xn--b1aeadq1acd6dzce.com Open in urlscan Pro Puny
выходныедни.com IDN
2606:4700:3034::681f:57d7 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://xn--b1aeadq1acd6dzce.com/
Submission: On January 08 via manual (January 8th 2021, 6:43:25 am UTC) from HK

Summary HTTP 26 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 10 domains to perform 26 HTTP transactions. The main IP is 2606:4700:3034::681f:57d7, located in United States and belongs to CLOUDFLARENET, US. The main domain is xn--b1aeadq1acd6dzce.com.

This is the only time xn--b1aeadq1acd6dzce.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	2606:4700:303... 2606:4700:3034::681f:57d7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:824::2008	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:816::2002	15169 (GOOGLE) (GOOGLE)
2	91.196.125.197 91.196.125.197	201200 (SUPERHOST...) (SUPERHOSTING_AS)
2	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
26	8

5 2606:4700:3034::681f:57d7 (United States)

ASN13335 (CLOUDFLARENET, US)

xn--b1aeadq1acd6dzce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f194.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.196.125.197 (Bulgaria)

ASN201200 (SUPERHOSTING_AS, BG)
PTR: host125-197.superhosting.bg

www.waterfallsbg.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	200 KB
5	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net	19 KB
5	xn--b1aeadq1acd6dzce.com xn--b1aeadq1acd6dzce.com	76 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	waterfallsbg.info www.waterfallsbg.info	23 KB
1	googletagservices.com www.googletagservices.com	28 KB
1	google.com adservice.google.com	803 B
1	google.de adservice.google.de	803 B
1	googleadservices.com partner.googleadservices.com	446 B
1	googletagmanager.com www.googletagmanager.com	39 KB
26	10

	Domain	Requested by
5	pagead2.googlesyndication.com	xn--b1aeadq1acd6dzce.com pagead2.googlesyndication.com
5	xn--b1aeadq1acd6dzce.com	xn--b1aeadq1acd6dzce.com
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.waterfallsbg.info	xn--b1aeadq1acd6dzce.com
1	www.googletagservices.com	pagead2.googlesyndication.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.googletagmanager.com	xn--b1aeadq1acd6dzce.com
1	securepubads.g.doubleclick.net	xn--b1aeadq1acd6dzce.com
26	12

This site contains links to these domains. Also see Links.

Domain
government.ru

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh

This page contains 6 frames:

Primary Page: http://xn--b1aeadq1acd6dzce.com/
Frame ID: F4A85E616991667FAB56FC9934E930BF
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html
Frame ID: 8C4B6BE1FC58884CB3DC66EEAB636B7E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1784742484268469&output=html&adk=1812271804&adf=3025194257&lmt=1608595266&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=http%3A%2F%2Fxn--b1aeadq1acd6dzce.com%2F&ea=0&flash=0&pra=5&wgl=1&dt=1610088187946&bpp=10&bdt=72&idt=171&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=565461142841&frm=20&pv=2&ga_vid=178603677.1610088188&ga_sid=1610088188&ga_hid=1156627934&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21068769&oid=3&pvsid=2883266921653150&pem=456&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=23&ifi=0&uci=a!0&fsb=1&dtd=185
Frame ID: 88B956E517D64F62C7B745999113B1B3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1784742484268469&output=html&h=280&slotname=8231589563&adk=3174530412&adf=392815488&pi=t.ma~as.8231589563&w=780&fwrn=4&fwrnh=100&lmt=1608595266&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fxn--b1aeadq1acd6dzce.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1610088187964&bpp=51&bdt=90&idt=173&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=565461142841&frm=20&pv=1&ga_vid=178603677.1610088188&ga_sid=1610088188&ga_hid=1156627934&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=410&ady=152&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21068769&oid=3&pvsid=2883266921653150&pem=456&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=23&ifi=1&uci=a!1&fsb=1&xpc=jSDA7o9Hlx&p=http%3A//xn--b1aeadq1acd6dzce.com&dtd=179
Frame ID: A4E152272D2A45E94BBC492563C4254E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html?fsb=1
Frame ID: F5C908150FE9BE8CFD1444994CCFBF7A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/220/runner.html
Frame ID: AAF1118B87EB35ABE3D42BC0D83B6FB6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /react.*\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

26
Requests

73 %
HTTPS

75 %
IPv6

10
Domains

12
Subdomains

8
IPs

3
Countries

405 kB
Transfer

1001 kB
Size

8
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://government.ru/news/
Title: Российская трехсторонняя комиссия по регулированию социально-трудовых отношений

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
xn--b1aeadq1acd6dzce.com/ 59 KB
7 KB 109ms
91ms Document
text/html 2606:4700:3034::681f:57d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://xn--b1aeadq1acd6dzce.com/
Protocol: HTTP/1.1
Server: 2606:4700:3034::681f:57d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dff979be7fd746211f34d583b6ece2ab9bc1e59d2d6891768ba78d79a4770bc1

Request headers

Host: xn--b1aeadq1acd6dzce.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 08 Jan 2021 06:43:07 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dcfcb9b8119981145192a93a3e8ec8a301610088187; expires=Sun, 07-Feb-21 06:43:07 GMT; path=/; domain=.xn--b1aeadq1acd6dzce.com; HttpOnly; SameSite=Lax
Last-Modified: Tue, 22 Dec 2020 00:01:06 GMT
Cache-Control: max-age=172800
Expires: Sun, 10 Jan 2021 06:43:07 GMT
Vary: Accept-Encoding,User-Agent
CF-Cache-Status: DYNAMIC
cf-request-id: 0782551f85000064af7e2ff000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dm2RD5eUS088iKjxl4HacoUCx0ZdMv4s0tIqgvO08gqa0BgYN6%2BVYUT8meyo3VEA9fWca%2FU6w0ovGyYcoLH%2FfmhCiSQJtAR%2B%2BoyWdMmiXgWqSqxB%2Bn%2BGmeBkcDb5oz%2F%2BQwJM7kk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 60e3f145aa4364af-FRA
Content-Encoding: gzip

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 55 KB
19 KB 42ms
15ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: xn--b1aeadq1acd6dzce.com
URL: http://xn--b1aeadq1acd6dzce.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

sffe /

Resource Hash

f2d9747765f283084ad195a870af26f35eea135e5cd7d835661b847f6b58b897

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 08 Jan 2021 06:43:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "748 / 613 of 1000 / last-modified: 1610060980"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18995
x-xss-protection: 0
expires: Fri, 08 Jan 2021 06:43:07 GMT

GET
H/1.1 200
OK style.css
xn--b1aeadq1acd6dzce.com/ 4 KB
2 KB 81ms
79ms Stylesheet
text/css 2606:4700:3034::681f:57d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://xn--b1aeadq1acd6dzce.com/style.css
Requested by: Host: xn--b1aeadq1acd6dzce.com
URL: http://xn--b1aeadq1acd6dzce.com/
Protocol: HTTP/1.1
Server: 2606:4700:3034::681f:57d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2be8b0b12229029922bccca4ef0ece47ca55b1acab4eb2c54dabd9beca66643

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 08 Jan 2021 06:43:07 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 1092
cf-request-id: 0782551feb000064af818dd000000001
Last-Modified: Mon, 21 Dec 2020 23:57:48 GMT
Server: cloudflare
ETag: "4b43247-e45-5b70239a95b69-gzip"
Vary: Accept-Encoding,User-Agent
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YXIaOXf2WGUvopU6M59F%2BbVErYHdqTUe3CRR35IAPpl271Qbk7Lc%2B5tP5Ca3aDBjteefbHICpF245sihpPyABeIB3w819%2BYshfTYplzx3EBUIuaGJVhQYTwzcvspuprM4UYb5eg%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=2592000
Accept-Ranges: bytes
CF-RAY: 60e3f1464a6f64af-FRA
Expires: Sun, 07 Feb 2021 06:43:07 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 132 KB
47 KB 43ms
20ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: xn--b1aeadq1acd6dzce.com
URL: http://xn--b1aeadq1acd6dzce.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c90fce3b8721f94c384cd5295093bf1aac90eed5e2e258588733072ce99220b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 08 Jan 2021 06:43:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 47067
x-xss-protection: 0
server: cafe
etag: 1050792658032310446
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 08 Jan 2021 06:43:07 GMT

GET
H/1.1 200
OK email-decode.min.js Show response
xn--b1aeadq1acd6dzce.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 18ms
12ms Script
application/javascript 2606:4700:3034::681f:57d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://xn--b1aeadq1acd6dzce.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: xn--b1aeadq1acd6dzce.com
URL: http://xn--b1aeadq1acd6dzce.com/

Protocol

HTTP/1.1

Server

2606:4700:3034::681f:57d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 08 Jan 2021 06:43:07 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
NEL: {"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cf-request-id: 0782551fee00001776ae8da000000001
Last-Modified: Thu, 17 Dec 2020 18:39:38 GMT
Server: cloudflare
ETag: W/"5fdba5ea-4d7"
X-Frame-Options: DENY
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4h3nnq8vBiXUmQMaWN7zwDQn6rrqz1%2Fkn6GNuL7w1fC5xgeicudVbYh%2BeDE%2B31sf7gf%2F5bRHXDTA15WH1oINwOepI5y5yebe2Z9vBPzbo%2FHFnNRf8assVH%2FQS4iFBbvgwOzB%2Fcg%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=172800, public
CF-RAY: 60e3f1464ab21776-FRA
Expires: Sun, 10 Jan 2021 06:43:07 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
39 KB 52ms
30ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-90597094-1

Requested by

Host: xn--b1aeadq1acd6dzce.com
URL: http://xn--b1aeadq1acd6dzce.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

23e66d8f32fabe8ec992ae2823f09a4b4ec4487fdf68db003baf6b1db4916124

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 08 Jan 2021 06:43:07 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38975
x-xss-protection: 0
last-modified: Fri, 08 Jan 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 08 Jan 2021 06:43:07 GMT

GET
H2 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/ 234 KB
88 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe5d97969e5d98e03eaacc671edb2e30373f05070f5a37d69f5a5f6f91b79149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 08 Jan 2021 06:43:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 89527
x-xss-protection: 0
server: cafe
etag: 1810063338415286733
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jan 2021 06:43:07 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/ Frame 8C4B 0
0 25ms
6ms Document
text/html 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20201203/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--b1aeadq1acd6dzce.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://xn--b1aeadq1acd6dzce.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 07 Jan 2021 10:01:15 GMT
expires: Thu, 21 Jan 2021 10:01:15 GMT
content-type: text/html; charset=UTF-8
etag: 10723747146953794269
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4923
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 74512
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK logo_vihodnie_dni.jpg
xn--b1aeadq1acd6dzce.com/images/ 4 KB
4 KB 71ms
71ms Image
image/jpeg 2606:4700:3034::681f:57d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://xn--b1aeadq1acd6dzce.com/images/logo_vihodnie_dni.jpg
Requested by: Host: xn--b1aeadq1acd6dzce.com
URL: http://xn--b1aeadq1acd6dzce.com/style.css
Protocol: HTTP/1.1
Server: 2606:4700:3034::681f:57d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51994f558dce25a2d0f1cc412b690caa8f1fca33bf8081e1c29bdb3bedc31179

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 08 Jan 2021 06:43:08 GMT
CF-Cache-Status: MISS
NEL: {"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 3730
cf-request-id: 0782552041000064af8a3a3000000001
Last-Modified: Mon, 21 Dec 2020 22:43:28 GMT
Server: cloudflare
ETag: "4b800e4-e92-5b7012fc76400"
Vary: User-Agent, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=U5S55ehJkbjnpvamltAJCHbAAsFsAqc7eM8MVoNqvQnvE5FKI2sKYFJOuocHjLymFjFv5JiWrz5nTeD2Bj3dVjwQFzIxle6edX52wf%2FmhiN4%2BKyEK5vJ7ggBBDozhSa%2FlrKa%2F9s%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 60e3f146ca9f64af-FRA
Expires: Sat, 08 Jan 2022 06:43:07 GMT

GET
H/1.1 200
OK vihodnie_dni_logo.jpg
xn--b1aeadq1acd6dzce.com/images/ 61 KB
62 KB 129ms
129ms Image
image/jpeg 2606:4700:3034::681f:57d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://xn--b1aeadq1acd6dzce.com/images/vihodnie_dni_logo.jpg
Requested by: Host: xn--b1aeadq1acd6dzce.com
URL: http://xn--b1aeadq1acd6dzce.com/style.css
Protocol: HTTP/1.1
Server: 2606:4700:3034::681f:57d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b6d774feda70c7edd696757dc31542334c83d8a808183087147e0a1cdb6d30f

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 08 Jan 2021 06:43:08 GMT
CF-Cache-Status: MISS
NEL: {"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 62842
cf-request-id: 078255207400001776b0066000000001
Last-Modified: Mon, 21 Dec 2020 22:43:12 GMT
Server: cloudflare
ETag: "4b80214-f57a-5b7012ed34000"
Vary: User-Agent, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6u84tfU9atJccY14nf0jz%2FzLyzT%2BrTZBcd4S6TIWc%2FQ4UBOYrUjmd0Lbv7DpBJXB7VA3eQmPe8nvTcH8Y7bC5oxGBqp%2FbnSc3%2BzoyXRk%2FNelf2sqwrumYUXa%2BABGky2l9JgohBc%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 60e3f1472bd31776-FRA
Expires: Sat, 08 Jan 2022 06:43:07 GMT

GET
H/1.1 200
OK matomo.js Show response
www.waterfallsbg.info/piwik/matomo/ 65 KB
22 KB 158ms
63ms Script
application/javascript 91.196.125.197
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.waterfallsbg.info/piwik/matomo/matomo.js
Requested by: Host: xn--b1aeadq1acd6dzce.com
URL: http://xn--b1aeadq1acd6dzce.com/
Protocol: HTTP/1.1
Server: 91.196.125.197 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: host125-197.superhosting.bg
Software: Apache /
Resource Hash: b79aea3a2937518e377f2d5506b50b1b90410a2418db03e0a4fd676cbd488375

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 08 Jan 2021 06:43:06 GMT
Content-Encoding: gzip
Last-Modified: Sat, 26 Jan 2019 16:08:15 GMT
Server: Apache
ETag: "4ca0a9b-10414-5805ea6aa5591-gzip"
Vary: Accept-Encoding,User-Agent
Upgrade: h2,h2c
Cache-Control: max-age=172800
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=5, max=100
Content-Length: 22480
Expires: Sun, 10 Jan 2021 06:43:06 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-90597094-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 4287
date: Fri, 08 Jan 2021 05:31:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Fri, 08 Jan 2021 07:31:41 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 214 B
446 B 16ms
15ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=xn--b1aeadq1acd6dzce.com&callback=_gfp_s_&client=ca-pub-1784742484268469

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

181fc56a3a7d1c91a1296b39a8c0ac8faeca97313dbe5d0be7ee1cd4ff7f9f33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 08 Jan 2021 06:43:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 200
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
803 B 35ms
14ms Script
application/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=xn--b1aeadq1acd6dzce.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 08 Jan 2021 06:43:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
803 B 35ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=xn--b1aeadq1acd6dzce.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 08 Jan 2021 06:43:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 88B9 0
0 277ms
276ms Document
text/html 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1784742484268469&output=html&adk=1812271804&adf=3025194257&lmt=1608595266&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=http%3A%2F%2Fxn--b1aeadq1acd6dzce.com%2F&ea=0&flash=0&pra=5&wgl=1&dt=1610088187946&bpp=10&bdt=72&idt=171&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=565461142841&frm=20&pv=2&ga_vid=178603677.1610088188&ga_sid=1610088188&ga_hid=1156627934&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21068769&oid=3&pvsid=2883266921653150&pem=456&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=23&ifi=0&uci=a!0&fsb=1&dtd=185

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1784742484268469&output=html&adk=1812271804&adf=3025194257&lmt=1608595266&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=http%3A%2F%2Fxn--b1aeadq1acd6dzce.com%2F&ea=0&flash=0&pra=5&wgl=1&dt=1610088187946&bpp=10&bdt=72&idt=171&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=565461142841&frm=20&pv=2&ga_vid=178603677.1610088188&ga_sid=1610088188&ga_hid=1156627934&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21068769&oid=3&pvsid=2883266921653150&pem=456&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=23&ifi=0&uci=a!0&fsb=1&dtd=185
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--b1aeadq1acd6dzce.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://xn--b1aeadq1acd6dzce.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 08 Jan 2021 06:43:08 GMT
server: cafe
content-length: 40313
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 08-Jan-2021 06:58:08 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Fri, 08 Jan 2021 06:43:08 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a2c24123bf9e2d278064a1c1596653f626b24deeda2c4422de8882840f82e83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 08 Jan 2021 06:43:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1609936916402840"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28340
x-xss-protection: 0
expires: Fri, 08 Jan 2021 06:43:08 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame A4E1 0
0 345ms
344ms Document
text/html 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1784742484268469&output=html&h=280&slotname=8231589563&adk=3174530412&adf=392815488&pi=t.ma~as.8231589563&w=780&fwrn=4&fwrnh=100&lmt=1608595266&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fxn--b1aeadq1acd6dzce.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1610088187964&bpp=51&bdt=90&idt=173&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=565461142841&frm=20&pv=1&ga_vid=178603677.1610088188&ga_sid=1610088188&ga_hid=1156627934&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=410&ady=152&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21068769&oid=3&pvsid=2883266921653150&pem=456&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=23&ifi=1&uci=a!1&fsb=1&xpc=jSDA7o9Hlx&p=http%3A//xn--b1aeadq1acd6dzce.com&dtd=179

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1784742484268469&output=html&h=280&slotname=8231589563&adk=3174530412&adf=392815488&pi=t.ma~as.8231589563&w=780&fwrn=4&fwrnh=100&lmt=1608595266&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fxn--b1aeadq1acd6dzce.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1610088187964&bpp=51&bdt=90&idt=173&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=565461142841&frm=20&pv=1&ga_vid=178603677.1610088188&ga_sid=1610088188&ga_hid=1156627934&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=410&ady=152&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21068769&oid=3&pvsid=2883266921653150&pem=456&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=23&ifi=1&uci=a!1&fsb=1&xpc=jSDA7o9Hlx&p=http%3A//xn--b1aeadq1acd6dzce.com&dtd=179
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--b1aeadq1acd6dzce.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://xn--b1aeadq1acd6dzce.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 08 Jan 2021 06:43:08 GMT
server: cafe
content-length: 206
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 08-Jan-2021 06:58:08 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Fri, 08 Jan 2021 06:43:08 GMT
cache-control: private

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
393 B 46ms
13ms XHR
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1156627934&t=pageview&_s=1&dl=http%3A%2F%2Fxn--b1aeadq1acd6dzce.com%2F&ul=en-us&de=UTF-8&dt=%F0%9F%A5%87%20%D0%9F%D0%A0%D0%90%D0%97%D0%94%D0%9D%D0%98%D0%9A%D0%98%202021%20%D0%98%20%D0%92%D0%AB%D0%A5%D0%9E%D0%94%D0%9D%D0%AB%D0%95%20%D0%94%D0%9D%D0%98%20-%20%D0%9A%D0%B0%D0%BB%D0%B5%D0%BD%D0%B4%D0%B0%D1%80&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAUABAAAAAC~&jid=609321331&gjid=745197330&cid=178603677.1610088188&tid=UA-90597094-1&_gid=187955378.1610088188&_r=1&gtm=2oubu0&z=1202218687

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 08 Jan 2021 06:43:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://xn--b1aeadq1acd6dzce.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK matomo.php
www.waterfallsbg.info/piwik/matomo/ 43 B
350 B 76ms
76ms Image
image/gif 91.196.125.197
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.waterfallsbg.info/piwik/matomo/matomo.php?action_name=%F0%9F%A5%87%20%D0%9F%D0%A0%D0%90%D0%97%D0%94%D0%9D%D0%98%D0%9A%D0%98%202021%20%D0%98%20%D0%92%D0%AB%D0%A5%D0%9E%D0%94%D0%9D%D0%AB%D0%95%20%D0%94%D0%9D%D0%98%20-%20%D0%9A%D0%B0%D0%BB%D0%B5%D0%BD%D0%B4%D0%B0%D1%80&idsite=31&rec=1&r=957991&h=7&m=43&s=8&url=http%3A%2F%2Fxn--b1aeadq1acd6dzce.com%2F&_id=18a05271e5f45521&_idts=1610088188&_idvc=1&_idn=0&_refts=0&_viewts=1610088188&send_image=1&cookie=1&res=1600x1200&gt_ms=92&pv_id=oIHipR
Requested by: Host: xn--b1aeadq1acd6dzce.com
URL: http://xn--b1aeadq1acd6dzce.com/
Protocol: HTTP/1.1
Server: 91.196.125.197 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: host125-197.superhosting.bg
Software: Apache /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 08 Jan 2021 06:43:06 GMT
Server: Apache
Vary: User-Agent
Content-Type: image/gif
Cache-Control: no-store, max-age=31536000
Transfer-Encoding: chunked
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Expires: Sat, 08 Jan 2022 06:43:06 GMT

GET
H3-Q050 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/ 145 KB
52 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/reactive_library_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f3b0e1ed6cb79ccf93702fd66f2371d4f73de62937c237270b7d70f25300bda1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 08 Jan 2021 06:43:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 53263
x-xss-protection: 0
server: cafe
etag: 8848748755015014073
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Jan 2021 06:43:08 GMT

GET
H3-Q050 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/ Frame F5C9 0
0 6ms
5ms Document
text/html 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20201203/r20190131/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--b1aeadq1acd6dzce.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://xn--b1aeadq1acd6dzce.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 07 Jan 2021 18:46:21 GMT
expires: Thu, 21 Jan 2021 18:46:21 GMT
content-type: text/html; charset=UTF-8
etag: 10723747146953794269
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4923
x-xss-protection: 0
age: 43007
cache-control: public, max-age=1209600
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 45ms
32ms XHR
application/json 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201203&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

032c2ce2217f27d5fc63475be6b9bf287bee75e09818483d1b68a370a3585428

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 08 Jan 2021 06:43:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6353
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

baf04ff369a96d4bb7228e99a65163de20845bf23826295dd3471afd3cee9ee5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 08 Jan 2021 06:43:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1607463675096825"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6146
x-xss-protection: 0
expires: Fri, 08 Jan 2021 06:43:08 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/220/ Frame AAF1 0
0 6ms
6ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/220/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/220/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--b1aeadq1acd6dzce.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://xn--b1aeadq1acd6dzce.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4868
date: Thu, 07 Jan 2021 23:40:03 GMT
expires: Fri, 07 Jan 2022 23:40:03 GMT
last-modified: Tue, 27 Oct 2020 18:37:37 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 25385
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
88 B 15ms
14ms Image
image/gif 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=220&t=2&li=gda_r20201203&jk=2883266921653150&bg=!-_il-NjNAAUbEDgJG1jOQDvVdhIPLgIAAABjUgAAAAxoAQcKAX9oLsIpSlEQJYupG15wkUPbKyHW54ne_PHakBF9i23Vv2MwAyUZGlotMRQzsRASxwlvpnzUq9CPmuOR1zRTgJc4n3-TJNeuuc98w4lpYCaVox1Tbj4nCJNGAR3CpMsYza004cC0nPMd3cwWfF3NIJhSDWw2sZsBkgYnOHhb6crIr72EWpBFaITcbOubRG4B0jGT2j599Krit0pNc4Hofyc40hIvkRbfulzYpQM5bZFBZKgA5_7RizgfXaGXY3kOPK28bqXyW2hgXOQYymZcnesUlGP4937CjO1BTeK-zwS0GqGHilutsTcs2gvnwiHMKZWqKbXCyz7XfaKl43G-mSmQvh0DLRytKCxiDdFzZ9tFSjs3ee12wpEdNv138VVnBz5IHIQpBVncS6iDSMBQd89amJKCqF90YC2WZ6gpEaijHgoHLPLsCJepsmTn70t0xZ-t_suS1TkuLa-HXuiGQZhxy4ilrdfUj_sz2homYT0UPgQ_hyZzgWbRlzyp4dRNJJkBwGBc2e14CyMaZn309VABepW_6I84XzYODJGtklJReKZg01rS1JETAXSzkDlApgG65qbUZk-KNYXsXFtQcCZLdMTK8Xli1v38qVL0UpU9Sh2LvuFCam-Bdb4BGgX30Yd24t-jXwtCvxFBsHzNomho4f4Z42YIxLKkYBbRTxCtbWRtHePOdOkNN7xjN7QhE4cpX5-RB1eX1xeS-GN-9_kAvXa6cGdIIEWBXMKsffIL8aCRW82xzpU2VF8n4pV8tuGdcvJLS4MR9ld7EsdoaGsIEKqN2vwb3PhwgxYKUZaoj3ZJElmZYng-ap8WMfIU-Ar2CUrv6p6rgz7ejJIJvI5dlz33CP75-iLzoSAPkgFZKFa5VxbRtSuvFoy0ZhGHSlQ4uQK3uB6MDGJbniXao6MWTIIeTtJLDXfPJqecNYy67qwISdVAMAPVCi1nTKhCecQekTnP5Gk8T6MYSoLucLo6DCEvXWBz6bGoAive06cNzVIsvVxhvWDtcgVxJD4VDOebm4hjwxEOhVsNse8XUD12Ny5p2tdUy1-gIWs90U5PjuLqDdGjf6k1eVEOtVxxD2bX0ytc4heZbSV8XO_h9C7Ylgc

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--b1aeadq1acd6dzce.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Jan 2021 06:43:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 15:14:49	Name: test_cookie Value: CheckForPermission
xn--b1aeadq1acd6dzce.com/	1970-01-19 15:14:49	Name: _pk_ses.31.6df5 Value: *
xn--b1aeadq1acd6dzce.com/	1970-01-20 00:40:43	Name: _pk_id.31.6df5 Value: 18a05271e5f45521.1610088188.1.1610088188.1610088188.
.xn--b1aeadq1acd6dzce.com/	1970-01-19 15:14:48	Name: _gat_gtag_UA_90597094_1 Value: 1
.xn--b1aeadq1acd6dzce.com/	1970-01-19 15:16:14	Name: _gid Value: GA1.2.187955378.1610088188
.xn--b1aeadq1acd6dzce.com/	1970-01-20 08:46:00	Name: _ga Value: GA1.2.178603677.1610088188
.xn--b1aeadq1acd6dzce.com/	1970-01-20 00:36:24	Name: __gads Value: ID=39361da3756f2df8-228c995584b900ee:T=1610088188:RT=1610088188:S=ALNI_Mb44ZO21fpyHvEJq3bfzNz22pG2Gg
.xn--b1aeadq1acd6dzce.com/	1970-01-19 15:58:00	Name: __cfduid Value: dcfcb9b8119981145192a93a3e8ec8a301610088187

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
www.waterfallsbg.info
xn--b1aeadq1acd6dzce.com
172.217.16.194
2606:4700:3034::681f:57d7
2a00:1450:4001:801::2002
2a00:1450:4001:801::200e
2a00:1450:4001:808::2001
2a00:1450:4001:816::2002
2a00:1450:4001:824::2008
91.196.125.197
032c2ce2217f27d5fc63475be6b9bf287bee75e09818483d1b68a370a3585428
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
181fc56a3a7d1c91a1296b39a8c0ac8faeca97313dbe5d0be7ee1cd4ff7f9f33
23e66d8f32fabe8ec992ae2823f09a4b4ec4487fdf68db003baf6b1db4916124
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
51994f558dce25a2d0f1cc412b690caa8f1fca33bf8081e1c29bdb3bedc31179
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5c90fce3b8721f94c384cd5295093bf1aac90eed5e2e258588733072ce99220b
6b6d774feda70c7edd696757dc31542334c83d8a808183087147e0a1cdb6d30f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7a2c24123bf9e2d278064a1c1596653f626b24deeda2c4422de8882840f82e83
b79aea3a2937518e377f2d5506b50b1b90410a2418db03e0a4fd676cbd488375
baf04ff369a96d4bb7228e99a65163de20845bf23826295dd3471afd3cee9ee5
c2be8b0b12229029922bccca4ef0ece47ca55b1acab4eb2c54dabd9beca66643
dff979be7fd746211f34d583b6ece2ab9bc1e59d2d6891768ba78d79a4770bc1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
f2d9747765f283084ad195a870af26f35eea135e5cd7d835661b847f6b58b897
f3b0e1ed6cb79ccf93702fd66f2371d4f73de62937c237270b7d70f25300bda1
fe5d97969e5d98e03eaacc671edb2e30373f05070f5a37d69f5a5f6f91b79149

xn--b1aeadq1acd6dzce.com Open in urlscan Pro Puny выходныедни.com IDN 2606:4700:3034::681f:57d7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

26 Requests

73 %HTTPS

75 %IPv6

10 Domains

12 Subdomains

8 IPs

3 Countries

405 kBTransfer

1001 kBSize

8 Cookies

1 Outgoing links

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

8 Cookies

Indicators

xn--b1aeadq1acd6dzce.com Open in urlscan Pro Puny
выходныедни.com IDN
2606:4700:3034::681f:57d7 Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

73 %
HTTPS

75 %
IPv6

10
Domains

12
Subdomains

8
IPs

3
Countries

405 kB
Transfer

1001 kB
Size

8
Cookies

26 HTTP transactions
0 data transactions