news.2xclick.ru Open in urlscan Pro
93.95.100.117 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://news.2xclick.ru/
Effective URL:
https://news.2xclick.ru/
Submission: On March 08 via manual (March 8th 2021, 2:10:51 pm UTC) from IL

Summary HTTP 119 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 32 IPs in 7 countries across 24 domains to perform 119 HTTP transactions. The main IP is 93.95.100.117, located in Podolsk, Russian Federation and belongs to MTW-AS, RU. The main domain is news.2xclick.ru.
TLS certificate: Issued by R3 on February 28th 2021. Valid for: 3 months.

This is the only time news.2xclick.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 5	93.95.100.117 93.95.100.117	48347 (MTW-AS) (MTW-AS)
18	93.95.99.151 93.95.99.151	48347 (MTW-AS) (MTW-AS)
6	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	91.210.107.38 91.210.107.38	50867 (HOSTKEY-R...) (HOSTKEY-RU-AS)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:3::621 2a04:4e42:3::621	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
5	93.184.221.133 93.184.221.133	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2 5	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
1	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
1 3	195.54.48.25 195.54.48.25	12516 (WEBORAMA ...) (WEBORAMA Weborama provides Internet Services)
2 4	35.201.80.102 35.201.80.102	15169 (GOOGLE) (GOOGLE)
6 6	35.190.16.14 35.190.16.14	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1 2	80.239.201.77 80.239.201.77	1299 (TELIANET ...) (TELIANET Telia Carrier)
1 31	35.227.208.19 35.227.208.19	15169 (GOOGLE) (GOOGLE)
1	195.54.48.26 195.54.48.26	12516 (WEBORAMA ...) (WEBORAMA Weborama provides Internet Services)
2 2	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
1 1	91.216.195.7 91.216.195.7	12516 (WEBORAMA ...) (WEBORAMA Weborama provides Internet Services)
1	35.201.81.244 35.201.81.244	15169 (GOOGLE) (GOOGLE)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
3	54.37.44.146 54.37.44.146	16276 (OVH) (OVH)
2 2	37.252.172.38 37.252.172.38	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	185.86.137.110 185.86.137.110	201081 (SMARTADSE...) (SMARTADSERVER)
7	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
119	32

5 93.95.100.117 (Podolsk, Russian Federation) 1 redirects

ASN48347 (MTW-AS, RU)
PTR: unspecified.mtw.ru

news.2xclick.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
news.gnezdo.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 93.95.99.151 (Russian Federation)

ASN48347 (MTW-AS, RU)

zn2.gnezdo.news	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zn2.gnezdo.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.210.107.38 (Moscow, Russian Federation)

ASN50867 (HOSTKEY-RU-AS, NL)

backforward.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::621 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 93.184.221.133 (London, United Kingdom)

ASN15133 (EDGECAST, US)

cstatic.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:6b8::1:119 (Moscow, Russian Federation) 2 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 195.54.48.25 (France) 1 redirects

ASN12516 (WEBORAMA Weborama provides Internet Services, FR)
PTR: aub-collect-lb-c03-01-vip.weborama.fr

gnezdoruanalytics.solution.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aimfar.solution.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.201.80.102 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 102.80.201.35.bc.googleusercontent.com

dx.frontend.weborama.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.190.16.14 (Kansas City, United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: 14.16.190.35.bc.googleusercontent.com

rd.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 80.239.201.77 (Sweden) 1 redirects

ASN1299 (TELIANET Telia Carrier, SE)
PTR: 80-239-201-77.teliacarrier-cust.com

mc.webvisor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 35.227.208.19 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 19.208.227.35.bc.googleusercontent.com

cr.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.54.48.26 (France)

ASN12516 (WEBORAMA Weborama provides Internet Services, FR)
PTR: aub-collect-lb-c03-02-vip.weborama.fr

wam.solution.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.194 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.216.195.7 (France) 1 redirects

ASN12516 (WEBORAMA Weborama provides Internet Services, FR)
PTR: std-collect-lb-c03-02-vip.weborama.fr

wam-google.solution.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.81.244 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 244.81.201.35.bc.googleusercontent.com

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.37.44.146 (France)

ASN16276 (OVH, FR)
PTR: ip146.ip-54-37-44.eu

p.crm4d.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.38 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.137.110 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

sync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	weborama.fr 9 redirects cstatic.weborama.fr gnezdoruanalytics.solution.weborama.fr rd.frontend.weborama.fr aimfar.solution.weborama.fr cr.frontend.weborama.fr wam.solution.weborama.fr wam-google.solution.weborama.fr idsync.frontend.weborama.fr	20 KB
20	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	210 KB
11	gnezdo.ru news.gnezdo.ru zn2.gnezdo.ru	117 KB
10	gnezdo.news zn2.gnezdo.news	44 KB
7	ampproject.org cdn.ampproject.org	123 KB
7	doubleclick.net 2 redirects stats.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net	22 KB
5	yandex.ru 2 redirects mc.yandex.ru	2 KB
4	weborama.com 2 redirects dx.frontend.weborama.com	849 B
3	crm4d.com p.crm4d.com	3 KB
3	google-analytics.com www.google-analytics.com	19 KB
2	smartadserver.com 1 redirects sync.smartadserver.com	406 B
2	adnxs.com 2 redirects ib.adnxs.com	2 KB
2	tapad.com 1 redirects pixel.tapad.com	893 B
2	webvisor.org 1 redirects mc.webvisor.org	716 B
2	google.de www.google.de adservice.google.de	420 B
2	google.com www.google.com adservice.google.com	346 B
2	gstatic.com fonts.gstatic.com	25 KB
2	2xclick.ru 1 redirects news.2xclick.ru	6 KB
1	googletagservices.com www.googletagservices.com	28 KB
1	googleadservices.com partner.googleadservices.com	639 B
1	rlcdn.com idsync.rlcdn.com	286 B
1	jsdelivr.net cdn.jsdelivr.net	49 KB
1	googleapis.com fonts.googleapis.com	668 B
1	backforward.bid backforward.bid	6 KB
119	24

	Domain	Requested by
31	cr.frontend.weborama.fr	1 redirects cstatic.weborama.fr
14	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net cdn.ampproject.org
10	zn2.gnezdo.news	news.2xclick.ru zn2.gnezdo.news
8	zn2.gnezdo.ru	news.2xclick.ru zn2.gnezdo.news
7	cdn.ampproject.org	googleads.g.doubleclick.net pagead2.googlesyndication.com
6	rd.frontend.weborama.fr	6 redirects
6	pagead2.googlesyndication.com	news.2xclick.ru pagead2.googlesyndication.com tpc.googlesyndication.com
5	mc.yandex.ru	2 redirects news.2xclick.ru cdn.jsdelivr.net
5	cstatic.weborama.fr	news.2xclick.ru cstatic.weborama.fr
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
4	dx.frontend.weborama.com	2 redirects news.2xclick.ru cstatic.weborama.fr
3	p.crm4d.com	rd.frontend.weborama.fr cstatic.weborama.fr
3	www.google-analytics.com	news.2xclick.ru www.google-analytics.com
3	news.gnezdo.ru	news.2xclick.ru
2	sync.smartadserver.com	1 redirects cstatic.weborama.fr
2	ib.adnxs.com	2 redirects
2	pixel.tapad.com	1 redirects cstatic.weborama.fr
2	cm.g.doubleclick.net	2 redirects
2	mc.webvisor.org	1 redirects news.2xclick.ru
2	gnezdoruanalytics.solution.weborama.fr	1 redirects news.2xclick.ru
2	fonts.gstatic.com	fonts.googleapis.com
2	news.2xclick.ru	1 redirects
1	www.googletagservices.com	pagead2.googlesyndication.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	idsync.rlcdn.com	cstatic.weborama.fr
1	idsync.frontend.weborama.fr	cstatic.weborama.fr
1	wam-google.solution.weborama.fr	1 redirects
1	wam.solution.weborama.fr	cstatic.weborama.fr
1	aimfar.solution.weborama.fr	cstatic.weborama.fr
1	www.google.de	news.2xclick.ru
1	www.google.com	news.2xclick.ru
1	stats.g.doubleclick.net	www.google-analytics.com
1	cdn.jsdelivr.net	news.2xclick.ru
1	fonts.googleapis.com	zn2.gnezdo.news
1	backforward.bid	news.2xclick.ru
119	37

This site contains links to these domains. Also see Links.

Domain
gnezdo.online
lk-gnezdo.com
www.domkino.tv
topfacts.com.ua
news.gnezdo.ru

Subject Issuer	Validity	Valid
news.2xclick.ru R3	`2021-02-28` - `2021-05-29`	3 months	crt.sh
zn2.2xclick.ru R3	`2021-02-17` - `2021-05-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
news.gnezdo.ru R3	`2021-02-28` - `2021-05-29`	3 months	crt.sh
backforward.bid R3	`2021-03-07` - `2021-06-05`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-26` - `2021-04-17`	6 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
edgecastcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2020-11-19` - `2021-11-17`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
mc.yandex.ru Yandex CA	`2021-02-27` - `2021-08-09`	5 months	crt.sh
*.solution.weborama.fr Go Daddy Secure Certificate Authority - G2	`2020-01-11` - `2022-03-11`	2 years	crt.sh
*.frontend.weborama.com Go Daddy Secure Certificate Authority - G2	`2019-08-29` - `2021-10-27`	2 years	crt.sh
www.google.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
mc.webvisor.com Yandex CA	`2020-09-29` - `2021-03-23`	6 months	crt.sh
*.frontend.weborama.fr Go Daddy Secure Certificate Authority - G2	`2019-02-20` - `2021-04-21`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2020-10-05` - `2021-11-06`	a year	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
crm4d.com R3	`2021-02-25` - `2021-05-26`	3 months	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
misc-sni.google.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://news.2xclick.ru/
Frame ID: FF5F69C811DCE00BEEFB1C424B514670
Requests: 50 HTTP requests in this frame

Frame: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Frame ID: DF0578D2E8565BF548FE08C2DE1E8DE4
Requests: 42 HTTP requests in this frame

Frame: https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r=%27521078
Frame ID: D7DA87079EE5F7A90E9E502C6F775C0C
Requests: 1 HTTP requests in this frame

Frame: https://cr.frontend.weborama.fr/cr?key=nielsen&url=https%3A%2F%2Floadus.exelator.com%2Fload%2F%3Fp%3D204%26g%3D1020%26j%3Dw
Frame ID: 113E689214CCF4F325AC22E73A136BC2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210303/r20190131/zrt_lookup.html
Frame ID: 2B319867A48962B5B6372542D3D991EE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615212629&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615212629640&bpp=21&bdt=1226&idt=114&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=725413703565&frm=20&pv=2&ga_vid=1606654765.1615212629&ga_sid=1615212630&ga_hid=510567148&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736377%2C44736524%2C21066922%2C31060351%2C21068785&oid=3&pvsid=2033430427830441&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gALHdSZoYl&p=https%3A//news.2xclick.ru&dtd=185
Frame ID: 45E56C7A54A404C04BD8C7418689F1A3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&adk=1812271804&adf=3025194257&lmt=1615212629&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fnews.2xclick.ru%2F&ea=0&flash=0&pra=7&wgl=1&dt=1615212629662&bpp=3&bdt=1249&idt=231&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=500x280&nras=1&correlator=725413703565&frm=20&pv=1&ga_vid=1606654765.1615212629&ga_sid=1615212630&ga_hid=510567148&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736377%2C44736524%2C21066922%2C31060351%2C21068785&oid=3&pvsid=2033430427830441&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=2&uci=a!2&fsb=1&dtd=253
Frame ID: B26715232D4983E9BE6C0DBEDA15F619
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 571707B3B87B5646067FF0A58FFE976B
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: E10ABCC4F68631F077C3098426D791DE
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://news.2xclick.ru/ HTTP 301
https://news.2xclick.ru/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

119
Requests

100 %
HTTPS

46 %
IPv6

24
Domains

37
Subdomains

32
IPs

7
Countries

674 kB
Transfer

1619 kB
Size

9
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://gnezdo.online/
Title:

Search URL Search Domain Scan URL

URL: https://lk-gnezdo.com/cgi-bin/admin/login.cgi
Title: Вход

Search URL Search Domain Scan URL

URL: https://gnezdo.online/vakansii/
Title: Заработай с нами

Search URL Search Domain Scan URL

URL: https://gnezdo.online/pokupka-trafika/
Title: Рекламодателям

Search URL Search Domain Scan URL

URL: https://gnezdo.online/monetizatsiya-trafika/
Title: Вебмастерам

Search URL Search Domain Scan URL

URL: https://www.domkino.tv/news/9544?utm_source=newsgnezdo&utm_medium=cpc&utm_campaign=teaser&utm_term=0&utm_content=1059145
Title: Помните Фросю Бурлакову? Это интересно

Search URL Search Domain Scan URL

URL: https://topfacts.com.ua/obshchestvo/131216/neyl-kinematograf?utm_source=gnezdo_exc&utm_term=0&utm_content=795665
Title: Самые красивые и ухоженные ногти. Идеи маникюра

Search URL Search Domain Scan URL

URL: https://news.gnezdo.ru/tests/health/
Title: ТЕСТ Наносит ли выпивка ущерб вашему здоровью?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://news.2xclick.ru/ HTTP 301
https://news.2xclick.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A628%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A2%3Adp%3A0%3Als%3A407915704863%3Ahid%3A367065326%3Az%3A60%3Ai%3A202103081501028%3Aet%3A1615212629%3Ac%3A1%3Arn%3A819031597%3Au%3A1615212629125303329%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615212628057%3Ads%3A0%2C129%2C94%2C0%2C130%2C0%2C%2C329%2C5%2C%2C%2C%2C686%3Adsn%3A0%2C129%2C94%2C1%2C130%2C0%2C%2C332%2C4%2C%2C%2C%2C687%3Ati%3A2%3Ast%3A1615212629 HTTP 302
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A628%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A2%3Adp%3A0%3Als%3A407915704863%3Ahid%3A367065326%3Az%3A60%3Ai%3A202103081501028%3Aet%3A1615212629%3Ac%3A1%3Arn%3A819031597%3Au%3A1615212629125303329%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615212628057%3Ads%3A0%2C129%2C94%2C0%2C130%2C0%2C%2C329%2C5%2C%2C%2C%2C686%3Adsn%3A0%2C129%2C94%2C1%2C130%2C0%2C%2C332%2C4%2C%2C%2C%2C687%3Ati%3A2%3Ast%3A1615212629

Request Chain 34

https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615216228&ta=1600x1200&co=24&ref= HTTP 302
https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615216228&ta=1600x1200&co=24&ref=&BOUNCE=OK

Request Chain 35

https://dx.frontend.weborama.com/collect?touchpoint=0&url=https%3A//news.2xclick.ru/ HTTP 302
https://dx.frontend.weborama.com/collect?touchpoint=0&url=https%3A%2F%2Fnews.2xclick.ru%2F&bounce=1&random=3377841555 HTTP 302
https://rd.frontend.weborama.fr/rd?key=wamsync&url=https%3A%2F%2Fdx.frontend.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D HTTP 302
https://dx.frontend.weborama.com/collect?dsp_id=0&eid=-xoNaWquY6P-

Request Chain 39

https://mc.webvisor.org/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=9206.zMXIr7g5ax4-Mf3kRi-gmJibqcMDkmAF5j2NROTJTpOnpzMPRl4y9F0t6nnGP8Af.PAUPY_LdNSDcKsDJFILVQA_REP0%2C HTTP 302
https://mc.webvisor.org/sync_cookie_image_decide?token=9206.29OPziKp2qTo-I--Tu2WnAlrAcOLkNPCg3FM0Mm9xi5gWYffz5URGY-0JC_sOl2tMloS9yF-HObkvwqOGYT_dCuEeJBnpar9h2Mi6njHbhQ%2C.OcH1ys9_s04bj02tcoTpJzLyyAE%2C

Request Chain 42

https://rd.frontend.weborama.fr/rd?key=synchro&url=https%3A%2F%2Fcstatic.weborama.fr%2Fiframe%2Fexternal_all.html%3Fsite%3D485736%26loop%3D1 HTTP 302
https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1

Request Chain 44

https://rd.frontend.weborama.fr/rd?key=idsync-prx&url=https%3A%2F%2Faimfar.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dprx%26g.r%3D%27521078 HTTP 302
https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r=%27521078

Request Chain 46

https://rd.frontend.weborama.fr/rd?key=idsync-cj&url=https%3A%2F%2Fwam.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dcj%26d.k%3Dgraphinium HTTP 302
https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cj&d.k=graphinium

Request Chain 47

https://cm.g.doubleclick.net/pixel?google_nid=weborama_dmp&google_cm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=weborama_dmp&google_cm=&google_tc= HTTP 302
https://wam-google.solution.weborama.fr/pixel?google_gid=CAESEO_CcG3B07xJ3aAGGK1-m-Y&google_cver=1 HTTP 301
https://idsync.frontend.weborama.fr/ids?key=ggl&value=CAESEO_CcG3B07xJ3aAGGK1-m-Y&google_gid=CAESEO_CcG3B07xJ3aAGGK1-m-Y&google_cver=1

Request Chain 53

https://cr.frontend.weborama.fr/cr?key=acxiom&url=https%3a%2f%2fidsync.rlcdn.com%2f401736.gif%3fpartner_uid%3d%7bWEBO_CID%7d HTTP 302
https://idsync.rlcdn.com/401736.gif?partner_uid=hzrddSGQOfS/h7R5Z95P6.

Request Chain 54

https://rd.frontend.weborama.fr/rd?key=bigsea&url=https%3A%2F%2Fdx.frontend.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D HTTP 302
https://dx.frontend.weborama.com/collect?dsp_id=0&eid=-xoNaWquY6P-

Request Chain 56

https://rd.frontend.weborama.fr/rd?key=tapad&url=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3D2964%26partner_device_id%3D%7BWEBO_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=2964&partner_device_id=-xoNaWquY6P- HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2964&partner_device_id=-xoNaWquY6P-

Request Chain 93

https://ib.adnxs.com/getuid?https%3A%2F%2Fp.crm4d.com%2Fsync%2Fappnexus%2Fs.gif%3Fbounce%3D1%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fp.crm4d.com%252Fsync%252Fappnexus%252Fs.gif%253Fbounce%253D1%2526uid%253D%2524UID HTTP 302
https://p.crm4d.com/sync/appnexus/s.gif?bounce=1&uid=9154651459557704137

Request Chain 94

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D HTTP 302
https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D&cklb=1

119 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
news.2xclick.ru/
Redirect Chain

http://news.2xclick.ru/
https://news.2xclick.ru/

13 KB
5 KB

224ms
94ms

Document
text/html

93.95.100.117
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://news.2xclick.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.100.117 Podolsk, Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS: unspecified.mtw.ru
Software: nginx/1.10.3 /
Resource Hash: 5ebe581c00a037d79c7a51cabafb4e1e8c1c90003214d257e7d147102e975f2a

Request headers

Host: news.2xclick.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx/1.10.3
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 08 Mar 2021 14:10:29 GMT
Date: Mon, 08 Mar 2021 14:10:28 GMT
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Set-Cookie: uid=XV9kdWBGMFQ9KyDuBUZWAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/; secure; SameSite=none
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Content-Encoding: gzip

Redirect headers

Server: nginx/1.10.3
Date: Mon, 08 Mar 2021 14:10:28 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://news.2xclick.ru/
Set-Cookie: uid=XV9kdWBGMFQ1diDXBFX6Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"

GET
H2 200 style15.css
zn2.gnezdo.news/new-lenta/ 8 KB
2 KB 198ms
56ms Stylesheet
text/css 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 95f9f7d5fc896cddb14ac87de2c177488da4249aa25c977a620cf99463d615d4

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
content-encoding: gzip
last-modified: Wed, 30 Sep 2020 04:23:26 GMT
server: nginx
etag: "5f74083e-848"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
content-length: 2120
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 health.css
zn2.gnezdo.news/new-lenta/ 2 KB
2 KB 199ms
57ms Stylesheet
text/css 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zn2.gnezdo.news/new-lenta/health.css?1
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 01266b002c3a5fd944f5d5a6c9a7bcedf1274ea6c9baef3d2f14457d364014da

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Tue, 29 Sep 2020 05:06:28 GMT
server: nginx
etag: "5f72c0d4-8f1"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 2289
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 white-logo.png
zn2.gnezdo.news/new-lenta/img/ 4 KB
4 KB 244ms
105ms Image
image/png 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.news/new-lenta/img/white-logo.png
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: f3d3d5e79c6c3971916ebb40d8f16c3d584efe53669023273eeca33928178bfe

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Fri, 12 Jul 2019 13:56:19 GMT
server: nginx
etag: "5d289183-1100"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 4352
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 enter_ad.png
zn2.gnezdo.news/src/ 693 B
891 B 95ms
93ms Image
image/png 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.news/src/enter_ad.png
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 679c798fd4e7e8b2e875df662470ae6a0e01f5d8490a8d22bca5d419b30987cd

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Tue, 25 Apr 2017 08:51:56 GMT
server: nginx
etag: "58ff0e2c-2b5"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 693
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 140 KB
49 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b9b5737c8859fa4566da81b0d34c3084f0d83ee7dc2ac8afab3c4ed45685d9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50479
x-xss-protection: 0
server: cafe
etag: 13215137272821469477
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 08 Mar 2021 14:10:28 GMT

GET
H/1.1 200
OK health.jpg
news.gnezdo.ru/tests/health/ 4 KB
5 KB 177ms
55ms Image
image/jpeg 93.95.100.117
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news.gnezdo.ru/tests/health/health.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.100.117 Podolsk, Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS: unspecified.mtw.ru
Software: nginx/1.10.3 /
Resource Hash: 1c38153acac347bda02a24b09e16db230167f0a51d6d1974ff1e505c1282bdd6

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Mar 2021 14:10:28 GMT
Last-Modified: Thu, 08 Nov 2018 10:09:56 GMT
Server: nginx/1.10.3
ETag: "5be40b74-110b"
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 4363
Expires: Tue, 08 Mar 2022 14:10:28 GMT

GET
H2 200 jquery-2.2.4.min.js Show response
zn2.gnezdo.news/js/ 84 KB
29 KB 237ms
98ms Script
application/javascript 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zn2.gnezdo.news/js/jquery-2.2.4.min.js
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
content-encoding: gzip
last-modified: Fri, 20 Apr 2018 12:54:54 GMT
server: nginx
etag: "5ad9e31e-7429"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
content-length: 29737
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 modernizr.js Show response
zn2.gnezdo.news/new-lenta/ 3 KB
2 KB 244ms
105ms Script
application/javascript 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zn2.gnezdo.news/new-lenta/modernizr.js
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 840f575220d6b42197251483e8b3b486bce6f7c4c4bddfff022580d3bb39ce4b

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
content-encoding: gzip
last-modified: Thu, 28 Jun 2018 11:03:22 GMT
server: nginx
etag: "5b34c07a-53e"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
content-length: 1342
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 new_lenta_colors13.js Show response
zn2.gnezdo.news/js/ 5 KB
2 KB 243ms
105ms Script
application/javascript 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 288f12fba91b5cb98bbceee4d2affe465da49ec64528bba1f3525826c771846c

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
content-encoding: gzip
last-modified: Thu, 18 Feb 2021 07:58:16 GMT
server: nginx
etag: "602e1e18-6eb"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
content-length: 1771
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 QUiaUaxw.js Show response
backforward.bid/pushJs/ 24 KB
6 KB 175ms
57ms Script
application/javascript 91.210.107.38
HOSTKEY-RU-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://backforward.bid/pushJs/QUiaUaxw.js
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.210.107.38 Moscow, Russian Federation, ASN50867 (HOSTKEY-RU-AS, NL),
Reverse DNS
Software: cloudflare-nginx /
Resource Hash: d36426977c5c9a2f7e81196df9ac0198158c4d641fd6c7e445b7204051c11395

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
content-encoding: br
last-modified: Thu, 17 Dec 2020 10:15:50 GMT
server: cloudflare-nginx
etag: W/"5fdb2fd6-5ed7"
content-type: application/javascript
cache-control: max-age=259200, public, must_revalidate
expires: Mon, 25 Jan 2021 05:45:09 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
668 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed

Requested by

Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f51c09f7389cdc5cfdbd249cc66f95f51480041e42da46e5adf088e7bea9a686

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://zn2.gnezdo.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 08 Mar 2021 13:32:39 GMT
server: ESF
date: Mon, 08 Mar 2021 14:10:28 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 08 Mar 2021 14:10:28 GMT

GET
H2 200 watch.js Show response
cdn.jsdelivr.net/npm/yandex-metrica-watch/ 123 KB
49 KB 8ms
7ms Script
application/javascript 2a04:4e42:3::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

13b5305d3842a4989f440c5590607a3c30b20276e6945f48c9061be4469ec449

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 42655
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 49961
etag: W/"1ed5d-z5nC/r3r16ufr3F0zB9RZLtc/ME"
x-served-by: cache-fra19153-FRA
date: Mon, 08 Mar 2021 14:10:28 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 472
date: Mon, 08 Mar 2021 14:02:36 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Mon, 08 Mar 2021 16:02:36 GMT

GET
H2 200 products.js Show response
cstatic.weborama.fr/js/ 25 KB
7 KB 116ms
30ms Script
text/javascript 93.184.221.133
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cstatic.weborama.fr/js/products.js
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ska/F763) /
Resource Hash: 0c2e51ff8d93d23a47ac9696ba28911ef3bd596e40a8d456a238219ff1607a42

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
content-encoding: gzip
last-modified: Tue, 24 Nov 2020 13:24:27 GMT
server: ECAcc (ska/F763)
age: 520848
etag: "3608441127"
vary: Accept-Encoding
x-cache: HIT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-type: text/javascript
content-length: 7235
expires: Mon, 15 Mar 2021 14:10:28 GMT

GET
H2 200 pink-top.png
zn2.gnezdo.news/new-lenta/img/ 143 B
341 B 61ms
56ms Image
image/png 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.news/new-lenta/img/pink-top.png
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 91a23159638a846a426eb990ec53821e49518e78924d10f45ee5178ba44de83b

Request headers

Referer: https://zn2.gnezdo.news/new-lenta/style15.css?1234
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Tue, 20 Aug 2019 12:24:30 GMT
server: nginx
etag: "5d5be67e-8f"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 143
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK u19131_favicon_d8a5e8d3fe.png
news.gnezdo.ru/img/original/ 3 KB
3 KB 60ms
56ms Image
image/png 93.95.100.117
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news.gnezdo.ru/img/original/u19131_favicon_d8a5e8d3fe.png
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.100.117 Podolsk, Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS: unspecified.mtw.ru
Software: nginx/1.10.3 /
Resource Hash: a481081a94b78c96bca42783158e89685af0ffce84eaf5165903d85a205f5d88

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Mar 2021 14:10:28 GMT
Last-Modified: Mon, 12 Oct 2020 11:36:04 GMT
Server: nginx/1.10.3
ETag: "5f843fa4-bed"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3053
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK u13801_favicon_f43fcee44d.png
news.gnezdo.ru/img/original/ 2 KB
3 KB 117ms
57ms Image
image/png 93.95.100.117
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news.gnezdo.ru/img/original/u13801_favicon_f43fcee44d.png
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.100.117 Podolsk, Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS: unspecified.mtw.ru
Software: nginx/1.10.3 /
Resource Hash: fec01dea2d456e76b8f9247bc17429af76c8c7f46dcfa41d8fbb2b0b27df78a1

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Mar 2021 14:10:28 GMT
Last-Modified: Fri, 25 Jan 2019 14:20:16 GMT
Server: nginx/1.10.3
ETag: "5c4b1b20-966"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2406
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1067300_181dc2481e.jpg
zn2.gnezdo.ru/img/300x300/300/ 16 KB
16 KB 72ms
63ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/300x300/300/1067300_181dc2481e.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 2c47d0f235ec7716df9225cfa5343612118acf59be4d8ff658147d8aaca85db7

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Mon, 08 Feb 2021 09:31:16 GMT
server: nginx
etag: "602104e4-3f3c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 16188
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 like.png
zn2.gnezdo.news/new-lenta/img/ 684 B
882 B 62ms
55ms Image
image/png 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.news/new-lenta/img/like.png
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: b59d5d931ece7fab4c2378e6e3979c793f6e52e8a1bc6e7c1fa569e03d96f49f

Request headers

Referer: https://zn2.gnezdo.news/new-lenta/style15.css?1234
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Thu, 28 Jun 2018 10:56:50 GMT
server: nginx
etag: "5b34bef2-2ac"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 684
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 close.png
zn2.gnezdo.news/new-lenta/img/ 276 B
474 B 62ms
55ms Image
image/png 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.news/new-lenta/img/close.png
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 9b6b5e0c551bac6ccde502c3bf5c75d1efe6b1da975c0d251a4a17b8adcc74a5

Request headers

Referer: https://zn2.gnezdo.news/new-lenta/style15.css?1234
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Thu, 28 Jun 2018 10:56:50 GMT
server: nginx
etag: "5b34bef2-114"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 276
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1084402_f5493e6a58.jpg
zn2.gnezdo.ru/img/200x200/402/ 10 KB
10 KB 70ms
67ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/402/1084402_f5493e6a58.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: cf168895b75473e4deef6e9a37d5ded455e419df68393abf1a598cc753e632d1

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Sun, 07 Mar 2021 13:27:21 GMT
server: nginx
etag: "6044d4b9-26a8"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 9896
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1081819_d6f76c759b.jpg
zn2.gnezdo.ru/img/200x200/819/ 12 KB
12 KB 72ms
72ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/819/1081819_d6f76c759b.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: c13a975196eba31a7bedd7eefd67e28d0b692dbfeecdceab71a2389ef4f840f2

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Wed, 03 Mar 2021 10:52:17 GMT
server: nginx
etag: "603f6a61-3042"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 12354
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1076771_f6d7e52de9.jpg
zn2.gnezdo.ru/img/300x300/771/ 15 KB
15 KB 71ms
71ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/300x300/771/1076771_f6d7e52de9.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 549c069690860eaf53d9338be53a72a2608c21e58c462637cb4c333bafd532dd

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Tue, 23 Feb 2021 13:27:10 GMT
server: nginx
etag: "603502ae-3b82"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 15234
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19a7DRs5.woff2
fonts.gstatic.com/s/robotocondensed/v19/ 10 KB
10 KB 10ms
4ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19a7DRs5.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a665b3ad14cb2075a396c2c542ea83c928fbcfb08160330bdec73177c63cc97e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://news.2xclick.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 19:41:26 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:08:53 GMT
server: sffe
age: 325742
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9908
x-xss-protection: 0
expires: Fri, 04 Mar 2022 19:41:26 GMT

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v19/ 15 KB
15 KB 10ms
5ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://news.2xclick.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 18:30:34 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:08:56 GMT
server: sffe
age: 589194
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15720
x-xss-protection: 0
expires: Tue, 01 Mar 2022 18:30:34 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 4 B
99 B 14ms
13ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=510567148&t=pageview&_s=1&dl=https%3A%2F%2Fnews.2xclick.ru%2F&ul=en-us&de=UTF-8&dt=Gnezdo.ru.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=549555469&gjid=788144928&cid=1606654765.1615212629&tid=UA-5044672-6&_gid=877113605.1615212629&_r=1&_slc=1&z=606527181

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://news.2xclick.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1067300_181dc2481e.jpg
zn2.gnezdo.ru/img/300x300/300/ 16 KB
16 KB 209ms
92ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/300x300/300/1067300_181dc2481e.jpg
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 2c47d0f235ec7716df9225cfa5343612118acf59be4d8ff658147d8aaca85db7

Request headers

Origin: https://news.2xclick.ru
Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Mon, 08 Feb 2021 09:31:16 GMT
server: nginx
etag: "602104e4-3f3c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 16188
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1084402_f5493e6a58.jpg
zn2.gnezdo.ru/img/200x200/402/ 10 KB
10 KB 213ms
97ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/402/1084402_f5493e6a58.jpg
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: cf168895b75473e4deef6e9a37d5ded455e419df68393abf1a598cc753e632d1

Request headers

Origin: https://news.2xclick.ru
Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Sun, 07 Mar 2021 13:27:21 GMT
server: nginx
etag: "6044d4b9-26a8"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 9896
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1081819_d6f76c759b.jpg
zn2.gnezdo.ru/img/200x200/819/ 12 KB
12 KB 217ms
100ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/819/1081819_d6f76c759b.jpg
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: c13a975196eba31a7bedd7eefd67e28d0b692dbfeecdceab71a2389ef4f840f2

Request headers

Origin: https://news.2xclick.ru
Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Wed, 03 Mar 2021 10:52:17 GMT
server: nginx
etag: "603f6a61-3042"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 12354
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1076771_f6d7e52de9.jpg
zn2.gnezdo.ru/img/300x300/771/ 15 KB
15 KB 217ms
101ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/300x300/771/1076771_f6d7e52de9.jpg
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 549c069690860eaf53d9338be53a72a2608c21e58c462637cb4c333bafd532dd

Request headers

Origin: https://news.2xclick.ru
Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Tue, 23 Feb 2021 13:27:10 GMT
server: nginx
etag: "603502ae-3b82"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 15234
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

1 Show response
mc.yandex.ru/watch/3/
Redirect Chain

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A628%3Afu%3A0%3Aen%3Autf-8%3Ala%3...
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A628%3Afu%3A0%3Aen%3Autf-8%3Ala%...

35 B
116 B

43ms
42ms

XHR
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A628%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A2%3Adp%3A0%3Als%3A407915704863%3Ahid%3A367065326%3Az%3A60%3Ai%3A202103081501028%3Aet%3A1615212629%3Ac%3A1%3Arn%3A819031597%3Au%3A1615212629125303329%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615212628057%3Ads%3A0%2C129%2C94%2C0%2C130%2C0%2C%2C329%2C5%2C%2C%2C%2C686%3Adsn%3A0%2C129%2C94%2C1%2C130%2C0%2C%2C332%2C4%2C%2C%2C%2C687%3Ati%3A2%3Ast%3A1615212629

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

efbdf9cab6b6cf2bf7207ae4e0456c9462b2c0d4c2de76d65442de2af7253f2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 08-Mar-2021 14:10:28 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://news.2xclick.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 35
x-xss-protection: 1; mode=block
expires: Mon, 08-Mar-2021 14:10:28 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Mon, 08-Mar-2021 14:10:28 GMT
location: /watch/3/1?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A628%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A2%3Adp%3A0%3Als%3A407915704863%3Ahid%3A367065326%3Az%3A60%3Ai%3A202103081501028%3Aet%3A1615212629%3Ac%3A1%3Arn%3A819031597%3Au%3A1615212629125303329%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615212628057%3Ads%3A0%2C129%2C94%2C0%2C130%2C0%2C%2C329%2C5%2C%2C%2C%2C686%3Adsn%3A0%2C129%2C94%2C1%2C130%2C0%2C%2C332%2C4%2C%2C%2C%2C687%3Ati%3A2%3Ast%3A1615212629
strict-transport-security: max-age=31536000
access-control-allow-origin: https://news.2xclick.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0
x-xss-protection: 1; mode=block
expires: Mon, 08-Mar-2021 14:10:28 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
88 B 13ms
13ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j88&tid=UA-5044672-6&cid=1606654765.1615212629&jid=549555469&gjid=788144928&_gid=877113605.1615212629&_u=IEBAAEAAAAAAAC~&z=555557214

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 08 Mar 2021 14:10:28 GMT
content-type: text/plain
access-control-allow-origin: https://news.2xclick.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 advert.gif
mc.yandex.ru/metrika/ 43 B
148 B 43ms
43ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
last-modified: Thu, 04 Mar 2021 17:30:33 GMT
etag: "603efc40-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Mon, 08 Mar 2021 15:10:28 GMT

GET
H2 200 external_all.html Show response
cstatic.weborama.fr/iframe/ Frame DF05 6 KB
2 KB 32ms
32ms Document
text/html 93.184.221.133
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/js/products.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ska/F76B) /
Resource Hash: dd06964bce4d3d30c47a19c923bae3589dcbf82614938d4ff8fd1772cdf20249

Request headers

:method: GET
:authority: cstatic.weborama.fr
:scheme: https
:path: /iframe/external_all.html?site=485736
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://news.2xclick.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://news.2xclick.ru/

Response headers

content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 522222
cache-control: max-age=604800
content-type: text/html
date: Mon, 08 Mar 2021 14:10:28 GMT
etag: "1973320744"
expires: Mon, 15 Mar 2021 14:10:28 GMT
last-modified: Tue, 02 Mar 2021 12:57:24 GMT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server: ECAcc (ska/F76B)
vary: Accept-Encoding
x-cache: HIT
content-length: 1697

GET
H/1.1

200
OK

comptage_wreport.fcgi
gnezdoruanalytics.solution.weborama.fr/fcgi-bin/
Redirect Chain

https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615216228&ta=1600x1200&co=24&ref=
https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615216228&ta=1600x1200&co=24&ref=&BOUNCE=OK

67 B
721 B

58ms
58ms

Image
image/gif

195.54.48.25
WEBORAMA Weborama...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615216228&ta=1600x1200&co=24&ref=&BOUNCE=OK
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.54.48.25 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS: aub-collect-lb-c03-01-vip.weborama.fr
Software: Apache /
Resource Hash: 09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
cache-control: no-cache
server: Apache
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
transfer-encoding: chunked
content-type: image/gif

Redirect headers

location: https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615216228&ta=1600x1200&co=24&ref=&BOUNCE=OK
date: Mon, 08 Mar 2021 14:10:28 GMT
server: Apache
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
content-length: 399
content-type: text/html; charset=iso-8859-1

GET
H2

204

collect
dx.frontend.weborama.com/
Redirect Chain

https://dx.frontend.weborama.com/collect?touchpoint=0&url=https%3A//news.2xclick.ru/
https://dx.frontend.weborama.com/collect?touchpoint=0&url=https%3A%2F%2Fnews.2xclick.ru%2F&bounce=1&random=3377841555
https://rd.frontend.weborama.fr/rd?key=wamsync&url=https%3A%2F%2Fdx.frontend.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D
https://dx.frontend.weborama.com/collect?dsp_id=0&eid=-xoNaWquY6P-

0
123 B

67ms
66ms

Image
text/plain

35.201.80.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dx.frontend.weborama.com/collect?dsp_id=0&eid=-xoNaWquY6P-
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.80.102 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 102.80.201.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
location: https://dx.frontend.weborama.com/collect?dsp_id=0&eid=-xoNaWquY6P-
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 31ms
30ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-5044672-6&cid=1606654765.1615212629&jid=549555469&_u=IEBAAEAAAAAAAC~&z=48765722

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 32ms
32ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-5044672-6&cid=1606654765.1615212629&jid=549555469&_u=IEBAAEAAAAAAAC~&z=48765722

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 external_libs.js Show response
cstatic.weborama.fr/iframe/ Frame DF05 5 KB
2 KB 31ms
30ms Script
text/javascript 93.184.221.133
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cstatic.weborama.fr/iframe/external_libs.js
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ska/F741) /
Resource Hash: 05380d354053cfd0e7a2f0f6abd805fbfb303e487bbe67ef78ea91a278d56a96

Request headers

Referer: https://cstatic.weborama.fr/iframe/external_all.html?site=485736
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:28 GMT
content-encoding: gzip
last-modified: Tue, 08 Sep 2020 08:07:23 GMT
server: ECAcc (ska/F741)
age: 21975
etag: "3469217132"
vary: Accept-Encoding
x-cache: HIT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-type: text/javascript
content-length: 1997
expires: Mon, 15 Mar 2021 14:10:28 GMT

GET
H2

200

sync_cookie_image_decide
mc.webvisor.org/
Redirect Chain

https://mc.webvisor.org/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=9206.zMXIr7g5ax4-Mf3kRi-gmJibqcMDkmAF5j2NROTJTpOnpzMPRl4y9F0t6nnGP8Af.PAUPY_LdNSDcKsDJFILVQA_REP0%2C
https://mc.webvisor.org/sync_cookie_image_decide?token=9206.29OPziKp2qTo-I--Tu2WnAlrAcOLkNPCg3FM0Mm9xi5gWYffz5URGY-0JC_sOl2tMloS9yF-HObkvwqOGYT_dCuEeJBnpar9h2Mi6njHbhQ%2C.OcH1ys9_s04bj02tcoTpJzLyyA...

43 B
358 B

51ms
50ms

Image
image/gif

80.239.201.77
TELIANET Telia Ca...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.webvisor.org/sync_cookie_image_decide?token=9206.29OPziKp2qTo-I--Tu2WnAlrAcOLkNPCg3FM0Mm9xi5gWYffz5URGY-0JC_sOl2tMloS9yF-HObkvwqOGYT_dCuEeJBnpar9h2Mi6njHbhQ%2C.OcH1ys9_s04bj02tcoTpJzLyyAE%2C

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

80.239.201.77 , Sweden, ASN1299 (TELIANET Telia Carrier, SE),

Reverse DNS

80-239-201-77.teliacarrier-cust.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:29 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.webvisor.org/sync_cookie_image_decide?token=9206.29OPziKp2qTo-I--Tu2WnAlrAcOLkNPCg3FM0Mm9xi5gWYffz5URGY-0JC_sOl2tMloS9yF-HObkvwqOGYT_dCuEeJBnpar9h2Mi6njHbhQ%2C.OcH1ys9_s04bj02tcoTpJzLyyAE%2C
date: Mon, 08 Mar 2021 14:10:29 GMT
strict-transport-security: max-age=31536000
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 200 11859022 Show response
mc.yandex.ru/watch/ 167 B
250 B 49ms
49ms XHR
application/json 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/11859022?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&charset=utf-8&site-info=%7B%22gnezdoSourceId%22%3A0%2C%22gnezdoTagId%22%3A0%2C%22gnezdoTeaserId%22%3A0%2C%22gnezdoGroupId%22%3A%220%22%2C%22gnezdoSubId%22%3A0%2C%22gnezdoADGender%22%3A%22%22%2C%22gnezdoADAge%22%3A%22%22%2C%22gnezdoLentaId%22%3A%22def%22%7D&ut=noindex&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A628%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A1%3Adp%3A0%3Als%3A891891552593%3Ahid%3A367065326%3Az%3A60%3Ai%3A202103081501028%3Aet%3A1615212629%3Ac%3A1%3Arn%3A35124202%3Au%3A1615212629125303329%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615212628057%3Ads%3A0%2C129%2C94%2C0%2C130%2C0%2C%2C329%2C5%2C%2C%2C%2C686%3Adsn%3A0%2C129%2C94%2C1%2C130%2C0%2C%2C332%2C4%2C%2C%2C%2C687%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1615212629%3At%3AGnezdo.ru.

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

4800664e72d4b8e85f214add4f3c7baf0be0d07d535d1b7475cfbbf6be58bad5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 08-Mar-2021 14:10:29 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://news.2xclick.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 167
x-xss-protection: 1; mode=block
expires: Mon, 08-Mar-2021 14:10:29 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 6ms
6ms Image
image/gif 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=510567148&t=timing&_s=2&dl=https%3A%2F%2Fnews.2xclick.ru%2F&ul=en-us&de=UTF-8&dt=Gnezdo.ru.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1177&pdt=0&dns=0&rrt=130&srt=94&tcp=129&dit=686&clt=686&_gst=581&_gbt=664&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=1606654765.1615212629&tid=UA-5044672-6&_gid=877113605.1615212629&z=910648939

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 04:30:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34782
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

external_all.html Show response
cstatic.weborama.fr/iframe/ Frame DF05
Redirect Chain

https://rd.frontend.weborama.fr/rd?key=synchro&url=https%3A%2F%2Fcstatic.weborama.fr%2Fiframe%2Fexternal_all.html%3Fsite%3D485736%26loop%3D1
https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1

6 KB
2 KB

27ms
27ms

Document
text/html

93.184.221.133
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_libs.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ska/F76B) /
Resource Hash: dd06964bce4d3d30c47a19c923bae3589dcbf82614938d4ff8fd1772cdf20249

Request headers

:method: GET
:authority: cstatic.weborama.fr
:scheme: https
:path: /iframe/external_all.html?site=485736&loop=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cstatic.weborama.fr/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: AFFICHE_W=-xoNaWquY6P-11; wbo_temps_reel=NDg1NzM2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cstatic.weborama.fr/iframe/external_all.html?site=485736

Response headers

content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 522223
cache-control: max-age=604800
content-type: text/html
date: Mon, 08 Mar 2021 14:10:29 GMT
etag: "1973320744"
expires: Mon, 15 Mar 2021 14:10:29 GMT
last-modified: Tue, 02 Mar 2021 12:57:24 GMT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server: ECAcc (ska/F76B)
vary: Accept-Encoding
x-cache: HIT
content-length: 1697

Redirect headers

server: nginx/1.12.0
date: Mon, 08 Mar 2021 14:10:29 GMT
content-length: 0
location: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
alt-svc: clear

GET
H2 200 external_libs.js Show response
cstatic.weborama.fr/iframe/ Frame DF05 5 KB
2 KB 27ms
27ms Script
text/javascript 93.184.221.133
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cstatic.weborama.fr/iframe/external_libs.js
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ska/F741) /
Resource Hash: 05380d354053cfd0e7a2f0f6abd805fbfb303e487bbe67ef78ea91a278d56a96

Request headers

Referer: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:29 GMT
content-encoding: gzip
last-modified: Tue, 08 Sep 2020 08:07:23 GMT
server: ECAcc (ska/F741)
age: 21976
etag: "3469217132"
vary: Accept-Encoding
x-cache: HIT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-type: text/javascript
content-length: 1997
expires: Mon, 15 Mar 2021 14:10:29 GMT

GET
H/1.1

200
OK

dispatch.fcgi Show response
aimfar.solution.weborama.fr/fcgi-bin/ Frame D7DA
Redirect Chain

https://rd.frontend.weborama.fr/rd?key=idsync-prx&url=https%3A%2F%2Faimfar.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dprx%26g.r%3D%27521078
https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r=%27521078

41 B
524 B

184ms
48ms

Document
text/html

195.54.48.25
WEBORAMA Weborama...

General

Check archive.org

Show headers Download Go to

Full URL: https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r=%27521078
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_libs.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.54.48.25 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS: aub-collect-lb-c03-01-vip.weborama.fr
Software: Apache /
Resource Hash: f752c9d78517ca9e04bd89d00ad15e914800aad0f8471c18b9114c620b74463b

Request headers

Host: aimfar.solution.weborama.fr
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://cstatic.weborama.fr/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: AFFICHE_W=-xoNaWquY6P-11; wbo_temps_reel=NDg1NzM2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cstatic.weborama.fr/

Response headers

date: Mon, 08 Mar 2021 14:10:29 GMT
server: Apache
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
vary: Accept-Encoding
content-encoding: gzip
transfer-encoding: chunked
content-type: text/html

Redirect headers

server: nginx/1.12.0
date: Mon, 08 Mar 2021 14:10:29 GMT
content-length: 0
location: https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r='521078
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
alt-svc: clear

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 113E 0
0 158ms
70ms Document
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cr.frontend.weborama.fr/cr?key=nielsen&url=https%3A%2F%2Floadus.exelator.com%2Fload%2F%3Fp%3D204%26g%3D1020%26j%3Dw
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_libs.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash

Request headers

:method: GET
:authority: cr.frontend.weborama.fr
:scheme: https
:path: /cr?key=nielsen&url=https%3A%2F%2Floadus.exelator.com%2Fload%2F%3Fp%3D204%26g%3D1020%26j%3Dw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cstatic.weborama.fr/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: AFFICHE_W=-xoNaWquY6P-11; wbo_temps_reel=NDg1NzM2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cstatic.weborama.fr/

Response headers

server: nginx/1.12.0
date: Mon, 08 Mar 2021 14:10:29 GMT
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
alt-svc: clear

GET
H/1.1

200
OK

dispatch.fcgi Show response
wam.solution.weborama.fr/fcgi-bin/ Frame DF05
Redirect Chain

https://rd.frontend.weborama.fr/rd?key=idsync-cj&url=https%3A%2F%2Fwam.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dcj%26d.k%3Dgraphinium
https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cj&d.k=graphinium

334 B
760 B

214ms
68ms

Script
application/x-javascript

195.54.48.26
WEBORAMA Weborama...

General

Check archive.org

Show headers Download Go to

Full URL: https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cj&d.k=graphinium
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.54.48.26 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS: aub-collect-lb-c03-02-vip.weborama.fr
Software: Apache /
Resource Hash: 46704d1a7bfafce192a2e98eaeb182e762ea902e32fea7dc429bf9f13701d45e

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
content-encoding: gzip
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: Apache
vary: Accept-Encoding
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
transfer-encoding: chunked
content-type: application/x-javascript
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
location: https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cj&d.k=graphinium
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2

204

ids
idsync.frontend.weborama.fr/ Frame DF05
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=weborama_dmp&google_cm
https://cm.g.doubleclick.net/pixel?google_nid=weborama_dmp&google_cm=&google_tc=
https://wam-google.solution.weborama.fr/pixel?google_gid=CAESEO_CcG3B07xJ3aAGGK1-m-Y&google_cver=1
https://idsync.frontend.weborama.fr/ids?key=ggl&value=CAESEO_CcG3B07xJ3aAGGK1-m-Y&google_gid=CAESEO_CcG3B07xJ3aAGGK1-m-Y&google_cver=1

0
236 B

168ms
71ms

Image
text/plain

35.201.81.244
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.frontend.weborama.fr/ids?key=ggl&value=CAESEO_CcG3B07xJ3aAGGK1-m-Y&google_gid=CAESEO_CcG3B07xJ3aAGGK1-m-Y&google_cver=1
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.81.244 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 244.81.201.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:30 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:30 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

location: https://idsync.frontend.weborama.fr/ids?key=ggl&value=CAESEO_CcG3B07xJ3aAGGK1-m-Y&google_gid=CAESEO_CcG3B07xJ3aAGGK1-m-Y&google_cver=1
date: Mon, 08 Mar 2021 14:10:29 GMT
server: Apache
content-length: 354
content-type: text/html; charset=iso-8859-1

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
236 B 157ms
69ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=appnexus&url=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dappnexus_id%26value%3D%24UID
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 160ms
72ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=tubemogul&url=https%3A%2F%2Frtd-tm.everesttech.net%2Fupi%2Fpid%2FI4EAHwnE%3Fredir%3Dhttps%253A%252F%252Fidsync.frontend.weborama.fr%252Fids%253Fkey%253Dtubemogul_id%2526value%253D%2524%257BUSER_ID%257D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 158ms
71ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=criteov2&url=https%3A%2F%2Fgum.criteo.com%2Fsync%3Fc%3D13%26a%3D1%26r%3D1%26u%3Dhttps%253A%252F%252Fidsync.frontend.weborama.fr%252Fids%253Fkey%253Dcriteov2_id%2526value%253D%2540USERID%2540
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 161ms
74ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=mediamath&url=https%3A%2F%2Fpixel.mathtag.com%2Fsync%2Fimg%3Fmt_exid%3D10014%26redir%3Dhttps%253A%252F%252Fidsync.frontend.weborama.fr%252Fids%253Fkey%253Dmediamath_id%2526value%253D%255BMM_UUID%255D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 157ms
71ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=smartadserver&url=https%3A%2F%2Fsync.smartadserver.com%2Fgetuid%3Furl%3Dhttps%253A%252F%252Fidsync.frontend.weborama.fr%252Fids%253Fkey%253Dsmartadserver_id%2526value%253D%255Bsas_uid%255D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2

200

401736.gif
idsync.rlcdn.com/ Frame DF05
Redirect Chain

https://cr.frontend.weborama.fr/cr?key=acxiom&url=https%3a%2f%2fidsync.rlcdn.com%2f401736.gif%3fpartner_uid%3d%7bWEBO_CID%7d
https://idsync.rlcdn.com/401736.gif?partner_uid=hzrddSGQOfS/h7R5Z95P6.

42 B
286 B

69ms
67ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/401736.gif?partner_uid=hzrddSGQOfS/h7R5Z95P6.
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
location: https://idsync.rlcdn.com/401736.gif?partner_uid=hzrddSGQOfS/h7R5Z95P6.
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2

204

collect
dx.frontend.weborama.com/ Frame DF05
Redirect Chain

https://rd.frontend.weborama.fr/rd?key=bigsea&url=https%3A%2F%2Fdx.frontend.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D
https://dx.frontend.weborama.com/collect?dsp_id=0&eid=-xoNaWquY6P-

0
123 B

69ms
68ms

Image
text/plain

35.201.80.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dx.frontend.weborama.com/collect?dsp_id=0&eid=-xoNaWquY6P-
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.80.102 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 102.80.201.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
location: https://dx.frontend.weborama.com/collect?dsp_id=0&eid=-xoNaWquY6P-
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 79ms
66ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=thetradedesk&url=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3D4n2tpwc%26ttd_tpi%3D1
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame DF05
Redirect Chain

https://rd.frontend.weborama.fr/rd?key=tapad&url=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3D2964%26partner_device_id%3D%7BWEBO_ID%7D
https://pixel.tapad.com/idsync/ex/receive?partner_id=2964&partner_device_id=-xoNaWquY6P-
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2964&partner_device_id=-xoNaWquY6P-

95 B
426 B

81ms
74ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2964&partner_device_id=-xoNaWquY6P-

Requested by

Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Jetty(9.4.28.v20200408) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

Redirect headers

date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2964&partner_device_id=-xoNaWquY6P-
alt-svc: clear
content-length: 0

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 80ms
67ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=mailru&url=https%3A%2F%2Fad.mail.ru%2Fcm.gif%3Fp%3D68%26id%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 81ms
68ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=yandex&url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fdmpweborama%2F%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 80ms
67ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=getintent&url=https%3A%2F%2Fpx.adhigh.net%2Fp%2Fcm%2Fweborama%3Fu%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 80ms
68ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=seedr&url=https%3A%2F%2Fstats.seedr.com%2Fnr%2Fsync%3Fdsp_id%3Dwbrm%26external_uid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 81ms
69ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=rambler&url=https%3A%2F%2Fsync.rambler.ru%2Fset%3Fpartner_id%3Dab56d453-f95a-4cbc-97b3-1e30a8f95173%26id%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 82ms
69ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=yahoo&url=https%3A%2F%2Fcms.analytics.yahoo.com%2Fcms%3Fpartner_id%3DWEBMA%26gdpr%3Dfalse
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 81ms
69ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=tremelio&url=https%3A%2F%2Fsync-uid.leadplace.fr%2Fsync-uid.php%3Fpart%3Dweborama%26id%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 91ms
79ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=crm4d&url=https%3A%2F%2Fp.crm4d.com%2Femt%2Fsync%2Fweborama%3Fuid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 92ms
80ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=relap&url=https%3A%2F%2Frelap.io%2Fpartners%2Fwbrmcs%3Fuid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 82ms
70ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=zbo&url=https%3A%2F%2Fsync.zebestof.com%2Fsync%2Fweborama
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 91ms
79ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=vkcom&url=https%3A%2F%2Fvk.com%2Fwbrh%3Fr%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 92ms
80ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=adsniper&url=https%3A%2F%2Fsync.bumlam.com%2F%3Fsrc%3Dwbr_nr%26uid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 92ms
80ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=audrte&url=https%3A%2F%2Fa.audrte.com%2Fmatch%3Fuid%3D%7BWEBO_CID%7D%26p%3D1468142154
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 93ms
81ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=zemanta&url=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fweborama%2F%3Fwebouuid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 110ms
98ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=adcamp&url=https%3A%2F%2Fpixel.kost.tv%2Fweborama%2F%3Fweborama_id%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 110ms
98ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=avito&url=https%3A%2F%2Fwww.avito.ru%2Fadvertisement%2Fweborama.gif%3Fwebouuid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 112ms
100ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=otm&url=https%3A%2F%2Fsync.dmp.otm-r.com%2Fmatch%2Fweborama%3Fid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 111ms
99ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=soloway&url=https%3A%2F%2Fssp.adriver.ru%2Fcgi-bin%2Fsync.cgi%3Fssp_id%3D20323%26external_id%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 112ms
100ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=buzzoola&url=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdmp%2Fweborama%3Fuid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 113ms
101ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=adform&url=https%3A%2F%2Fc1.adform.net%2Fserving%2Fcookie%2Fmatch%3FCC%3D1%26party%3D1145%26cid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 112ms
101ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=mediatoday&url=https%3A%2F%2Fmediatoday.ru%2Fcore%2Fmatch.gif%3Fs%3D15%26id%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 116ms
93ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=mailruv2&url=https%3A%2F%2Ftop-fwz1.mail.ru%2Fcounter%3Fid%3D3201812%3Bpid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame DF05 0
44 B 116ms
93ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=beeline&url=https%3A%2F%2F%7BWEBO_CID%7D-wbr.ops.beeline.ru%2Fid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 19.208.227.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 14:10:29 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H3-Q050 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/ 227 KB
86 KB 73ms
59ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1f6f1027092d281d624e67f9f83460ed291ae367b558c16cd6afad7af5eba1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87278
x-xss-protection: 0
server: cafe
etag: 4389487008424739880
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Mar 2021 14:10:29 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210303/r20190131/ Frame 2B31 11 KB
5 KB 14ms
1ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210303/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e78c14aeb9435fd03f67ad2ee4c45e18bfcfc100a4c62c8bd886324ce6296f77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210303/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://news.2xclick.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkQg25eNAFghpdDoW2s_R7YH7ahJPQVSfWXR51yWILirrPgjQcPtAkIOtCSjME
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://news.2xclick.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 07 Mar 2021 21:27:47 GMT
expires: Sun, 21 Mar 2021 21:27:47 GMT
content-type: text/html; charset=UTF-8
etag: 14371272352318978350
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 5136
x-xss-protection: 0
age: 60162
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 200 B
639 B 159ms
67ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=news.2xclick.ru&callback=_gfp_s_&client=ca-pub-5828883634660773

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

f14f0f311be5c08af353b3e92cd63227b573c543765ea016499744e1fbfc4815

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 191
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
313 B 15ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=news.2xclick.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 14:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
239 B 16ms
15ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=news.2xclick.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 14:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 45E5 117 KB
16 KB 547ms
532ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615212629&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615212629640&bpp=21&bdt=1226&idt=114&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=725413703565&frm=20&pv=2&ga_vid=1606654765.1615212629&ga_sid=1615212630&ga_hid=510567148&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736377%2C44736524%2C21066922%2C31060351%2C21068785&oid=3&pvsid=2033430427830441&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gALHdSZoYl&p=https%3A//news.2xclick.ru&dtd=185

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3b1e4fafbf6fec14f73d211cd8b5bd72bd833af43d498327a10e6e83e2b8f2d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615212629&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615212629640&bpp=21&bdt=1226&idt=114&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=725413703565&frm=20&pv=2&ga_vid=1606654765.1615212629&ga_sid=1615212630&ga_hid=510567148&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736377%2C44736524%2C21066922%2C31060351%2C21068785&oid=3&pvsid=2033430427830441&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gALHdSZoYl&p=https%3A//news.2xclick.ru&dtd=185
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://news.2xclick.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkQg25eNAFghpdDoW2s_R7YH7ahJPQVSfWXR51yWILirrPgjQcPtAkIOtCSjME
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://news.2xclick.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-expose-headers: x-google-amp-ad-validated-version
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 08 Mar 2021 14:10:30 GMT
server: cafe
content-length: 15924
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 52ms
37ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210303&st=env

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7c9b6709a8e84dbe42b693c653b3d691bcbf55466813d1ee50f35ee8ed9915ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 14:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6512
x-xss-protection: 0

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2b04100564fd9141d7acbd40482d40a3c5b4af2cf25b2cf8726b5608841d61a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774803212306"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28399
x-xss-protection: 0
expires: Mon, 08 Mar 2021 14:10:29 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B267 0
425 B 20ms
16ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&adk=1812271804&adf=3025194257&lmt=1615212629&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fnews.2xclick.ru%2F&ea=0&flash=0&pra=7&wgl=1&dt=1615212629662&bpp=3&bdt=1249&idt=231&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=500x280&nras=1&correlator=725413703565&frm=20&pv=1&ga_vid=1606654765.1615212629&ga_sid=1615212630&ga_hid=510567148&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736377%2C44736524%2C21066922%2C31060351%2C21068785&oid=3&pvsid=2033430427830441&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=2&uci=a!2&fsb=1&dtd=253

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5828883634660773&output=html&adk=1812271804&adf=3025194257&lmt=1615212629&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fnews.2xclick.ru%2F&ea=0&flash=0&pra=7&wgl=1&dt=1615212629662&bpp=3&bdt=1249&idt=231&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=500x280&nras=1&correlator=725413703565&frm=20&pv=1&ga_vid=1606654765.1615212629&ga_sid=1615212630&ga_hid=510567148&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736377%2C44736524%2C21066922%2C31060351%2C21068785&oid=3&pvsid=2033430427830441&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=2&uci=a!2&fsb=1&dtd=253
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://news.2xclick.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkQg25eNAFghpdDoW2s_R7YH7ahJPQVSfWXR51yWILirrPgjQcPtAkIOtCSjME
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://news.2xclick.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 08 Mar 2021 14:10:29 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 46ms
17ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Mon, 08 Mar 2021 14:10:29 GMT

GET
H/1.1 200
OK weborama.js Show response
p.crm4d.com/sync/ Frame DF05 2 KB
2 KB 154ms
48ms Script
text/javascript 54.37.44.146
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://p.crm4d.com/sync/weborama.js?r=0.9290999467276799
Requested by: Host: rd.frontend.weborama.fr
URL: https://rd.frontend.weborama.fr/rd?key=idsync-cj&url=https%3A%2F%2Fwam.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dcj%26d.k%3Dgraphinium
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.37.44.146 , France, ASN16276 (OVH, FR),
Reverse DNS: ip146.ip-54-37-44.eu
Software: /
Resource Hash: 6f7c9c1828fc0b39e1f8943174430e13a6eafc5089325276c7027f19a9af447f

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Mar 2021 14:10:30 GMT
Content-Encoding: gzip
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 5717 12 KB
5 KB 55ms
38ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://news.2xclick.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://news.2xclick.ru/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Mon, 08 Mar 2021 14:03:13 GMT
expires: Tue, 08 Mar 2022 14:03:13 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 437
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK match
p.crm4d.com/sync/weborama/ Frame DF05 42 B
545 B 42ms
39ms Image
image/gif 54.37.44.146
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.crm4d.com/sync/weborama/match?uid=hzrddSGQOfS%2Fh7R5Z95P6.
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.37.44.146 , France, ASN16276 (OVH, FR),
Reverse DNS: ip146.ip-54-37-44.eu
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Mar 2021 14:10:30 GMT
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"

GET
H/1.1

200
OK

s.gif
p.crm4d.com/sync/appnexus/ Frame DF05
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fp.crm4d.com%2Fsync%2Fappnexus%2Fs.gif%3Fbounce%3D1%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fp.crm4d.com%252Fsync%252Fappnexus%252Fs.gif%253Fbounce%253D1%2526uid%253D%2524UID
https://p.crm4d.com/sync/appnexus/s.gif?bounce=1&uid=9154651459557704137

42 B
561 B

39ms
38ms

Image
image/gif

54.37.44.146
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.crm4d.com/sync/appnexus/s.gif?bounce=1&uid=9154651459557704137
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.37.44.146 , France, ASN16276 (OVH, FR),
Reverse DNS: ip146.ip-54-37-44.eu
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Mar 2021 14:10:30 GMT
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"

Redirect headers

Pragma: no-cache
Date: Mon, 08 Mar 2021 14:10:30 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 690.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.109:80
AN-X-Request-Uuid: b56118fb-836c-43ec-b237-a39d8c23004d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://p.crm4d.com/sync/appnexus/s.gif?bounce=1&uid=9154651459557704137
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

getuid
sync.smartadserver.com/ Frame DF05
Redirect Chain

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D
https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D&cklb=1

0
75 B

43ms
42ms

Image
text/plain

185.86.137.110
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D&cklb=1
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.110 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 14:10:29 GMT
content-length: 0

Redirect headers

location: https://sync.smartadserver.com:443/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D&cklb=1
pragma: no-cache
date: Mon, 08 Mar 2021 14:10:29 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H3-Q050 200 Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js Show response
pagead2.googlesyndication.com/bg/ Frame 5717 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 07:40:57 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Mar 2021 10:45:00 GMT
server: sffe
age: 23373
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5643
x-xss-protection: 0
expires: Tue, 08 Mar 2022 07:40:57 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
111 B 44ms
40ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gda_r20210303&jk=2033430427830441&bg=!PD-lP3zNAAWsVXnBrDsAKQB2-DxaQ8M-e4BjHrtnNqezdIudatWNAoEZmXgH1GwN6d6Gr0gUlmXMAgAAAHhSAAAADWgBBwoAvR8MWRML9OtDBxq1PocKNBBcqlnY3iq9GOwqOwx7jvcJTAnABQboDg8XgW9hs2F5wLLMxhZYBsgfWk8s2R0EW9h18vdZBjgFJkWTCYowPXD8J9TzTurl2fIbDTXMVFLDhfWPG5vD5yvVmApsMJVQRB-j7jlG8xC35Zkese70d-0cqC_f5kV9Nxu2kMjIRkpE45upDRbbb8X0l19II40nfN2Vbus-DrVtR52a_VzX1BW6hQk7N8YEPnlCj-SjD5kCBj46VOZRm4GTAHHoSr0d5lmvv-4QBVQofPWqbOR7C1my_CxarzAxxNkwulkzAZ99c5IbMY4IXfBgBtKjgUz4ZGpRnxPlrkPeqpuGAShOCztFjXdFcXQNUVU9gCUHRaH289jPGL0cINLY_ZrbCLiwMS1gIobbqA3mPofsyfjR7qH6r8WWyuY2RxwZ8jqLjaFJM6L0HApCL5x-dScej36sWdWBprT-ucOZaUJ_UW-EhkRfW2XUr9Ypy5k0PVjCJBHh6upLLiXjt-LZfi2Zgdv9-o1TmizI_7pmqfmPYQVRWWzmnygo8AU2P-WV0R1jhxGB27xjCNv44e0WshZjtnIyteFIQiW-dhi6mKtC6dlrhUdNxYup2w7tGV1ycTqBB4nEJ54bfe0sEYAxv0IxsDP_0jhIQDkabpqwa4bHmyJYXoExA8KYVmPj4NQWamp2vPyy95NGu-2HRXft6E2eMsEeAa5wHBuaNm4EDZC-7tc0yzZAPdIvcXpANCQcacJGvsVTXyOpgAZwEyQHmx6FMNN4P4S76wUsh2yCJUoMpXGUTSbKQ50McEHozDwdlYBlGHJdgvpybvKoxCCTZid2P_q9np8G54Q0WxysdjXWcU0iIiaafYtfiUw9JWXKixTPfzTGN3LzE_G_7lSmvutw3DrSc7ds1_9FFkPIaPYCWdCVNVQNZjCH3Z0w

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame E10A 185 KB
53 KB 59ms
12ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615212629&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615212629640&bpp=21&bdt=1226&idt=114&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=725413703565&frm=20&pv=2&ga_vid=1606654765.1615212629&ga_sid=1615212630&ga_hid=510567148&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736377%2C44736524%2C21066922%2C31060351%2C21068785&oid=3&pvsid=2033430427830441&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gALHdSZoYl&p=https%3A//news.2xclick.ru&dtd=185

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 348436
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Thu, 04 Mar 2021 13:23:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Mar 2022 13:23:14 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame E10A 12 KB
5 KB 58ms
11ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 348436
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Thu, 04 Mar 2021 13:23:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Mar 2022 13:23:14 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame E10A 87 KB
27 KB 61ms
24ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 348436
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Thu, 04 Mar 2021 13:23:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Mar 2022 13:23:14 GMT

GET
H2 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame E10A 70 KB
16 KB 58ms
22ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-animation-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ba791631934e793b9b3e99d3dc1359dcfe6dd228bf9ea807b8e89b7529f9ba6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 272659
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16397
x-xss-protection: 0
server: sffe
date: Fri, 05 Mar 2021 10:26:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "2ccf127281514232"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Mar 2022 10:26:11 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame E10A 3 KB
1 KB 57ms
21ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 348436
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Thu, 04 Mar 2021 13:23:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Mar 2022 13:23:14 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame E10A 40 KB
13 KB 61ms
27ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 348436
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Thu, 04 Mar 2021 13:23:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Mar 2022 13:23:14 GMT

GET
DATA 200
OK truncated
/ Frame E10A 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 58002fd23c5a10ec6534dc85ecddc896b2164b204db0c0bf5b12b55b4d245a66

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 SZPlus_Logo.svg
tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/ Frame E10A 4 KB
2 KB 16ms
11ms Image
image/svg+xml 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/SZPlus_Logo.svg

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a871c50b9af46203eac3c10ec31a5a4379c952d9941902e3a281ad62dd0ac7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 05:19:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 377489
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1587
x-xss-protection: 0
last-modified: Wed, 29 Apr 2020 11:18:23 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Mar 2022 05:19:01 GMT

GET
H3-Q050 200 ipad.png
tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/ Frame E10A 18 KB
18 KB 21ms
16ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/ipad.png

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b9fbd710193207493bc35f6c83d5654b021ff7f3348f558e04116d015f5f307

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 03:45:28 GMT
x-content-type-options: nosniff
age: 383102
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18881
x-xss-protection: 0
last-modified: Wed, 29 Apr 2020 11:18:23 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Mar 2022 03:45:28 GMT

GET
H3-Q050 200 phone.png
tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/ Frame E10A 10 KB
10 KB 25ms
20ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/phone.png

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50c76d6daa447e6dbce93366c95f320be4a1280627fd2d00f7a677503c446477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 06 Mar 2021 07:34:06 GMT
x-content-type-options: nosniff
age: 196584
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10509
x-xss-protection: 0
last-modified: Wed, 29 Apr 2020 11:18:23 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 06 Mar 2022 07:34:06 GMT

GET
H3-Q050 200 stoerer.svg
tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/ Frame E10A 6 KB
2 KB 20ms
15ms Image
image/svg+xml 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/stoerer.svg

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e591865fbcb696016e24a45f756c814fcdf6a3c4baf62a1e005caabb43b2419

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 19:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 325249
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2438
x-xss-protection: 0
last-modified: Wed, 29 Apr 2020 11:18:23 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Mar 2022 19:49:41 GMT

GET
H3-Q050 200 text_01.svg
tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/ Frame E10A 11 KB
4 KB 19ms
14ms Image
image/svg+xml 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/text_01.svg

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

feb9084b15077bef34f89531e897347ac121c82a56bd68df1e72ce11747ebabc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 03:45:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 383102
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3915
x-xss-protection: 0
last-modified: Wed, 29 Apr 2020 11:18:23 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Mar 2022 03:45:28 GMT

GET
H3-Q050 200 text_02.svg
tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/ Frame E10A 8 KB
3 KB 19ms
14ms Image
image/svg+xml 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/text_02.svg

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3aba15bc99e9d14033ad8c9c774652238f5d75bbab22981bb1cfd4428c6185e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 19:30:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 585602
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2836
x-xss-protection: 0
last-modified: Wed, 29 Apr 2020 11:18:23 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 01 Mar 2022 19:30:28 GMT

GET
H3-Q050 200 text_03.svg
tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/ Frame E10A 6 KB
2 KB 18ms
13ms Image
image/svg+xml 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/text_03.svg

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02680a8a95da2d91109f85ba53de1145cd4f317e98fca1b069cf9f25bb93599

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 06 Mar 2021 10:58:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 184320
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2292
x-xss-protection: 0
last-modified: Wed, 29 Apr 2020 11:18:23 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 06 Mar 2022 10:58:30 GMT

GET
H3-Q050 200 button.svg
tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/ Frame E10A 3 KB
1 KB 17ms
12ms Image
image/svg+xml 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/752118945300808594/336x280px/img/button.svg

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ad749a129e808b621b31f7b9d5b5c0f435c14bf8b64a2452a13212a210fa90e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 11:31:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 268738
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1289
x-xss-protection: 0
last-modified: Wed, 29 Apr 2020 11:18:23 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Mar 2022 11:31:32 GMT

GET
H3-Q050 200 ru.png
tpc.googlesyndication.com/pagead/images/abg/ Frame E10A 3 KB
3 KB 17ms
13ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ru.png

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 12:03:48 GMT
x-content-type-options: nosniff
server: cafe
age: 7602
etag: 6726277462267614359
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3041
x-xss-protection: 0
expires: Tue, 09 Mar 2021 12:03:48 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame E10A 344 B
560 B 15ms
10ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 09:05:20 GMT
x-content-type-options: nosniff
server: cafe
age: 18310
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Tue, 09 Mar 2021 09:05:20 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame E10A 0
67 B 47ms
43ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CJ8wyVTBGYNWpN5yDjuwPotmFyAzgntn1W4zK4K2PC_2T-J3_FhABIP2O9CVglYq4gsgHoAGci_PeAsgBCakCPfqP9dHtsz6oAwHIAwiqBLYBT9DmGuo1LikR8zoZCtOFT128GuY8pU88GYZnX1YYyiTw2T9JeNWYDU8NztQFx8nLCyY7PMvK8zwNg2ISlRGe6pd220pw5fdlSnT68zGawlHHezn94juEc5vwGZhzNR-oV-LrVvBp2DEesYk-g5Y9ndXaiq4CQcEoAcMEvcPh-mh0R0uR19sMx_Gki84691yshNjqzG602c_Te3kmr7xBxczos9wKuhUydJ6arIxtzETFO-qOdC3ABNm2k4GWApIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfM9IyhAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBRCQrpIB0ggJCIDhgBAQARgfgAoByAsB2BMNshcaChgIABIUcHViLTU4Mjg4ODM2MzQ2NjA3NzM&sigh=SGHphn6PWgA&template_id=419&tpd=AGWhJmt_ymYBUMmokN32dZ-E6wVYqdzm5i85ROg53Wf4JWZajg

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615212629&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615212629640&bpp=21&bdt=1226&idt=114&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=725413703565&frm=20&pv=2&ga_vid=1606654765.1615212629&ga_sid=1615212630&ga_hid=510567148&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736377%2C44736524%2C21066922%2C31060351%2C21068785&oid=3&pvsid=2033430427830441&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gALHdSZoYl&p=https%3A//news.2xclick.ru&dtd=185
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 08 Mar 2021 14:10:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012101070013000/ 20 KB
8 KB 57ms
43ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-host-v0.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa6baeae3cb3f5723d40c311888b0da77590b8dc1353c5c7c6e944e7f6c346ac

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 530644
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7295
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 10:46:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f6fcef8ec3898355"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 10:46:26 GMT

GET
H3-Q050 200 ru.png
tpc.googlesyndication.com/pagead/images/abg/ Frame E10A 3 KB
3 KB 11ms
10ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ru.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 12:03:48 GMT
x-content-type-options: nosniff
server: cafe
age: 7602
etag: 6726277462267614359
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3041
x-xss-protection: 0
expires: Tue, 09 Mar 2021 12:03:48 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame E10A 344 B
369 B 11ms
10ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 09:05:20 GMT
x-content-type-options: nosniff
server: cafe
age: 18310
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Tue, 09 Mar 2021 09:05:20 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame E10A 42 B
113 B 46ms
45ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvvI5nqbKNdIb69hux4X8uDTKL26y_W4Cpuj4xNw0pjboowvztdR3Z6Fl3V3u-8Tu_oyQ5HhX5yxQCEE8lPhHz88OKOG3AZc5VFFnMC86HkUiwakLPJV1XilrPckYRh2lv-YtJmsQiqAlcPLhw7cGEO&sai=AMfl-YTMM1b4NkFLzAkSKABeXI_36PRZVTOzQuP7KB8XT0D6o_04iyR4KC1tfCbnbVrK37j2_EGCNmhS5riym03qLVoU2NYHKV_4qkc&sig=Cg0ArKJSzHDpooNS06s1EAE&cid=CAASF-RoynywEkN6z9VPu4lDOwEnQz6yXh6J&id=ampim&o=1050,263&d=336,280&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=167&tls=1167&g=100&h=100&tt=1167&r=v&avms=ampa&adk=1514590946

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 14:10:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

119 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.weborama.fr/	1970-01-20 02:11:53	Name: AFFICHE_W Value: -xoNaWquY6P-11
.weborama.fr/	1970-01-19 16:40:14	Name: wbo_temps_reel Value: NDg1NzM2
.2xclick.ru/	1970-01-20 01:25:48	Name: _ym_d Value: 1615212629
.2xclick.ru/	1970-01-19 16:40:14	Name: _ym_visorc Value: w
.2xclick.ru/	1970-01-20 10:11:24	Name: _ga Value: GA1.2.1606654765.1615212629
.2xclick.ru/	1970-01-19 16:41:39	Name: _gid Value: GA1.2.877113605.1615212629
.2xclick.ru/	1970-01-19 16:41:24	Name: _ym_isad Value: 2
.2xclick.ru/	1970-01-20 01:25:48	Name: _ym_uid Value: 1615212629125303329
.2xclick.ru/	1970-01-19 16:40:12	Name: _gat Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615212629&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615212629640&bpp=21&bdt=1226&idt=114&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=725413703565&frm=20&pv=2&ga_vid=1606654765.1615212629&ga_sid=1615212630&ga_hid=510567148&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736377%2C44736524%2C21066922%2C31060351%2C21068785&oid=3&pvsid=2033430427830441&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gALHdSZoYl&p=https%3A//news.2xclick.ru&dtd=185

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
aimfar.solution.weborama.fr
backforward.bid
cdn.ampproject.org
cdn.jsdelivr.net
cm.g.doubleclick.net
cr.frontend.weborama.fr
cstatic.weborama.fr
dx.frontend.weborama.com
fonts.googleapis.com
fonts.gstatic.com
gnezdoruanalytics.solution.weborama.fr
googleads.g.doubleclick.net
ib.adnxs.com
idsync.frontend.weborama.fr
idsync.rlcdn.com
mc.webvisor.org
mc.yandex.ru
news.2xclick.ru
news.gnezdo.ru
p.crm4d.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.tapad.com
rd.frontend.weborama.fr
stats.g.doubleclick.net
sync.smartadserver.com
tpc.googlesyndication.com
wam-google.solution.weborama.fr
wam.solution.weborama.fr
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
zn2.gnezdo.news
zn2.gnezdo.ru
142.250.185.226
142.250.74.194
185.86.137.110
195.54.48.25
195.54.48.26
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2002
2a00:1450:4001:811::2001
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:812::2003
2a00:1450:4001:813::200e
2a00:1450:4001:827::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2002
2a00:1450:400c:c0c::9b
2a02:6b8::1:119
2a04:4e42:3::621
35.190.16.14
35.201.80.102
35.201.81.244
35.227.208.19
35.227.248.159
35.244.174.68
37.252.172.38
54.37.44.146
80.239.201.77
91.210.107.38
91.216.195.7
93.184.221.133
93.95.100.117
93.95.99.151
01266b002c3a5fd944f5d5a6c9a7bcedf1274ea6c9baef3d2f14457d364014da
05380d354053cfd0e7a2f0f6abd805fbfb303e487bbe67ef78ea91a278d56a96
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
0c2e51ff8d93d23a47ac9696ba28911ef3bd596e40a8d456a238219ff1607a42
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
13b5305d3842a4989f440c5590607a3c30b20276e6945f48c9061be4469ec449
194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c
1c38153acac347bda02a24b09e16db230167f0a51d6d1974ff1e505c1282bdd6
288f12fba91b5cb98bbceee4d2affe465da49ec64528bba1f3525826c771846c
2ba791631934e793b9b3e99d3dc1359dcfe6dd228bf9ea807b8e89b7529f9ba6
2c47d0f235ec7716df9225cfa5343612118acf59be4d8ff658147d8aaca85db7
3aba15bc99e9d14033ad8c9c774652238f5d75bbab22981bb1cfd4428c6185e5
3b1e4fafbf6fec14f73d211cd8b5bd72bd833af43d498327a10e6e83e2b8f2d5
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5
46704d1a7bfafce192a2e98eaeb182e762ea902e32fea7dc429bf9f13701d45e
4800664e72d4b8e85f214add4f3c7baf0be0d07d535d1b7475cfbbf6be58bad5
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4b9b5737c8859fa4566da81b0d34c3084f0d83ee7dc2ac8afab3c4ed45685d9a
4e591865fbcb696016e24a45f756c814fcdf6a3c4baf62a1e005caabb43b2419
50c76d6daa447e6dbce93366c95f320be4a1280627fd2d00f7a677503c446477
53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
549c069690860eaf53d9338be53a72a2608c21e58c462637cb4c333bafd532dd
58002fd23c5a10ec6534dc85ecddc896b2164b204db0c0bf5b12b55b4d245a66
5ad749a129e808b621b31f7b9d5b5c0f435c14bf8b64a2452a13212a210fa90e
5ebe581c00a037d79c7a51cabafb4e1e8c1c90003214d257e7d147102e975f2a
679c798fd4e7e8b2e875df662470ae6a0e01f5d8490a8d22bca5d419b30987cd
6f7c9c1828fc0b39e1f8943174430e13a6eafc5089325276c7027f19a9af447f
7a871c50b9af46203eac3c10ec31a5a4379c952d9941902e3a281ad62dd0ac7e
7c9b6709a8e84dbe42b693c653b3d691bcbf55466813d1ee50f35ee8ed9915ab
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
840f575220d6b42197251483e8b3b486bce6f7c4c4bddfff022580d3bb39ce4b
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
91a23159638a846a426eb990ec53821e49518e78924d10f45ee5178ba44de83b
95f9f7d5fc896cddb14ac87de2c177488da4249aa25c977a620cf99463d615d4
981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3
9b6b5e0c551bac6ccde502c3bf5c75d1efe6b1da975c0d251a4a17b8adcc74a5
9b9fbd710193207493bc35f6c83d5654b021ff7f3348f558e04116d015f5f307
a02680a8a95da2d91109f85ba53de1145cd4f317e98fca1b069cf9f25bb93599
a481081a94b78c96bca42783158e89685af0ffce84eaf5165903d85a205f5d88
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a665b3ad14cb2075a396c2c542ea83c928fbcfb08160330bdec73177c63cc97e
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b59d5d931ece7fab4c2378e6e3979c793f6e52e8a1bc6e7c1fa569e03d96f49f
c13a975196eba31a7bedd7eefd67e28d0b692dbfeecdceab71a2389ef4f840f2
c1f6f1027092d281d624e67f9f83460ed291ae367b558c16cd6afad7af5eba1e
c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb
c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5
cf168895b75473e4deef6e9a37d5ded455e419df68393abf1a598cc753e632d1
d36426977c5c9a2f7e81196df9ac0198158c4d641fd6c7e445b7204051c11395
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
dd06964bce4d3d30c47a19c923bae3589dcbf82614938d4ff8fd1772cdf20249
e2b04100564fd9141d7acbd40482d40a3c5b4af2cf25b2cf8726b5608841d61a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e78c14aeb9435fd03f67ad2ee4c45e18bfcfc100a4c62c8bd886324ce6296f77
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efbdf9cab6b6cf2bf7207ae4e0456c9462b2c0d4c2de76d65442de2af7253f2b
f14f0f311be5c08af353b3e92cd63227b573c543765ea016499744e1fbfc4815
f3d3d5e79c6c3971916ebb40d8f16c3d584efe53669023273eeca33928178bfe
f51c09f7389cdc5cfdbd249cc66f95f51480041e42da46e5adf088e7bea9a686
f752c9d78517ca9e04bd89d00ad15e914800aad0f8471c18b9114c620b74463b
fa6baeae3cb3f5723d40c311888b0da77590b8dc1353c5c7c6e944e7f6c346ac
feb9084b15077bef34f89531e897347ac121c82a56bd68df1e72ce11747ebabc
fec01dea2d456e76b8f9247bc17429af76c8c7f46dcfa41d8fbb2b0b27df78a1
fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

news.2xclick.ru Open in urlscan Pro 93.95.100.117 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

119 Requests

100 %HTTPS

46 %IPv6

24 Domains

37 Subdomains

32 IPs

7 Countries

674 kBTransfer

1619 kBSize

9 Cookies

8 Outgoing links

Page URL History

Redirected requests

119 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

news.2xclick.ru Open in urlscan Pro
93.95.100.117 Public Scan

Screenshot
Live screenshot

Full Image

119
Requests

100 %
HTTPS

46 %
IPv6

24
Domains

37
Subdomains

32
IPs

7
Countries

674 kB
Transfer

1619 kB
Size

9
Cookies

119 HTTP transactions
1 data transactions