYCMslM5TPiYiO4iXt_17TlswvHJjq47vTL0XEDBzas_MAf1jAWTf-74ZSNEADhVUULKigISmBXAALM8ZP8q0WjRTcKYYqUxZOCzv8YHImztxnL_6BMuo9V-4-vBF1PrUl2iLlmOU17kI108VMdS7VN76qXy9zUHF4O1_2T5sHJgAzGI43rslcixWU1ZgfHMPx&cid=CAQSPADUE5ymMuuxr-qdbmLGeHhYgjU5q7D4Vq4p30Qj0FYCX9SFVui0n32gr4xQuX_3aikPNJzIE9cjisXv6xgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fchinas-lafa.ru%2F&ds=l&xdt=1&iif=1&cor=12393228130390954000&adk=250412560&idt=82&cac=0&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e816f3e7436fc8bd624bbd2429fc2a68a4fa4cb7d8b5bfe0c37aca2e500f1aa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:58:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42594
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4091
x-xss-protection: 0
server: cafe
etag: 6428950819360314552
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:58:03 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame 5B01 28 KB
11 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

982ab4d8bc32fa0262edb5e56aa9536dd6ca6014f2634b43e4c6ef2e25047ff4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:03:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2643
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10959
x-xss-protection: 0
server: cafe
etag: 15636944064868061930
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Apr 2023 05:03:54 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame DFCB 170 KB
59 KB 204ms
93ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 07:15:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81131
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 07:15:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230315/r20110914/elements/html/ Frame DFCB 11 KB
4 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230315/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D2_6Yc5LQDUM0HgsGo9OnhYrDFSE8kV2tdWuxL5vAJjvMlCX3QS4qtdw2jrUfrMadxndQnXqSbnHKaKuYyBjuLn-yrmac2Au0kgd61qpfiFeL0rjU&cry=1&dbm_d=AKAmf-B_dGQNKIbRBv9TsMrrDvfkef9J1m3S2QzZr6Sg6x9D9ADrG1OtqbYFxHcrQ-l81dJo2XZ4vlo-lfnp-YrJx9cf3KR4kdc0H-Z0HK5WO9WsFAOfvZkNcKI5He5AIHzwbQOGnclIlUSAp2Sxs7DraKns8p8AjW8pdxjuHJ9Z6k-zxHaL2ftuLRiJ5DokYuAc4Qe6CGje02OIiKnvkaD61NRbRbxf4p7NGBQN7enE5zMfCxyD_hhS2r6v8Advl7cftfgWIo21h_tnm6cpjKiRnvZ1lEIvS0X8nZ283ZX8ls5WFsPYqUplmY-OxJgWTuICkCXG51e9wN7Fk6XkBUYD_CMq6QmXFm4_ODyV_IzCjGbinkjEogL-wJhnCYiykc6tpw_a2GVwETYpqD9CxfPpuSa61GGLDo52gVC1q16Mr_oavk4h123NNnK4b6fjnhAri-M6E-M7DloBOfzSlC3GUuWh1HLT5HxoMKjCNyVLo-nzI4rLKFK5lDQGvXLdYJ032uxmafHLRLrnsyuWzWifu_-aCui_V0T6uBMqjI6ihXPJj6S-4qNOBOzMGvF27XddMTKQVns19TxopbwoLF9HW7cXz60hSyKWXojx0qg73k8v2nXAjD1sXFM73G7yaUvInTzMVgWGXKH3nSFQkovdOGc8zdL1Y2Ydg7CMFjpRO4_3H1GXFBMnkN1pfqQSdlBKHWylMtsOA_PiY6eceNYsVJ2nJ0ctstmtjmlLFn6KidaPEaX-cb50ZeFusMZIzHqK46_3TMxGAnMrqalSmZ-WwOnhmWQrTqXR3uTL2jRezfKDPlS1JJzXHkyUy_gJyZ-zu3xupUUWV4JXZTLz0eJaxDt5TscFjPqqhaRsk2l2_k-ARf-a1pxILRRopV71QxLouuQnztL_zh0E9BCrotOMk2pf0HUweHLbLYTRt9L14WohH_n6Yw-ivNg8_1kX6OZMtuyQE1o1LGRihb_RLFOQ6_6vTDZs3pMo1_yqC0OqcxRiu4M8lTWGUxLUf52XZzTK49U6JuJU1lT7SAiVPfnQv519Xp2MVBHI51itounXerrZP1p5yxWgvKI87ZBLT-iapRIevk7BjZcUaQqiys-SKr6TfPXd9HUT9vQ0BloD1MLZ-OLIey7AnFOcH5D_4jfiB8ZyB9CNcsVI-NdSVTvh5TQ6_JU6T7gdc4-5vy_L4KcLGuJkJSiPIeDKak432IZT5nXAvnSQG1YrNxCyjrCbU5z-Ipgb6mIF0acIvvLOT7Rzrr_oEf1njaCYwK09TrLyqso5Jb08-9HU1VEKqZL989crwH8C26Kk5CgSbkqQqKC5Of-hFgAvlCzHEmr5NP-BtLUgGcm0DNOaAqaA-NV1ZgJNhos3Oa_maLicBAvTiIpZot0PJwtIPUJpwkszR1qwEXBPOtDbqi7-YHlklpIm-xbbMvOYH_m59NF5FZsn7UX1aUaUFTyytA91aMCG4WTyyx31W3fiJlTqQ6-6OmGOMGZY658q95XSQGfoQfPMHuTEp29w30ibst11g0RV4S8sxSsAOgV2A6NHe9zJPlU-RMD-p4or6OJOKCmWkxWnVJ2VNBt9AASyVfm-N_XpWzRGA9_hL4YwGoTLNJQAso4HdDPP8ZzVy8X9AvaLGnvEbkCCLMccjAmjKMbiYOyVHp1RGfY7NK-vmUk3gcwEjpG84-26vsJk1Z3TqrPew_q_fJheVSI8h6QUXXh-VTs7D8zMi2Mz2fFmL54aBUR8RcfhALudIuqCNWvT4hVwYzRcY0TUN_Av-KYUJF_N_hb6k7JxQDW3PqKScRM56aeEcLi-EpGtIRgZq-YGYe76gbR8mTmeTYY0cVqb-LDzBeVqcFs9FgBYVTnFGpw3NmBQnd8P01a8I8AxQs5QFMBfe9RsbBtXxlygFN9t73jR0BVDaWKKOIGM3TNKbneJsyuH971fK7Lg_C16brmozrgPgxBJdP0k0MaqFBqfsg2RH2wDfscWa5Ltvm-1Hv1J5dVkkw0rBu6BNOKXfRCebxM7M8VdMIDR5FOgMA-fLRJiCLYDOIrCTuJ2ok6_eRQVO3hqumP9WEhdtx8HBaGS3lUJnWkxR_ae7V1qoIIKP76nagLSS2ipNzUFEOxtcHuO2OR1b2UszZYn5E2-jWX47xqLZ68TAp76f-yXaGSyvYdh8uIQgSiuBhmJpMHiEy4SYlxbLlgRw77jzCrkhd_eL9kSK_WZ7D9SWz5u8RKF9B8oq4u8tQ7K6h8ewFjbdyygYK4pdDtKWUZLaZ8xj2lAx1hoGMEUOd8nkmL4Kb2dxF5UhHi_SF6hyqraYBGn0Y42j92kg-R9SIGOHEwGkLwB1BCp0y3P_ue96bB3I87ySxuYe6cOZBGeh6dqjocnC5_uF7E_icnb9rJf2qSlLbYefaKMl5e4FV3dki6nVJPSLVBXtgts2GC5cIvbWk8xDFBhh_TAZL2uK6aL_2PQ6f893qlUd6RdOJrub0Z_Y5L6kg60KTwVuzbChJaD-fmIIhHOZgkYaxlzzcYbuCAnlqtfmuiqvnf_jLXag0COuhzvkaUcnbHRGHTMTp_D472Gk6ztaZjVxLrdgLX0ws7nlVLwpW8_TMTJb9yvTskfNC7OJ8Do-sHg2CnX-V7CFmV1Xh7mBmfCmqpzMGhd_oH_vA--gZVl_fgZ3oY5raCSL-H1ElMfOgqXLWUiQXFu6MZULgZN660Wp9IB3Kw6MZBgHMKWFYOGQM6yT3MpwDETuBp4jQTXOYqWZwYFx_lu5f0Ykszzar11xmF5c08_k-uFjj33KZTrjpEN5pK_UCh-do0_9be2zkLmFbmhiZFCmyb1E4MYbEQJmqt_EaR3K7ReuEotEnSPc7Xp0C_OosIt8XMhqWsow4Y_HjDv-LzJ-lJ5MNKzrALfbFWc66HiiybO499PXnayOEROjRuJmOFzENBQsdOHKn6ihAeZ3kY0g5oBWbvi8m-nW3JJ240fmcYzJh_rQfO0w8Ce61eBHfNLp3Cby5eH7I8g_lcLHvuzCBxPSTtoOcgX-lkdNHPkjr7TW2bl3DFBzAti44C9qU2wv-hepswlztQ4nG7CmG6DTrsYHGrN5F30A8L8J8W1rdm7c7rJFWldyQacb2rVZnb3-NfJMY7gqufRQFA9FlN4jX0Ctlt4xDxxUesoE-N983ZfFNr-Jsv1rNpUF2ZW0DIfEPT8YMS6HZK7yYmH5_LOTdRkqE6Pt25AcFBxMdG2oMtwImD7d4MX5bqOLmc6ZIhyss3IDfLwvUerrPP6PQfpDIrJgjwsjgnDQtVcSHeQkrfkVYPkmMABowMSjmKK3b8VLJc-AmZ7PrdlF0iZVfZuqAFuO6VswG3qpHtyKAuIJJyEar8dRercneSSJx-pN2j8NkE&cid=CAQSPADUE5ym649U_iDUSGCZCBJRt7O5kp0jNp-jIb64Sxz9JYh2nbIvLmjAJM9FF0HTPuu2mDxehxM7CNWUehgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fchinas-lafa.ru%2F&ds=l&xdt=1&iif=1&cor=9633007423926923000&adk=1964084972&idt=73&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e816f3e7436fc8bd624bbd2429fc2a68a4fa4cb7d8b5bfe0c37aca2e500f1aa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 17:58:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42594
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4091
x-xss-protection: 0
server: cafe
etag: 6428950819360314552
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Apr 2023 17:58:03 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame DFCB 28 KB
11 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

982ab4d8bc32fa0262edb5e56aa9536dd6ca6014f2634b43e4c6ef2e25047ff4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:03:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2643
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10959
x-xss-protection: 0
server: cafe
etag: 15636944064868061930
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Apr 2023 05:03:54 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5B01 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 09:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158916
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Mar 2024 09:39:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4184 1 KB
643 B 40ms
39ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 62676
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Mar 2023 12:23:21 GMT
etag: 48472445140208031
expires: Tue, 21 Mar 2023 12:23:21 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5B01 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5d93f972c34e66b140db51943dbbd6c57021b98e70e5968857c21eef04ecca95

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame DFCB 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 09:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158916
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Mar 2024 09:39:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4B6B 1 KB
643 B 40ms
40ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 62676
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Mar 2023 12:23:21 GMT
etag: 48472445140208031
expires: Tue, 21 Mar 2023 12:23:21 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame DFCB 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4f9ffd2a84b2b390f7bc7b9eb516c5a34e14b1c01785749b7838fbacc76bd26

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D6B2 22 KB
8 KB 41ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 230507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 13:46:10 GMT
expires: Sun, 17 Mar 2024 13:46:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 4184 0
104 B 257ms
81ms Image
text/plain 2a02:fa8:8806:20::2010
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEMjzOvv_E83Iylq9-V6mp5M&google_cver=1&google_push=Aa02lx8Cx1arqMLQOOUrdu77hWAnaw8XsNClPQ4fjskqkN3UP2reTOodInBn0aG1bcGenWPEvPzCgu8KYbU2ndP-JGOzj7jbm1A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=2562254491&adf=1605564971&pi=t.aa~a.3108187763~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=-M&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280&nras=3&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=koPFbdLr6Z&p=https%3A//chinas-lafa.ru&dtd=9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4184
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAbPkk72gCJUNHFujlRJdyo&google_push=Aa02lx-PKjsraNlchv_TAje_TTLenPtFFLs-DwvKQ5agO2nRsTdnXm3Ido...

170 B
188 B

50ms
49ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAbPkk72gCJUNHFujlRJdyo&google_push=Aa02lx-PKjsraNlchv_TAje_TTLenPtFFLs-DwvKQ5agO2nRsTdnXm3IdoBmMQLf4pi3I-TAJp_37xOr5uPKU-QCWbyNZw6xCRBr

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220024-HHN
pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1679377678.965267,VS0,VE93
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAbPkk72gCJUNHFujlRJdyo&google_push=Aa02lx-PKjsraNlchv_TAje_TTLenPtFFLs-DwvKQ5agO2nRsTdnXm3IdoBmMQLf4pi3I-TAJp_37xOr5uPKU-QCWbyNZw6xCRBr
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4184
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEBeMB8Eeq29Eyyxuu9Kk-3c&google_cver=1&google_push=Aa02lx920mNw1Lqm1vwa7g5DSYBx0Ote6ffWQPhWK0bJ33L-oYp5lrAY9HQN7tgUU-kdIg2mcMpx-B8exV0J5S7n5asI41dmWPFg
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E0FEDC37CFE14E0EB1722EBAFC56A17D&google_push=Aa02lx920mNw1Lqm1vwa7g5DSYBx0Ote6ffWQPhWK0bJ33L-oYp5lrAY9HQN7tgUU-kdIg2mcMpx-B8exV0J5S7...

170 B
188 B

51ms
50ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E0FEDC37CFE14E0EB1722EBAFC56A17D&google_push=Aa02lx920mNw1Lqm1vwa7g5DSYBx0Ote6ffWQPhWK0bJ33L-oYp5lrAY9HQN7tgUU-kdIg2mcMpx-B8exV0J5S7n5asI41dmWPFg

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 21 Mar 2023 05:47:57 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E0FEDC37CFE14E0EB1722EBAFC56A17D&google_push=Aa02lx920mNw1Lqm1vwa7g5DSYBx0Ote6ffWQPhWK0bJ33L-oYp5lrAY9HQN7tgUU-kdIg2mcMpx-B8exV0J5S7n5asI41dmWPFg
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 20 Mar 2023 05:47:57 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 4184 70 B
265 B 179ms
55ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESELpHzyEAGtlb9MBKuIW6y9o&google_cver=1&google_push=Aa02lx9Z6hUWv3aMVu4SjbDR483N0-s_kTxF0Yz5OZY4zvbuhF3SJ3TQFHil0FO3FkencBaQEUHV0KndvHdPnACQ2iYYXf9sD503
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=2562254491&adf=1605564971&pi=t.aa~a.3108187763~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=-M&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280&nras=3&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=koPFbdLr6Z&p=https%3A//chinas-lafa.ru&dtd=9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 4184 0
173 B 148ms
48ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEJPPb6lk2GON141SC7MkR64&google_cver=1&google_push=Aa02lx9Q537cyM77M08-bTv0-1LGe6rHxj657GeqoTOsl3sRl8HZsN4GylZIYKVwXheYwk5915T6COkjxxIxkWarbPnUybMZDpwF
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=2562254491&adf=1605564971&pi=t.aa~a.3108187763~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=-M&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280&nras=3&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=koPFbdLr6Z&p=https%3A//chinas-lafa.ru&dtd=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4184
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEB9XyF_lSamEh2zFef3ZeH8&google_cver=1&google_push=Aa02lx-13wZ4Z-x4vgqJVryxVqBSSSfhp4N5e6LzK2gTDSuJFaSDgD0GiEqMeCjriw7-lnhDZmFsWmhVTFuMjKuD14J82Y9...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx-13wZ4Z-x4vgqJVryxVqBSSSfhp4N5e6LzK2gTDSuJFaSDgD0GiEqMeCjriw7-lnhDZmFsWmhVTFuMjKuD14J82Y9JSKSI&google_hm=eS1kN2dMeDdwRTJwRVBlYX...

170 B
188 B

52ms
52ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx-13wZ4Z-x4vgqJVryxVqBSSSfhp4N5e6LzK2gTDSuJFaSDgD0GiEqMeCjriw7-lnhDZmFsWmhVTFuMjKuD14J82Y9JSKSI&google_hm=eS1kN2dMeDdwRTJwRVBlYXZUSGlNa0ppblRXN2dZakRBOX5B

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 21 Mar 2023 05:47:58 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx-13wZ4Z-x4vgqJVryxVqBSSSfhp4N5e6LzK2gTDSuJFaSDgD0GiEqMeCjriw7-lnhDZmFsWmhVTFuMjKuD14J82Y9JSKSI&google_hm=eS1kN2dMeDdwRTJwRVBlYXZUSGlNa0ppblRXN2dZakRBOX5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4184
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XV0kfaRlQ9afwK4Qy10TeQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

56ms
56ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XV0kfaRlQ9afwK4Qy10TeQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx-LTQnU3MpqYxNtiqmIRcslnRJEqFUptnZmEyqm1CwCUm29k61AJfKWjMT21MuYrdVn5i6slj0IM3_pfj2stDMFjzBJpsg

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XV0kfaRlQ9afwK4Qy10TeQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx-LTQnU3MpqYxNtiqmIRcslnRJEqFUptnZmEyqm1CwCUm29k61AJfKWjMT21MuYrdVn5i6slj0IM3_pfj2stDMFjzBJpsg
date: Tue, 21 Mar 2023 05:47:57 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 4184 0
59 B 55ms
54ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L-FGmtXh7X3HkQ22haSZTZZoWi7DcHFi5RgezpNEqAboZEtg0RUcfDTOwEz4_LMuvieNrV

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8014 22 KB
8 KB 47ms
47ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 230507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 13:46:10 GMT
expires: Sun, 17 Mar 2024 13:46:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 4B6B
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENnO-66jX125GGNv2xWB34Q&google_cver=1&google_push=Aa02lx_YT6K857BwsaEDnvNPl92CDJWy3P9gFHSSjnzuW-z61MTr41TiYGufPUS5vkEk1ZARAFSygepIjkDHq17aQPUbPFlAqVBN9dg
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjU0NTE0NDQ2ODk3NjczNzQ1OQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENnO-66jX125GGNv2xWB34Q&google_cver=1

43 B
398 B

259ms
45ms

Image
image/gif

46.228.164.11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENnO-66jX125GGNv2xWB34Q&google_cver=1
Protocol: H2
Server: 46.228.164.11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENnO-66jX125GGNv2xWB34Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 4B6B 35 B
465 B 137ms
42ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJQ4_-chpy-dP69vUviJVGY&google_cver=1&google_push=Aa02lx-YQqWl6EHbpYcAaNVirqMh770C42vdQRtc8q49hykOR3whngQpVrHTy49L6BXOGYkqB5HszTqwbOPhm6BRuWODnmCxcSThaiE

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 4B6B 0
103 B 246ms
83ms Image
text/plain 2a02:fa8:8806:20::2010
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEMjzOvv_E83Iylq9-V6mp5M&google_cver=1&google_push=Aa02lx9IoGjTIGfxNfR4RJcu8n4POjUMDu49VlX1r_sbrBfbx_mTts2OapXikDNzGZM8hrnY4k5s-XRe6vV1X57pSMGFhYXot1Q1BS1D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5961121494812113&output=html&h=600&adk=3254586875&adf=2788751979&pi=t.aa~a.3650758574~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1679366080&rafmt=1&to=qs&pwprc=3663841965&format=300x600&url=https%3A%2F%2Fchinas-lafa.ru%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679377677093&bpp=1&bdt=1477&idt=1&shv=r20230315&mjsv=m202303150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daa3e6040490e3fbf-22947ccb63dd0024%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg&gpic=UID%3D00000bc9954d5743%3AT%3D1679377676%3ART%3D1679377676%3AS%3DALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg&prev_fmts=0x0%2C1090x280%2C300x600&nras=4&correlator=4733014202115&frm=20&pv=1&ga_vid=695909079.1679377676&ga_sid=1679377676&ga_hid=997082025&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2817&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44777877%2C44759876%2C31073104&oid=2&psts=AD37Y7t8-DzLBHY3dSWa7E7CeHRYXjwuoUrusUNh6DDbPJmvHmP3oPMSXH9NckBwNBfKdAQp_2630xb507b_0TUNMapwUA&pvsid=4257565016348634&tmod=988335301&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=bkIEeJuSsf&p=https%3A//chinas-lafa.ru&dtd=15
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4B6B
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEBeZUtXB71clq5B8eEp09_I&google_cver=1&google_push=Aa02lx85gOLH_ek1JTaB2ZV49ioUYojfQXM5zO0CY9hWEPi_kGNMGXxCETnGN6EKblGcq1d2qZkF8qK-Tlu...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx85gOLH_ek1JTaB2ZV49ioUYojfQXM5zO0CY9hWEPi_kGNMGXxCETnGN6EKblGcq1d2qZkF8qK-TluuClBPaICbV2Z6kUnigZYz&google_hm=SlQZohWMQkS4oIkL...

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx85gOLH_ek1JTaB2ZV49ioUYojfQXM5zO0CY9hWEPi_kGNMGXxCETnGN6EKblGcq1d2qZkF8qK-TluuClBPaICbV2Z6kUnigZYz&google_hm=SlQZohWMQkS4oIkL0DMPUms

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:57 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx85gOLH_ek1JTaB2ZV49ioUYojfQXM5zO0CY9hWEPi_kGNMGXxCETnGN6EKblGcq1d2qZkF8qK-TluuClBPaICbV2Z6kUnigZYz&google_hm=SlQZohWMQkS4oIkL0DMPUms
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4B6B
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEB9XyF_lSamEh2zFef3ZeH8&google_cver=1&google_push=Aa02lx9kVTVNsmB_6IvoIPYZWwbCnsA099BFDNKKcF3Zwk7oAQhRRpzKdF4w_SUcI6Wd1ZLTL4VyHlVDsmp9BeSTM2hgaqh...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx9kVTVNsmB_6IvoIPYZWwbCnsA099BFDNKKcF3Zwk7oAQhRRpzKdF4w_SUcI6Wd1ZLTL4VyHlVDsmp9BeSTM2hgaqhTIZMZ0Qyk&google_hm=eS0zZ1J0MEpoRTJwRW...

170 B
188 B

51ms
50ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx9kVTVNsmB_6IvoIPYZWwbCnsA099BFDNKKcF3Zwk7oAQhRRpzKdF4w_SUcI6Wd1ZLTL4VyHlVDsmp9BeSTM2hgaqhTIZMZ0Qyk&google_hm=eS0zZ1J0MEpoRTJwRWl1SVBheDRiYUlXWUc2dmxRZ0tpNn5B

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 21 Mar 2023 05:47:58 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx9kVTVNsmB_6IvoIPYZWwbCnsA099BFDNKKcF3Zwk7oAQhRRpzKdF4w_SUcI6Wd1ZLTL4VyHlVDsmp9BeSTM2hgaqhTIZMZ0Qyk&google_hm=eS0zZ1J0MEpoRTJwRWl1SVBheDRiYUlXWUc2dmxRZ0tpNn5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4B6B
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEDq6cISFwB5hkxg4rSSjimg&google_cver=1&google_push=Aa02lx-fdmYL61bs9BPDBsqUpQK9-WbsqAYW3ZUKLWk8RSgY377eBR9kXPGsOfl4qXCGUsdQMbaVcOxs8x5VG2ropjdt9yV...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEDq6cISFwB5hkxg4rSSjimg&google_cver=1&google_push=Aa02lx-fdmYL61bs9BPDBsqUpQK9-WbsqAYW3ZUKLWk8RSgY377eBR9kXPGsOfl4qXCGUsdQMbaVcOxs8x5VG2ropjdt9...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx-fdmYL61bs9BPDBsqUpQK9-WbsqAYW3ZUKLWk8RSgY377eBR9kXPGsOfl4qXCGUsdQMbaVcOxs8x5VG2ropjdt9yV920WuZ9Rs

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx-fdmYL61bs9BPDBsqUpQK9-WbsqAYW3ZUKLWk8RSgY377eBR9kXPGsOfl4qXCGUsdQMbaVcOxs8x5VG2ropjdt9yV920WuZ9Rs

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx-fdmYL61bs9BPDBsqUpQK9-WbsqAYW3ZUKLWk8RSgY377eBR9kXPGsOfl4qXCGUsdQMbaVcOxs8x5VG2ropjdt9yV920WuZ9Rs
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4B6B
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEKCQJ_x6giJtMoJ1sU1N9LY&google_cver=1&google_push=Aa02lx_hhscZIbFRrnPFZT7rd8nYHBeFjq9fDFx52t8QpCMW9aWJpxuLPbh9WOk4MQk0cFpJtS8k9RjpIneX...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx_hhscZIbFRrnPFZT7rd8nYHBeFjq9fDFx52t8QpCMW9aWJpxuLPbh9WOk4MQk0cFpJtS8k9RjpIneXs_uN3AslnEQsHfsPj67H

170 B
188 B

52ms
51ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx_hhscZIbFRrnPFZT7rd8nYHBeFjq9fDFx52t8QpCMW9aWJpxuLPbh9WOk4MQk0cFpJtS8k9RjpIneXs_uN3AslnEQsHfsPj67H

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx_hhscZIbFRrnPFZT7rd8nYHBeFjq9fDFx52t8QpCMW9aWJpxuLPbh9WOk4MQk0cFpJtS8k9RjpIneXs_uN3AslnEQsHfsPj67H
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 4B6B 0
49 B 53ms
52ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L98dhI4uhBihkJ774igC42382ofXkIrzsrA3cxHiPMAwXeQZ78M_VRWQPkaGNgwUgvo-vz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:57 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js Show response
pagead2.googlesyndication.com/bg/ Frame D6B2 36 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87b72bb230a3d085fedbcd93626ad07d8fab3a75cd623e8bd11254f2850e696e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 05:03:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 348242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14251
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Mar 2024 05:03:55 GMT

GET
H3 200 h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js Show response
pagead2.googlesyndication.com/bg/ Frame 8014 36 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87b72bb230a3d085fedbcd93626ad07d8fab3a75cd623e8bd11254f2850e696e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 05:03:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 348242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14251
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Mar 2024 05:03:55 GMT

GET
H3 200 300x600.html Show response
s0.2mdn.net/sadbundle/11698040626992906240/ Frame F052 47 KB
12 KB 130ms
48ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=fncDBViWvO&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e5389d4ff8aa7414543574acab723071581bde8808b8ab852e2b3b774fd3a99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 05:47:58 GMT
expires: Wed, 20 Mar 2024 05:47:58 GMT
last-modified: Wed, 15 Feb 2023 15:30:55 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5B01 0
0 197ms
86ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsse0OlexoWyAMwnBn_D38eAecazsBeKAa_0LIf-Vff1q9hbrmzmARgAPLoS8Y1_OymTEQade4fVTRpPs6VcG0j3mT3IePc6u9dLxxVvyu8TeoHGcx4BqURrqyvSaeQF87k8kauhCLeZn2cJD_EGP0cZ95U7CLFimNpHiTJoE5RbMv5Hs_BvV73reLYw2ZgodxrQPfHOGjWz-cRvOT_dvkvkWFUPDN7oOzG9s6VcL-nXEq-s8Q1WGq8V8o2O16tamIqs0C-hC05kHKd49ozoLXoO4TKCuEtNSMxDWhIvVTsarfgDEgoHPQ6qaitA_7KFpfM5VRegq01DR7hlrtk3ACfF7YOQhy2oASqKmlPI1JfvSMdge0I0bqv54ZaJbTFvdOYy70w2yssiCUQpA0eekoEqbjj0G_XhO6MtY9cDVI4FB10ao2E_YJ0JNh1o0bFSFLw5V_-sk_0qk1YZVPkcoT2FQZvXCkn-Oh2Vnxp7G6VVSgKhsmmV5Sp-LE9-u1VZprCYW0n_l3OivETSB2k4XbciBjAxx0panKG_BcOs6d0xQdF1rmxp_AOG7Nrq78LUkpozc60dMLrHMbjbZMPpQmHV2RZ1Qc5DD_KW-egX9JZI3U4PPSDPMgRchbxZK6VKbQPEh-1IRbFLHTWrkFGcPxjk7dd4Jv7ODgT4Sv8YHJLJ6wZgyIFpoa2WPBL3OTJhmVQC_b1eTxa4H158jdHbr5XVHBh7NBaqgSa9NVw6Rg8WA8_iuxkhRkv7jHPfaMxy8lsQmsqOxMoCnlX9mKhcWXEcfD_jJ5gEeQqSBrxMSJhh3IL-YHzYvaxa9u5cukoHhOBWMG8g02RlTBtFWO7jA2bkAzGcdYeIYendUzAIRlhp5s5ohYBlVrSKHMonUbsyB3FbolQlSt7xj1iwhisVs23vAlFJ5P_Kn9scf2-_fbNy2MaEgMRwKELPL1y1I8XQAm6eSgXQlTMUmeqNsigDpw_8xhd9qs2cXTYuafqXrJVkrr_DJGBXxkVe7Jrcg62Ut7yXIiaji5_MAK_ah7LRCw5cymaxH6KnnjeMER5AEw4ecpfQ-wVPhPDKG9dM70wMGuOBo80bz4P5FDgk8I9GwuonCxBDU12IE_Z1us93Gn8Vz9DUAFg8VNK3xFUvGDF9RjXNrMGMMo5rluef9lDnY2gqnejhpaeT--f1XBUn7GpYZ18jWuP3BIKzTiOvsN_U3bIInrCQSHbGLWE&sai=AMfl-YRDjn7qcdcr2xF0b2tVZCT1dYTVqObRKiBVhLFZr5yzJhNsuTCpxdVzlBtc9aiCEuZaDsocl4d8slVpNtQolvZ-zLlbN8bgw3Ko5PBPTM6zLQKiPuj5ukLiUficqgwO_r3_rSMrV-qHJySVvAZc-snsXafQweBxfdpVLvIriQ2esKsZAtNPXsmGXW5UTz9zPlq90_ZdSA8_rCuejemTTOm8vBAswskT9AejWvYBG4Qr1FALkBMzcBMQ9igFaC_12HNDl9c&sig=Cg0ArKJSzNufRzjXLJMDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=262&cbvp=1&cstd=256&cisv=r20230315.09374&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 21 Mar 2023 05:47:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 21 Mar 2023 05:47:58 GMT

GET
H3 200 300x600.html Show response
s0.2mdn.net/sadbundle/11698040626992906240/ Frame 4629 47 KB
12 KB 127ms
60ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=YbDXC8TdOZ&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e5389d4ff8aa7414543574acab723071581bde8808b8ab852e2b3b774fd3a99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 05:47:58 GMT
expires: Wed, 20 Mar 2024 05:47:58 GMT
last-modified: Wed, 15 Feb 2023 15:30:55 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame DFCB 0
0 186ms
88ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss9HmJiey-MkIGdirY0HXslIcTuzmO3GaB-h4YdyDZC-EvcuWFHhPv6ggwD3mZrP37HuDU109h7E_5ObiIj1WR2Z8bI6Fkwa2asBpXwtKbHH8kTfBHUhbeMRba3ykDiKsgu20hahLlnk6JR9os29eb7xnZbqmhrqdR12uUx49mrtuDMM3xwRJALm59sArYmNVK58OY_3LuAAZPkXxbJFeuUowNQTQ5hgJqtwvlfIKPWOlgiGWq5YYnz7JCymy3mXBJMDtCsp7z5Uv4d3YV2H7uPSHaaRMPGHxiiV12OEORNIBZRfafIjtdpkI02j_J77_kHUMX_Yay05uQC2MIB4mO_G3anE35OUrC0D-eIUXqEHTkIs9rnYcf23sLcbpuI3FWjK5xiydE7ZUHpFwwiRrZ1bfRhn7n-RkJxN4SylAQ2eSrFtIZ-6tkknVnfTofZYJktBcHgc_rinaR21pxrLI_m7jzqY1C_ZCLBu4yNtyReK4LGEw1w6DkkzSfodHQHFf_fJUZLi73llYqPcH9RXrs1g7nz-6nA18mXmQZCQiZhCdjHgkoHienhlBcFIOFbB0uADuobGCnqExYduezNNCFzwhOhSFE_Lq8xvA68ULNktKjyHJWay2d-P7s54BoHyc0FeLV68Vm2V6jPrxEtNSfME2_Rmj9FRVeNDOQUOfqj_-vnUP0T4Oa8fyBS240fhGmtUUg_BylWktlUBTCgXJQ3Ke-DIM8Ez-cDqsCuigNZo5b7vWB0eejZRGobaau_rmj_sAn-JCrlpGa4OxGotFCv7nrRH3C0iG2XRfbOMlBk5Xv4xDMDUVOZj6ZXACnRs9MQIXJR1jlRFPo9d83Wy2Mx5_8NBo-3N7pOC7r7cMkB1UMvhj_Swq4Ol_9R7V1WC8CkcI9CTEIwbMgHpDRsDdnKrShWlT9Ttx-MTTSmrOCVloI9TW_h8jZ8QVyg7jVGcx1Y32kyqdhPIReLVquw1d9oKWaBRoBNTgitMcof9MXiMQZvGrNTfxCHiX9hK4Yl_W290ZjgrDpQYHvYselxeclbmIH25p_omuUoXih3bT8nrtNsopHi74mYKNclOAmQ5QQFBP24SyNyaAI_fOwqlzCjssUlGyGDlmMZ7jgaA0tKR7VNiokpOfrWYr6O2inDGN8B2l6bHhvdQDRtB8Vln5rMVvJUhwHK5hzCnRZ4qfCXww4GIXmSoldYRA9BMhqbkwpaYVHUu2Jk&sai=AMfl-YQC74YK43mudCIjC_6jU6jvIrc2MOhVMt8D-s5PqBAhTm8Il9cNdbbNSM8NfvDwWdWKrmUvLwEQLF2y5BTh0OF_bGnzxdshZWdewXrLOQHzyr5eGrZsE-IrUCFsdECAQQRLcAHlzch29s9mYg8so04QsqZx6QTOJxLxMc2SKOMWHWBU6Jcgx3lIA6q9WcuuTtMOzaAU0oYkUZ7lsKaCTBiE9BtWLoGBl6j6OUQnxjz5AbOHsUv9Rd9i704ZzfLwMKAsxUk&sig=Cg0ArKJSzOU53-5-SjRyEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=266&cbvp=1&cstd=262&cisv=r20230315.51313&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 21 Mar 2023 05:47:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 21 Mar 2023 05:47:58 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame F052 118 KB
40 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=fncDBViWvO&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=fncDBViWvO&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 18:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40544
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 18:32:14 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame F052 63 KB
25 KB 92ms
91ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=fncDBViWvO&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=fncDBViWvO&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 05:47:58 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 4629 118 KB
40 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=YbDXC8TdOZ&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=YbDXC8TdOZ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 18:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40544
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 18:32:14 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 4629 63 KB
25 KB 93ms
93ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=YbDXC8TdOZ&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=YbDXC8TdOZ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 05:47:58 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8014 0
20 B 77ms
76ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BkGfnDUUZZLn_Jov2gAeol6vwDgAAAAA4AeAEAg&bg=!9vWl9aHNAAZEjmHWZI47ADkAdvg8WoBEKOsXixuO5PZ1MzCTp28_MYWCP0o1v4bJDKLCspObYw5dSMx2YSQf4cDo-Z7-r0ywmS0CAAAAlVIAAAACaAEHCgC2s_40DTfZEhvwE3CaL7OJbvrS-l8MGluUhou7aMCubAp2MoGJebvNgUyaNQypOEsLWZwq3GHfEDfNrHm25XG4cz75ioPEkWlJ15exhrKsK-WhjVNsD2MCN0ik4WqUYkL8vu1MrRjPB7i_T92i499yIrXTrySWiJcNxq1bXD-Seawsdce8KKiZJz5VJ28cvpeCMvWlifMkFbvzWg95-g9RBNzfqxuW2i2RpPk-EtzQAFVfjMacI0WZAsU7I6dfnx672M-f0inju3IVnb-QRpedF-QPl3JQvRMkbwB2j8sei-v6iwcgEQut3sBCiidl9kcoWqIMOGQjsL6SMkrpxLY0faXbBSP3nCbr087ryRY7-RdSf2XUMLdKTmdCV9-w-QIkrB8CxUpU3lm9-8Ld5KKthK0-sxz8UuHY6OV_l3EnLMQfMLgO-I7z-NrVIkWCc0nfc0scwEjjo9-YqTOLpbv_8sNIjXE4twvwxLbqVNIdKkJUJBm71HtAGQxmFqqSd5uVxzSksJo-EOyuNk2FP7HVqae81YPovpqI1onprhgCNJ2scdXSc2hTo0PHPuSlFV0WYwhWYBQaf_1YeZVfCIYVeerY4jqDd1NU44mQztMctzRYgbAlMI0qn1_-cESuOrNoHk2d9WXlNO4he2luXCchFWdpm0GeEdUbR-q8iEaI5rkQa11izF2QB9VhoNsS0uYGQ_E9Y4MOdbFSzuN_ugK5ltMiKGxkIRM84z40RQamGCA2SlpkHUwvpbPEISSry5l8ahQmuex0cmlPNGBwuSfnJisdg9VQC-fYn1AaTs3GTdVyOD6FqyiKY6JbmZUCDLbZdeELzMZS0Rs8_tBDQTFl7NO2mnm-LrSUZ8proMD7HTEpVYPflKllblpYkeOfWkycqm9M8bUTNB142xJflMGSw41fe0lr1q-6J0wGx9ySYNOava6x9FtZkN_7Vx43JKhkJX6hvUjd4rXGBXPCg7yJW0A-z5pssBd9fPIo99eHXe_wsV1ObA_yQp1tV-FpNytVj72ktxZ9sf9yQ8R3xsdbJ49ha18Y-o4ATwq2sKSJNFsO8UY925QeeibzRjPI5jWzRNFUndN58wBS8gZk8LzNjWHVHZ2uDXdBVhL1FqdNIOXGYSOMyRCt_HeOyKfqycjwlV-2HH8bq-FoUEL5_KO0L0LFzxvUxFuucNQ6DJ55

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D6B2 0
20 B 78ms
78ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B4RKGDUUZZOe7Jd_px_APhIiFiAcAAAAAOAHgBAI&bg=!LC-lL3vNAAZEjmHWZI47ADkAdvg8WshPVWBsLAxX_TwLXWXsScn6kZanb65wuKbCthsR8JBy5Y6NP8q7ZjHLCAuXX3MqyF-JyjgCAAAAsVIAAAACaAEHmQLCEdsruLYrc1-txwmJ4-SOIAxUR8EhyR0teWlu8UYtikI1rgVDARh7aAD70y1RJRaxjuyRCIs3jw3zipmjRVUmh7P-xr7g8TGdDl5DCDEyxYpuDj6LpifoWR92t123jiFQ2UMWZgsbp--LY24vMqT0f_FA9Dfs0Fy1CGvlnGzRY48AEQ6TjrIK9hud27VVt5ijh_Qnc-wSwyK-vzZOMpC-RgH4DVGNTIN5pYDrztmLL1cPZgECh-LOp2cshJkRlhbV9VEb5weK4iE4-rZpxKjkKK45Th0EVHy3u5OfQNGuLaY-T7-V1f1B5QnCACzlj0o9q8D_adrydXWYEmXPKR4OWZOrAMqR3RotdQRTecyKeuBbp2YLmreMH_hRVK_AHDBANlsBibe8c6ob3DCcOk0fSB3qiZhbFYUv27C84C07jURTOP3-Fto2s_LfzToUPkDirak-HrVGMXXwoF9oMp-if2_7u59V8Vsj9hiHDX9IgKR9yVaGgh2IL9-UIB-ABWhkLD0ldGwssk-Vnd71Jl7GfQgY7T_jUkGvToc9iZPyVteQGbfEqeZG0WnsixZYcqMB6DDRjTxAW7VP0rXNA3ytfuIeAFf5WrDYPywJ7HkAlBOsWsFOd5v6slwytyp9ycX8iXDPRm4pKSikTfGMioByV5F_7sNTVRLcO1XCQIkAgH_TV-YkOmP4V6JLHJ9u5Wa6cy5XhX7sDsgvzSBCAQcEzK2DIbKEFdk_iQ-AmA3ND_rZIPQDY-DoS2ludBv92dW0Jb2NVeUeQRO2alXNsbTTPKOrItQw3vsTgAYZLJ1U0aN4YbO9gTU074QG6NWc-xYqjqKeG1kwgVExGuOXmgAxG-bS-Imbo3moy3_B4-Ld1r-qP6NrKDGkMEt2cV58jCbqPzVmrz8m91J6B-CQTxC0ZVa_xZW0xnTPqgs76CVDX0edeg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5B01 0
0 77ms
76ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsse0OlexoWyAMwnBn_D38eAecazsBeKAa_0LIf-Vff1q9hbrmzmARgAPLoS8Y1_OymTEQade4fVTRpPs6VcG0j3mT3IePc6u9dLxxVvyu8TeoHGcx4BqURrqyvSaeQF87k8kauhCLeZn2cJD_EGP0cZ95U7CLFimNpHiTJoE5RbMv5Hs_BvV73reLYw2ZgodxrQPfHOGjWz-cRvOT_dvkvkWFUPDN7oOzG9s6VcL-nXEq-s8Q1WGq8V8o2O16tamIqs0C-hC05kHKd49ozoLXoO4TKCuEtNSMxDWhIvVTsarfgDEgoHPQ6qaitA_7KFpfM5VRegq01DR7hlrtk3ACfF7YOQhy2oASqKmlPI1JfvSMdge0I0bqv54ZaJbTFvdOYy70w2yssiCUQpA0eekoEqbjj0G_XhO6MtY9cDVI4FB10ao2E_YJ0JNh1o0bFSFLw5V_-sk_0qk1YZVPkcoT2FQZvXCkn-Oh2Vnxp7G6VVSgKhsmmV5Sp-LE9-u1VZprCYW0n_l3OivETSB2k4XbciBjAxx0panKG_BcOs6d0xQdF1rmxp_AOG7Nrq78LUkpozc60dMLrHMbjbZMPpQmHV2RZ1Qc5DD_KW-egX9JZI3U4PPSDPMgRchbxZK6VKbQPEh-1IRbFLHTWrkFGcPxjk7dd4Jv7ODgT4Sv8YHJLJ6wZgyIFpoa2WPBL3OTJhmVQC_b1eTxa4H158jdHbr5XVHBh7NBaqgSa9NVw6Rg8WA8_iuxkhRkv7jHPfaMxy8lsQmsqOxMoCnlX9mKhcWXEcfD_jJ5gEeQqSBrxMSJhh3IL-YHzYvaxa9u5cukoHhOBWMG8g02RlTBtFWO7jA2bkAzGcdYeIYendUzAIRlhp5s5ohYBlVrSKHMonUbsyB3FbolQlSt7xj1iwhisVs23vAlFJ5P_Kn9scf2-_fbNy2MaEgMRwKELPL1y1I8XQAm6eSgXQlTMUmeqNsigDpw_8xhd9qs2cXTYuafqXrJVkrr_DJGBXxkVe7Jrcg62Ut7yXIiaji5_MAK_ah7LRCw5cymaxH6KnnjeMER5AEw4ecpfQ-wVPhPDKG9dM70wMGuOBo80bz4P5FDgk8I9GwuonCxBDU12IE_Z1us93Gn8Vz9DUAFg8VNK3xFUvGDF9RjXNrMGMMo5rluef9lDnY2gqnejhpaeT--f1XBUn7GpYZ18jWuP3BIKzTiOvsN_U3bIInrCQSHbGLWE&sai=AMfl-YRDjn7qcdcr2xF0b2tVZCT1dYTVqObRKiBVhLFZr5yzJhNsuTCpxdVzlBtc9aiCEuZaDsocl4d8slVpNtQolvZ-zLlbN8bgw3Ko5PBPTM6zLQKiPuj5ukLiUficqgwO_r3_rSMrV-qHJySVvAZc-snsXafQweBxfdpVLvIriQ2esKsZAtNPXsmGXW5UTz9zPlq90_ZdSA8_rCuejemTTOm8vBAswskT9AejWvYBG4Qr1FALkBMzcBMQ9igFaC_12HNDl9c&sig=Cg0ArKJSzNufRzjXLJMDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=531&vt=11&dtpt=269&dett=3&cstd=256&cisv=r20230315.09374&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 21 Mar 2023 05:47:58 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D2E0 42 B
64 B 160ms
78ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstyOJ_BexdA8Rub1eXuUKbHnC5yse-lYpnltTnhhyH1B9IgrLQiw1u9RZMsMPrvNt8b0nGBZOwUApnCoDhzQbvVomkHJkxABTMFyQQVNgeE7q3s4FYRDag3qI6dGqdQH7KpabouCg&sai=AMfl-YQ_6lGJsuuxE0lfY8FlOTB4jI3YJM5C18bxHnpvxg4paoiLLNHXoE6W9zy1_HU9uOuyzQv1ixURK8Jo&sig=Cg0ArKJSzGo-btmX80TDEAE&cid=CAQSGwDUE5ymQ0N0WyYCZ4Crct91M3vAwJJ5cdZsNRgB&id=lidar2&mcvt=1003&p=0,0,280,1090&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2801298807&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679377676342&rpt=873&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame DFCB 0
0 78ms
77ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss9HmJiey-MkIGdirY0HXslIcTuzmO3GaB-h4YdyDZC-EvcuWFHhPv6ggwD3mZrP37HuDU109h7E_5ObiIj1WR2Z8bI6Fkwa2asBpXwtKbHH8kTfBHUhbeMRba3ykDiKsgu20hahLlnk6JR9os29eb7xnZbqmhrqdR12uUx49mrtuDMM3xwRJALm59sArYmNVK58OY_3LuAAZPkXxbJFeuUowNQTQ5hgJqtwvlfIKPWOlgiGWq5YYnz7JCymy3mXBJMDtCsp7z5Uv4d3YV2H7uPSHaaRMPGHxiiV12OEORNIBZRfafIjtdpkI02j_J77_kHUMX_Yay05uQC2MIB4mO_G3anE35OUrC0D-eIUXqEHTkIs9rnYcf23sLcbpuI3FWjK5xiydE7ZUHpFwwiRrZ1bfRhn7n-RkJxN4SylAQ2eSrFtIZ-6tkknVnfTofZYJktBcHgc_rinaR21pxrLI_m7jzqY1C_ZCLBu4yNtyReK4LGEw1w6DkkzSfodHQHFf_fJUZLi73llYqPcH9RXrs1g7nz-6nA18mXmQZCQiZhCdjHgkoHienhlBcFIOFbB0uADuobGCnqExYduezNNCFzwhOhSFE_Lq8xvA68ULNktKjyHJWay2d-P7s54BoHyc0FeLV68Vm2V6jPrxEtNSfME2_Rmj9FRVeNDOQUOfqj_-vnUP0T4Oa8fyBS240fhGmtUUg_BylWktlUBTCgXJQ3Ke-DIM8Ez-cDqsCuigNZo5b7vWB0eejZRGobaau_rmj_sAn-JCrlpGa4OxGotFCv7nrRH3C0iG2XRfbOMlBk5Xv4xDMDUVOZj6ZXACnRs9MQIXJR1jlRFPo9d83Wy2Mx5_8NBo-3N7pOC7r7cMkB1UMvhj_Swq4Ol_9R7V1WC8CkcI9CTEIwbMgHpDRsDdnKrShWlT9Ttx-MTTSmrOCVloI9TW_h8jZ8QVyg7jVGcx1Y32kyqdhPIReLVquw1d9oKWaBRoBNTgitMcof9MXiMQZvGrNTfxCHiX9hK4Yl_W290ZjgrDpQYHvYselxeclbmIH25p_omuUoXih3bT8nrtNsopHi74mYKNclOAmQ5QQFBP24SyNyaAI_fOwqlzCjssUlGyGDlmMZ7jgaA0tKR7VNiokpOfrWYr6O2inDGN8B2l6bHhvdQDRtB8Vln5rMVvJUhwHK5hzCnRZ4qfCXww4GIXmSoldYRA9BMhqbkwpaYVHUu2Jk&sai=AMfl-YQC74YK43mudCIjC_6jU6jvIrc2MOhVMt8D-s5PqBAhTm8Il9cNdbbNSM8NfvDwWdWKrmUvLwEQLF2y5BTh0OF_bGnzxdshZWdewXrLOQHzyr5eGrZsE-IrUCFsdECAQQRLcAHlzch29s9mYg8so04QsqZx6QTOJxLxMc2SKOMWHWBU6Jcgx3lIA6q9WcuuTtMOzaAU0oYkUZ7lsKaCTBiE9BtWLoGBl6j6OUQnxjz5AbOHsUv9Rd9i704ZzfLwMKAsxUk&sig=Cg0ArKJSzOU53-5-SjRyEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=533&vt=11&dtpt=267&dett=3&cstd=262&cisv=r20230315.51313&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: chinas-lafa.ru
URL: https://chinas-lafa.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 21 Mar 2023 05:47:58 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 137ms
63ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230315&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2faedb9d799315e9ff33aece43c5b896f4002413a7781b00cc65960d64a2abd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11337
x-xss-protection: 0

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame F052 47 KB
47 KB 40ms
40ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=fncDBViWvO&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:36:32 GMT
x-content-type-options: nosniff
age: 686
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 05:51:32 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame F052 46 KB
46 KB 46ms
46ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=fncDBViWvO&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:45:33 GMT
x-content-type-options: nosniff
age: 145
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 06:00:33 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F052 8 KB
6 KB 83ms
53ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d2eb2a9ba7c0504c0df6e530179d8a085c188375c9f2aa6fb27605e401e2cf0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5848
x-xss-protection: 0

GET
H3 200 60005582_20230206070400178_iPhone-14_Pro_Max_AirPods-Pro_ASSET.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame F052 24 KB
24 KB 84ms
84ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230206070400178_iPhone-14_Pro_Max_AirPods-Pro_ASSET.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0beabb1b72b4e902f717b8066ed2f95d8023159b039844e762b651bc51a4d11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=fncDBViWvO&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 12:43:28 GMT
x-content-type-options: nosniff
age: 61470
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24345
x-xss-protection: 0
last-modified: Mon, 06 Feb 2023 15:04:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 12:43:28 GMT

GET
H3 200 60005582_20220825085151068_300x600_BG.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame F052 61 KB
61 KB 90ms
89ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220825085151068_300x600_BG.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c384e161dd9d69bfc6e872774aadc81b3bd7534a97c5541d20a83c120704dbec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=fncDBViWvO&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 14:58:06 GMT
x-content-type-options: nosniff
age: 53392
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62713
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 15:51:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 14:58:06 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame F052 43 B
608 B 160ms
51ms Image
image/gif 141.101.90.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29497702_4307561_361897731_145353403_PO1404A20230309&ref=29497702_4307561_361897731_145353403_PO1404A20230309
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.96 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Tue, 21 Mar 2023 05:47:58 GMT
via: 1.1 varnish-live-1-1
CF-Cache-Status: HIT
age: 1848155
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 15 Feb 2023 15:39:24 GMT
Server: cloudflare
etag: "2b-5f4bee2778300"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 72628866
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7ab3e73a49ea8fca-FRA
Expires: Wed, 20 Mar 2024 05:47:58 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 4629 47 KB
47 KB 43ms
43ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=YbDXC8TdOZ&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:36:32 GMT
x-content-type-options: nosniff
age: 686
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 05:51:32 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 4629 46 KB
46 KB 47ms
47ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=YbDXC8TdOZ&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:45:33 GMT
x-content-type-options: nosniff
age: 145
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 06:00:33 GMT

GET
H3 200 60005582_20220825085151068_300x600_BG.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 4629 61 KB
61 KB 88ms
88ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220825085151068_300x600_BG.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=YbDXC8TdOZ&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c384e161dd9d69bfc6e872774aadc81b3bd7534a97c5541d20a83c120704dbec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=YbDXC8TdOZ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 14:58:06 GMT
x-content-type-options: nosniff
age: 53392
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62713
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 15:51:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 14:58:06 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4629 7 KB
6 KB 80ms
57ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

06885bb4e66291a6e6bcd3c7b0c29f6df7b7232110b11d26e1d525ff37305f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5777
x-xss-protection: 0

GET
H3 200 60005582_20230119050817980_iPhone-13_AirPods-2Gen_Asset_Logo.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 4629 25 KB
25 KB 91ms
90ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230119050817980_iPhone-13_AirPods-2Gen_Asset_Logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4942ed79e983bcf22a0523690f034fdca2540b366c65a4076a1402a631e5acc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=YbDXC8TdOZ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 09:08:03 GMT
x-content-type-options: nosniff
age: 74395
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25700
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 13:08:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 09:08:03 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 4629 43 B
608 B 151ms
48ms Image
image/gif 141.101.90.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29497702_4307561_361897731_145353403_PO1004A20230301&ref=29497702_4307561_361897731_145353403_PO1004A20230301
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.96 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Tue, 21 Mar 2023 05:47:58 GMT
via: 1.1 varnish-live-1-1
CF-Cache-Status: HIT
age: 1848155
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 15 Feb 2023 15:39:24 GMT
Server: cloudflare
etag: "2b-5f4bee2778300"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 72628866
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7ab3e73a4f048ffa-FRA
Expires: Wed, 20 Mar 2024 05:47:58 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame F052 26 KB
26 KB 40ms
39ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=fncDBViWvO&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:34:54 GMT
x-content-type-options: nosniff
age: 784
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 05:49:54 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F052 17 KB
6 KB 116ms
116ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 21 Mar 2023 05:47:58 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4629 17 KB
6 KB 112ms
112ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 21 Mar 2023 05:47:58 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 110ms
110ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 21 Mar 2023 05:47:58 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame 4629 26 KB
26 KB 40ms
40ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=YbDXC8TdOZ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:34:54 GMT
x-content-type-options: nosniff
age: 784
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 05:49:54 GMT

GET
H3 200 h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js Show response
pagead2.googlesyndication.com/bg/ Frame FC1E 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87b72bb230a3d085fedbcd93626ad07d8fab3a75cd623e8bd11254f2850e696e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 05:03:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 348243
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14251
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Mar 2024 05:03:55 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame AB24 13 KB
5 KB 42ms
40ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://chinas-lafa.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 37246
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Mar 2023 19:27:12 GMT
expires: Tue, 19 Mar 2024 19:27:12 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0582 783 B
971 B 52ms
51ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

59ef6f29c07c96ff684beb4a5e647da6a432dfd97c9c153fc3f960b83ac6c8fc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ykFqZ-kBI0oQeWyxuL-KUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://chinas-lafa.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-ykFqZ-kBI0oQeWyxuL-KUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 05:47:58 GMT
expires: Tue, 21 Mar 2023 05:47:58 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js Show response
pagead2.googlesyndication.com/bg/ Frame CFC4 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87b72bb230a3d085fedbcd93626ad07d8fab3a75cd623e8bd11254f2850e696e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 05:03:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 348243
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14251
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Mar 2024 05:03:55 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CA64 42 B
64 B 77ms
76ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuUkhp8o6TZeM8OL2PT69ePC6jsv2n2XaodmeN6NzV61caqSszq2bXrRvx1ev5F-uaKBphHfasBda6vqGR5CKXBWWD1CRCnnUpE0gKLdcdyo7UhF8HFlyLveqmwqprJl-qEL2sxDw&sai=AMfl-YT8CtilLmeI6IdkyK7anXo1UhkW3U8XOcY1wtSuGy8y0TOCas3tlgAneCz24PNJJoCzN_srx43uCb84&sig=Cg0ArKJSzBAl9Jk7htnBEAE&cid=CAQSGwDUE5ymjaT6A2aQLPnOIch-6Kg1L888wMClVRgB&id=lidar2&mcvt=1000&p=0,0,500,180&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679377677196&rpt=342&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0CF8 42 B
64 B 77ms
76ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsto_sJJr3N2fZhSf1w6TOjGsLAB6h7XC9R61JvNWeuPkUpPtPKcTJxhNt3sA6qDImBdm6LDIkjpOux8KAlevk4iNMqvFnKZBDj7xsXGJyaZFULktH76u2I4D7_HQJ9QQmIFrXpx6A&sai=AMfl-YSQP7Oxyh0l_KjLteG3Z-YpRAXqCyWh9bMhxfqFb8euzczgcfrLoYbfv4XJuhgVwJ5DB4Ar2plUooKH&sig=Cg0ArKJSzBrcDU5l9oaYEAE&cid=CAQSGwDUE5ymjaT6A2aQLPnOIch-6Kg1L888wMClVRgB&id=lidar2&mcvt=1002&p=0,0,500,180&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679377677192&rpt=318&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DFFD 42 B
64 B 78ms
78ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssHeWWv4Kt8CfU-Qlks5OTe8Uz9SGmKwx0z4lrhjRKST2D0G_qrnF7DH7vsSSuSs-ozCsetZVD8w26Q8ljUPSmtu0-Tvr7t2BWCgV8CbP6yB9bQJKI86QdU4mEln5VEBD59-AiQJQ&sai=AMfl-YTnxMXQP5WkjalHWgAUcRJAKyjnM4dEo-UlvpvLqs0fk9wns1BeTI0oKPCGn9XmEasXgnPd721F5IZe&sig=Cg0ArKJSzM97d6CXvx2aEAE&cid=CAQSGwDUE5ymjaT6A2aQLPnOIch-6Kg1L888wMClVRgB&id=lidar2&mcvt=1014&p=0,0,124,1005&mtos=139,810,1014,1081,1081&tos=139,671,204,67,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679377677182&rpt=342&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0582 0
0 73ms
73ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230315&jk=4257565016348634&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H3 200 h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js Show response
pagead2.googlesyndication.com/bg/ Frame AB24 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h7crsjCj0IX-282TYmrQfY-rOnXNYj6L0RJU8oUOaW4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87b72bb230a3d085fedbcd93626ad07d8fab3a75cd623e8bd11254f2850e696e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 05:03:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 348243
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14251
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Mar 2024 05:03:55 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame AB24 0
10 B 40ms
39ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?eWBPHQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 05:47:58 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B01 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8139530844945&version=m202301230201&ct=76&x=1&cor=12393228130390954000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DFCB 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5973143567749&version=m202301230201&ct=76&x=1&cor=9633007423926923000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:47:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 76ms
76ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230315&jk=4257565016348634&bg=!zs2lzZnNAAZEjmHWZI47ADkAdvg8WlqLAk09sXg5kEVUBEWTMVQHKzjVCu1Pv7n4k-t9oOYXyAZD3ZHurGciZ2hkbE1l5Co-Tv8CAAAAQVIAAAAEaAEHmQKszN1AFZsi1FJee7lKVeX8BdPZ1LgTlGCgOJKjBgX0e9Bv_4-0zRa3nK7ETxzOx_SnFzKl5k_9_FlkSS8HDbD5aa5pOiRA0Ry8dZmblGkOLVEsNamREwbZuGqDJrYI3rUTznCfLRKp_9xEytsAVyH08zq7ik5DkKUCWMTzGbsM4cnzrN2WS5OH25_oNxjVZ4J_f7ZcFhEzkG6AAXphbFKJCawbB0yhY0HWzz-f-S3vkFy1qA4pWG8beRjHVWvvnewajDdz7yp7FTJBEPKOTvQvFDQHkGXWXMLWTMCLtuWrG57eAjMyVhe5Hub-ZJJvSlZAZzoxytZ3zdCcaqIKJEh9uQjhrk4mEVQAeoxCHL1DvqIffL4Ylbrj-0XcbX3XZCtEXHmCMD0ShqnKPfIe6n1EyZmCZOQoSqDNYv1dljWRH_a89Xg4LXhQLx1V57qNd6GWb7kudLChAKV9ae7u1ljGKpKjrUtCeeSmQaonGFLV-6eausRLo8ArrbjKgboNYCJkAZIoSudWHoaqBK8-Mx0QoOmslY94Wo3xZqlqPOBs--f7AlSmkc2HdhqVmJNiJ9DPykc_I_6I8Y1WkPsVdFkujgIvYcfXe2M-YChTuYgHkf-cBt2d5HAce9L5W87LkYuexU1TiCr7shVENf00qd0mLgZNXXm9rlLkoXa5Z2y9uQ0hE_Dmzj3lCerWNC9DjdDit41SD8eEm5SPKC84W3WpLYU-zq2RSBRpBKRC7cwhJtnx6AHblOAyaE621ueBbJbtYUpZBncPLIoqDyxaKjhbSxPbSU6tMdO2ZY8Ma_1MIOH1A11nbIEVXKyc2FAx-E5hO0wgjDb32BP1gQpa4rJQyBpQ1ByXzPEt5TKuDw5x6rfipHQoEiaFN9zjn8xe81VBIQcgAHtv4fBasII7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chinas-lafa.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

POST
H2 200 61048837 Show response
mc.yandex.com/webvisor/ 43 B
145 B 377ms
76ms XHR
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/61048837?wmode=0&wv-part=1&wv-hit=75407273&page-url=https%3A%2F%2Fchinas-lafa.ru%2F&rn=30526227&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1679377680%3Aw%3A1600x1200%3Av%3A983%3Az%3A0%3Ai%3A20230321054759%3Au%3A1679377676750420579%3Avf%3A1l9q8t2xwu9apk6vq4sag7%3Ast%3A1679377680&t=gdpr(14)ti(2)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://chinas-lafa.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:48:00 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21-Mar-2023 05:48:00 GMT
content-type: image/gif
access-control-allow-origin: https://chinas-lafa.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 21-Mar-2023 05:48:00 GMT

POST
H2 200 61048837 Show response
mc.yandex.com/webvisor/ 43 B
85 B 77ms
76ms XHR
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/61048837?wmode=0&wv-part=1&wv-hit=75407273&page-url=https%3A%2F%2Fchinas-lafa.ru%2F&rn=21391895&wv-type=3&browser-info=we%3A1%3Aet%3A1679377680%3Aw%3A1600x1200%3Av%3A983%3Az%3A0%3Ai%3A20230321054800%3Au%3A1679377676750420579%3Avf%3A1l9q8t2xwu9apk6vq4sag7%3Ast%3A1679377680&t=gdpr(14)ti(2)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://chinas-lafa.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:48:00 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21-Mar-2023 05:48:00 GMT
content-type: image/gif
access-control-allow-origin: https://chinas-lafa.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 21-Mar-2023 05:48:00 GMT

POST
H2 200 61048837 Show response
mc.yandex.com/webvisor/ 43 B
145 B 80ms
79ms XHR
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/61048837?wmode=0&wv-part=2&wv-hit=75407273&page-url=https%3A%2F%2Fchinas-lafa.ru%2F&rn=677726219&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1679377681%3Aw%3A1600x1200%3Av%3A983%3Az%3A0%3Ai%3A20230321054801%3Au%3A1679377676750420579%3Avf%3A1l9q8t2xwu9apk6vq4sag7%3Ast%3A1679377681&t=gdpr(14)ti(2)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://chinas-lafa.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 21 Mar 2023 05:48:01 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21-Mar-2023 05:48:01 GMT
content-type: image/gif
access-control-allow-origin: https://chinas-lafa.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 21-Mar-2023 05:48:01 GMT

Verdicts & Comments Add Verdict or Comment

79 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

33 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
chinas-lafa.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: guhk4mb8bj4vver1i128t9414i
.chinas-lafa.ru/	1970-01-20 19:15:13	Name: _ym_uid Value: 1679377676750420579
.chinas-lafa.ru/	1970-01-20 19:15:13	Name: _ym_d Value: 1679377676
.mc.yandex.com/	1970-01-20 10:29:38	Name: sync_cookie_csrf Value: 3938954939fake
.chinas-lafa.ru/	1970-01-20 10:30:49	Name: _ym_isad Value: 2
.chinas-lafa.ru/	1970-01-20 19:51:13	Name: __gads Value: ID=aa3e6040490e3fbf-22947ccb63dd0024:T=1679377676:RT=1679377676:S=ALNI_MYBMqWMVbwobo3OVKJuwis-74wqLg
.chinas-lafa.ru/	1970-01-20 19:51:13	Name: __gpi Value: UID=00000bc9954d5743:T=1679377676:RT=1679377676:S=ALNI_MYCx81ZwFJl8LfuR0YKn0At4Qtotg
.mc.yandex.ru/	1970-01-20 10:29:38	Name: sync_cookie_csrf Value: 196264301fake
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 2611151651679377676
.yandex.com/	1970-01-20 20:05:37	Name: i Value: f8G5BY3gEiOuN1csWe5Nw+h9XkkWuNeiUvkC+4bCf1qJOaj+I8HW2Bv2g76wYDtuiHQIDsi0Jx+CRqg4wNloR/80sPg=
.yandex.com/	1970-01-20 20:05:37	Name: yandexuid Value: 5031313491679377676
.yandex.com/	1970-01-20 19:15:13	Name: yuidss Value: 5031313491679377676
.yandex.com/	1970-01-20 19:15:13	Name: ymex Value: 1710913676.yc.1679377676#1710913676.yrts.1679377676#1710913676.yrtsi.1679377676
.doubleclick.net/	1970-01-20 19:51:13	Name: IDE Value: AHWqTUk7pHmzl2lLph5J577Z4dSJZYFFsAdNzHKyltpu9LzD1jTXlANaNmusme65zFI
.chinas-lafa.ru/	1970-01-20 10:29:39	Name: _ym_visorc Value: w
.doubleclick.net/	1970-01-20 10:29:41	Name: DSID Value: NO_DATA
.adnxs.com/	1970-01-20 12:39:13	Name: uuid2 Value: 8953393990727857414
.casalemedia.com/	1970-01-20 19:15:13	Name: CMID Value: ZBlFDdSvGZvsBihS.Glw9wAA
.casalemedia.com/	1970-01-20 12:39:13	Name: CMPS Value: 5259
.casalemedia.com/	1970-01-20 12:39:13	Name: CMPRO Value: 5259
.adnxs.com/	1970-01-20 12:39:13	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C$Qg/P#Y!]tbPl1M>e)ZlrFUfJ+tGXxo7Y=lfsOWhgE`rf'l@g<#>:%w(3^@`%]ikoT$%nugO%v4VB%nlxc)jFAg
.blismedia.com/	1970-01-20 19:15:17	Name: b Value: 6419450D2043258A24CCB5BBBLIS
.quantserve.com/	1970-01-20 12:39:13	Name: d Value: EHgBCQHIKIEA
.quantserve.com/	1970-01-20 19:59:52	Name: mc Value: 6419450d-ed8a4-abb4b-e8e49
.ctnsnet.com/	1970-01-20 19:15:13	Name: cid_4a5419a2158c4244b8a0890bd0330f52 Value: 1
.ctnsnet.com/	1970-01-20 19:15:13	Name: gid_CAESEBeZUtXB71clq5B8eEp09_I Value: 1
.simpli.fi/	1970-01-20 19:16:40	Name: suid Value: E0FEDC37CFE14E0EB1722EBAFC56A17D
.pubmatic.com/	1970-01-20 10:31:04	Name: KTPCACOOKIE Value: YES
.de17a.com/	1970-01-20 19:08:01	Name: guid Value: 1.5994640351444161334
.yahoo.com/	1970-01-20 19:15:35	Name: A3 Value: d=AQABBA5FGWQCELZ0lM8ip13OBhrSepwRqNcFEgEBAQGWGmQjZAAAAAAA_eMAAA&S=AQAAAiCOj02BJx-okEjPFiPoiaU
.everesttech.net/	1970-01-20 19:15:13	Name: everest_g_v2 Value: g_surferid~ZBlFDgADNdIIkgA9
.pubmatic.com/	1970-01-20 19:15:13	Name: KADUSERCOOKIE Value: 5D5D247D-A465-43D6-9FC0-AE10CB5D1379
.turn.com/	1970-01-20 14:48:49	Name: uid Value: 2545144468976737459

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1#RS-2-&adk=1812271804&client=ca-pub-5961121494812113&fa=4&ifi=8&uci=a!8&btvi=5&xpc=qahJdzQ7Va&p=https%3A//chinas-lafa.ru Message: The resource https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271803&client=ca-pub-5961121494812113&fa=3&ifi=7&uci=a!7&btvi=4&xpc=TAk7ww3qsT&p=https%3A//chinas-lafa.ru Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1#RS-0-&adk=1812271801&client=ca-pub-5961121494812113&fa=1&ifi=6&uci=a!6&btvi=3&xpc=T3bZhwmnTh&p=https%3A//chinas-lafa.ru Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.turn.com
adservice.google.com
adservice.google.de
aliexpress-lafa.ru
chinas-lafa.ru
cm.g.doubleclick.net
cms.quantserve.com
d5p.de17a.com
dclk-match.dotomi.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
match.adsrvr.org
mc.yandex.com
mc.yandex.ru
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
portal.o2online.de
pr-bh.ybp.yahoo.com
r.turn.com
s0.2mdn.net
sync-tm.everesttech.net
sync.teads.tv
tpc.googlesyndication.com
tr.blismedia.com
um.simpli.fi
us-u.openx.net
www.google.com
www.googletagservices.com
www.gstatic.com
www.sale-aliexpress.ru
104.111.217.42
141.101.90.96
142.250.184.194
142.250.186.162
151.101.194.49
185.4.64.72
185.64.189.115
185.80.39.216
185.89.210.244
213.155.156.165
2620:116:800d:21:7eb1:3826:be7e:d981
2a00:1450:4001:801::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2006
2a00:1450:4001:811::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::2002
2a00:1450:4001:827::2003
2a00:1450:4001:829::2003
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2001
2a02:6b8::1:119
2a02:fa8:8806:20::2010
2a05:d018:d29:3605:209d:be7a:13db:f2df
3.33.220.150
34.91.62.186
34.96.105.8
34.98.64.218
35.186.193.173
45.130.41.10
46.228.164.11
51.75.86.98
052896930d987cb9c366d2fadbd2e8744cf4d5939d2e947f2047fdb64aabf620
06885bb4e66291a6e6bcd3c7b0c29f6df7b7232110b11d26e1d525ff37305f05
07ae7e13e4f9c290bacd59e7547960f6398063bb0799c2b4a1a3277f6523080e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cc98d8e92a98749ce2cc2ecfd5cba57cdffa8e04048f66785646ddd3a2d6f75
0cd586cf9a8ba732def6180c1ba1475c337b4212f13644bcfd0dcb7c8a8d7078
0e01cb2c163c8cca3deba719e4e5620244fd231cb641a2f6fb787e2201c91f9e
0e5389d4ff8aa7414543574acab723071581bde8808b8ab852e2b3b774fd3a99
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1490aad284b9af37c925810fe6cad4bf2b972ffbf906462c0e391d3218bd1224
1665e53681ca0c9d196425fb71f94996ef4a495a489c7dda67bead9799615d98
16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18336635cd5e9edf2aff3ae18b67250684311c2a459457091b063dafba57d526
18d776fb6668d0ef688694a98545815994f4308db2cd10a7ea1649de0dc28f35
19fc3d0a652f757ad0346ec539364268680f22f70bc926c49438595444e8e17e
1e3bbf2a6d9503811213baca9f5e309618ca968136199ca532a0a5167c0b0f1c
23bb39b607b39a93d953762d2a618a3cbc69c52ceaf70d96890137ca1d2b0228
25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6
2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116
2a1ec18f222d82f28b5e6614fb3f68b6aaa1cdf0c70c17d63a59b089b91abf1d
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b47ce393ee927d93c3f2f7294f5b467e8662cba5c61e98f91761b96764b3c9c
2d022db650d194d935faea46a40e5512235b43bc3f8b181e32ce6d3dd745f4e1
2d6b8ecb2f70ad50610c2956c63e8b068d64b18b39ab2d3736fa5a81c8a2cac9
2faedb9d799315e9ff33aece43c5b896f4002413a7781b00cc65960d64a2abd6
307a4591edefbe1dc23df1c2e891454e4e908b771d881f6cc3e19c54942bf575
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
38fdf5b836235c43a1fc58abe120c6d09f73981951dd157d5eb3f9d79842aebb
3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612
3ddf90d6f5bc7849f1b0840de0475a0506924a1c770f325934f5ea8a87e270a7
4088c4396769f8eda76e6f28917417d031b5d62da99e90135de61cefa16dfafa
4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b
43f9c247438df69c6c2bc91f8267dde1862558c1032a04148838e324fb42f7e1
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4942ed79e983bcf22a0523690f034fdca2540b366c65a4076a1402a631e5acc1
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
4a25eb6972f4a513da7ead5d8c0f74832ed42b1ae5e1f13ed3ea36f0865a59c9
4ab434331df382556bb4eb595304b314192a110da9dc1e09864bcba1e81201d8
4ae732203f63d8eec2a0f935869470b71b5644926c8d13d898ec7dd109918dc4
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ba56e2af3a3cfc4a267c21e8b77e1e6f5d34b3c663be871eb8b1dd9d4094607
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51b9a80bb5b987880dbde1d15bc552bb7ef1881b7d6a25b18bda20341b12e2cc
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59ef6f29c07c96ff684beb4a5e647da6a432dfd97c9c153fc3f960b83ac6c8fc
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5d2fc6db9fd0a507a50875736fee2a70c1320fa7fbe7d262ae80cab48d0f54c8
5d93f972c34e66b140db51943dbbd6c57021b98e70e5968857c21eef04ecca95
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63c0bbf722d9e8d58804bca9a8b4735909446c2f97dff321da6d7da2358a3971
68babdfc4950d6f622a966498dbe69a5d2c99665f0388af533848f4f7c165cb4
68d17341a90b4af7400a9096afe504bf2d21bf378c5f3e594436dbba105afe84
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
6b67b2995f11a31d6c53e0b447c49c7db7e40a771a18eadeb8f8f5720fa78327
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
700c8bd73d93522ca53cdc35e2a71e96caf7c344bc7a8391f3af90c10b917033
754359e513ba28b355a92efe7b18e9a644a4a13f5f3cff99e39b14151b23b978
76ae9cfefc587779be483adfc76d0d3406e5bcef31c2005dac224bd5e1079841
7743f39ddc516c5d0540ce147ac3ba086974ec1dda39ef4fbb87b3a7915fb021
780d7ba204df4bf6e7eeac03ffd0c7520ee2113aa39fdd521f03c4909f8ff200
798b29407614413f2456386987e82e4f090d486596674d35e7f163beb9102935
7be2fc598e2bb1478e0800c4af94de1811ce909e79b9ef67324b51843073aafb
8121f170870193846463a78fa548049a57646e1d4eaa36cf33f6e8aa5f8f2d1f
81de201b5e04f7b1bb98050a25e8799d5a15ceaa2887c4eb95e4d8baf6959ca1
87b72bb230a3d085fedbcd93626ad07d8fab3a75cd623e8bd11254f2850e696e
889242ce1e192d4bea99269de7e6f0812b15b5c0c76654adba68c5fe3dd6097a
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
930d5ad71205bbdbcce233b9bd6da8a69728bdece8407b5aa79542e5d76dbac0
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
982ab4d8bc32fa0262edb5e56aa9536dd6ca6014f2634b43e4c6ef2e25047ff4
986c8a6074a6717f62e027cb56a312c44b713d8d2b1d6e8572ba093b790ea3ab
9a3d1f5824ad4bd991a67acab64088920e43d25545ca6b4cb78736dc35b696a3
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9cab18dfde5e759ec0150d15909fed33098e3998dbdb6c6c3f2e680eaf42a236
9ce833bc46f70606effbdcbe468c005d00d546f0b51e5fc5c6b2089ba3fed3ae
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a10283381ca468005bdfb498c8ee591c121f8b64a93eade5fdb762ca2ad8bd80
a256fccecac3b32ab73c91d79a18747519a1a18023be05465c933b03523a82e8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a72972ba5538156db48b6714082da0291d6098067f3d652ca9cc5dcd4ca3485f
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a980b0b6b4b4f9cfdb443b03cc7d00e2a9ace7bbbb5c3d1bbd1064ec80339a59
aa58f33f239a0fb02f5c7a6c45c043d7a9ac9a093335806694ecd6d4edc0d6a8
aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27
ad89e0a7ba5bc269ae857d3d45bbf5ce07e8092879ed4c27d72e3e8809878217
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b34b40ba1ed4be2cd366f42434f485b890f6e16dc944691f01e3b2117e4e0668
b4a113bed310a53eed6db1e51aca1563a51cb5b8283747deb002ce3fe8a30849
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
ba0fee1ef54f6bcb9d8be8cff022c756a26e71df521723f8524d0fbbdf4a9f7e
bb634caf818dca49be8d3dc845f77ddd0b9b7871f3d3184a0e9a110bb45b8e9f
bc3d3b23ecf6cbb7b5b0654e17b7dd3fe3280f35829712c9fcd485829a0d4108
bdd1c0385a9d428e0fe9925d7f4c988bb39299a8e595910b8e9daaece6f148d4
c0beabb1b72b4e902f717b8066ed2f95d8023159b039844e762b651bc51a4d11
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c384e161dd9d69bfc6e872774aadc81b3bd7534a97c5541d20a83c120704dbec
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d1d3bda3abb4a198ac62f317ba910adede1affc22020165d7f2919a46f6c481f
d2c52a5a147e63e95afb2e063a0af8dc27e920bb027b2b8b1ffe1867bc8fb5b3
d2eb2a9ba7c0504c0df6e530179d8a085c188375c9f2aa6fb27605e401e2cf0d
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
da37c380b64bff483e614c6afecdec9c85f3860f1cac85c7354d569f2a99b10c
dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e1259e384f61c72a215e1c9b25c3cbc9d42d98c7ac4cb2fb290fc34ab6cc58bd
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e4f9ffd2a84b2b390f7bc7b9eb516c5a34e14b1c01785749b7838fbacc76bd26
e816f3e7436fc8bd624bbd2429fc2a68a4fa4cb7d8b5bfe0c37aca2e500f1aa1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd39710c4bf748f75f2943601d802959a134eb4580c02d9775903dfac19148b
f4bf6742a3b2dbbbbbb39be2ce47b2940ae05774099b714911e2d57f5dba857e
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f64f60b60f581caadfa1cf9b012ca732c4f4a24c8475027e7b7a225f20ce4278
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f84293668b02b8c83c20c5c2cf51f8a5a64ac5a15d34be26c85382496b107700
fb9f862237742c353af48b3ffeff1b938448e51f1e08f68a5900d47e5aa68ee9
fe14bc8a4e294c047589838fd09a3efc81771751a0be03ea8ec99e734e965fd2

chinas-lafa.ru Open in urlscan Pro 185.4.64.72 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

226 Requests

92 %HTTPS

45 %IPv6

31 Domains

37 Subdomains

26 IPs

10 Countries

2645 kBTransfer

6435 kBSize

33 Cookies

1 Outgoing links

Page URL History

Redirected requests

226 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 17 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

chinas-lafa.ru Open in urlscan Pro
185.4.64.72 Public Scan

Screenshot
Live screenshot

Full Image

226
Requests

92 %
HTTPS

45 %
IPv6

31
Domains

37
Subdomains

26
IPs

10
Countries

2645 kB
Transfer

6435 kB
Size

33
Cookies

226 HTTP transactions
17 data transactions