rvawex.ru.com Open in urlscan Pro
51.68.106.168 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://delivery.handwrittenstudynotes.com/BMLKIQUJHGNW?id=174124=IBhTVQNQCVRWGVJfVAJUWgAAD1kFUV0JA1APVlUFDlFUXVZWDQUJBAEAB19WBgZbCQJKVVNeC...
Effective URL:
https://rvawex.ru.com/mmiri/lib/index.php
Submission: On June 20 via manual (June 20th 2023, 8:01:47 am UTC) from IT — Scanned from IT

Summary HTTP 50 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 19 IPs in 5 countries across 13 domains to perform 50 HTTP transactions. The main IP is 51.68.106.168, located in France and belongs to OVH, FR. The main domain is rvawex.ru.com.
TLS certificate: Issued by R3 on June 10th 2023. Valid for: 3 months.

This is the only time rvawex.ru.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Libero (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.117.197.73 34.117.197.73	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
8	51.68.106.168 51.68.106.168	16276 (OVH) (OVH)
1	213.209.30.161 213.209.30.161	8660 (MATRIX-AS) (MATRIX-AS)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	52.28.213.225 52.28.213.225	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	13.225.78.19 13.225.78.19	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
2	54.154.68.54 54.154.68.54	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:223... 2600:9000:223f:c00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2600:1f18:1ac... 2600:1f18:1aca:4281:9272:5c37:e8e:834a	14618 (AMAZON-AES) (AMAZON-AES)
50	19

1 34.117.197.73 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 73.197.117.34.bc.googleusercontent.com

delivery.handwrittenstudynotes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 51.68.106.168 (France)

ASN16276 (OVH, FR)
PTR: server13.conferencenews.buzz

rvawex.ru.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.209.30.161 (Assago, Italy)

ASN8660 (MATRIX-AS, IT)

www.iolam.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.28.213.225 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-213-225.eu-central-1.compute.amazonaws.com

italiaonline.profiles.tagger.opecloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

e43d0093eb790c5d856e15c44e249f07.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-19.fra2.r.cloudfront.net

i3.plug.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.154.68.54 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-68-54.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:c00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:1f18:1aca:4281:9272:5c37:e8e:834a (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	adsafeprotected.com pixel.adsafeprotected.com — Cisco Umbrella Rank: 745 static.adsafeprotected.com — Cisco Umbrella Rank: 628 dt.adsafeprotected.com — Cisco Umbrella Rank: 557	101 KB
9	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 133 e43d0093eb790c5d856e15c44e249f07.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 155	100 KB
8	ru.com rvawex.ru.com	270 KB
6	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 219	168 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 107 www.google.com — Cisco Umbrella Rank: 3	2 KB
2	gstatic.com fonts.gstatic.com	32 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 422 fonts.googleapis.com — Cisco Umbrella Rank: 80	32 KB
1	plug.it i3.plug.it — Cisco Umbrella Rank: 764241	913 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 207	56 KB
1	opecloud.com italiaonline.profiles.tagger.opecloud.com — Cisco Umbrella Rank: 273427
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 263	8 KB
1	iolam.it www.iolam.it — Cisco Umbrella Rank: 308653	139 KB
1	handwrittenstudynotes.com 1 redirects delivery.handwrittenstudynotes.com	456 B
50	13

	Domain	Requested by
10	dt.adsafeprotected.com
8	rvawex.ru.com	rvawex.ru.com
6	securepubads.g.doubleclick.net	rvawex.ru.com securepubads.g.doubleclick.net www.googletagservices.com
4	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
2	static.adsafeprotected.com	pixel.adsafeprotected.com rvawex.ru.com
2	pixel.adsafeprotected.com	rvawex.ru.com
2	fonts.gstatic.com	fonts.googleapis.com
1	www.google.com	tpc.googlesyndication.com
1	i3.plug.it
1	www.googletagservices.com	securepubads.g.doubleclick.net
1	e43d0093eb790c5d856e15c44e249f07.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	italiaonline.profiles.tagger.opecloud.com	rvawex.ru.com
1	fonts.googleapis.com	rvawex.ru.com
1	cdnjs.cloudflare.com	rvawex.ru.com
1	ajax.googleapis.com	rvawex.ru.com
1	www.iolam.it	rvawex.ru.com
1	delivery.handwrittenstudynotes.com	1 redirects
50	19

This site contains links to these domains. Also see Links.

Domain
adclick.g.doubleclick.net

Subject Issuer	Validity	Valid
rvawex.ru.com R3	`2023-06-10` - `2023-09-08`	3 months	crt.sh
www.iolam.it Sectigo RSA Domain Validation Secure Server CA	`2023-01-09` - `2024-02-03`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.profiles.tagger.opecloud.com Amazon RSA 2048 M01	`2023-02-10` - `2024-01-25`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.plug.it Sectigo RSA Domain Validation Secure Server CA	`2022-12-05` - `2024-01-05`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://rvawex.ru.com/mmiri/lib/index.php
Frame ID: DE0F7FB74D28819D35C38943B0D7B4DD
Requests: 37 HTTP requests in this frame

Frame: https://e43d0093eb790c5d856e15c44e249f07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 58BCF2F4673986015F87F56CC11A7A07
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvNHU8OnzWPqkzQlqKG4s2ntCN88fQxBuMfMNrFyVuX06xkgJ8pqX6QJhq87wdOP2hYmAXuDKBveLG3APTYllI4WFrg7js_hNwPcv-ojdz0-15JkD33Cq_RC_p8Bd5_z4qeMHhUbKpcgre2oGu-YPzKekV4ipNUQzyAS-T3a1Hm3-RVyqRHq70OlSOFsyRm4m-rHFSdNaLLiF_cFURVWod6H99pP5-yHMYWxlHxQGT7FNCEgwbdaoQ62urFLiDuhT30yQcX32kDXYRaxUo6Ry2hIAgRhCb3YYvIJxjpTVO0v4TO1bd2SmvkUrIYdCHLO5avOmWBJ8jOHvr8dKIcL3px0LhWXg&sai=AMfl-YSjdwfHEIjoVQycmgFiS299b74hYxshjbUtjbgbTzC9JckmMHQWWoVSSuKupxLdpc1DYy3Fqayeav8PYRS3LXa7eUTRmQDHEIQJGnHhW62wE0OY66wE7FJzBWQRgEe57_A63fsRGHXFUoCAblE&sig=Cg0ArKJSzEhG3Xjtt9fYEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 60BB76268729E6314D6192EE9952054C
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 27D657E6764F15B3E5ACF446D65DD2EE
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AF12BB1A88D679617E8CDA06202173F9
Requests: 2 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=926174&campId=1540x1024&pubId=38840327&chanId=131213447&placementId=6276855270&pubCreative=138429738624&pubOrder=2934514703&cb=554974440&impId=&ias_adpath=%23adv_click
Frame ID: 29B13B98957A6A63F3F4315624EB41F3
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: DF1078E7B0884D5E79A84828580B379F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Libero Mail - login

Page URL History Show full URLs

http://delivery.handwrittenstudynotes.com/BMLKIQUJHGNW?id=174124=IBhTVQNQCVRWGVJfVAJUWgAAD1kFUV0JA1APVlUFDlFUXVZWDQUJB... HTTP 302
https://rvawex.ru.com/mmiri/lib/index.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

50
Requests

96 %
HTTPS

68 %
IPv6

13
Domains

19
Subdomains

19
IPs

5
Countries

907 kB
Transfer

2045 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjssAKhmu94fDvXM-QARP3UGAaQCrfMjun4RxhT5Z0OzkDCZ02wrCv0lTnxTXb7Mc9mk84qaCubkpYjVLa9n1bsz-0YBrvUoQgCxOlv-eAkRmaMPfeVbMukE11KyiO0qM8VjyBOBHytChFLABsgnxspCmPqST12TkDxgaDh2Zc9TaJMl9dsEzkbnNwNZnJ_K_FY3MkcsRxnxxACRBf0UHO-ZkVECsgKv5MvSAx8Fi_3ZVNz6PAOATiuT_AgBeOViWo9LqvDHo7mWUCPRupzWiHs3HDinGmQaH0IwMqPvv3ZdhwTBmpkcceib5zmwPkSrdmp-wHyGwRH1JwuKQaL0Feg&sai=AMfl-YQep-tJxx2rI0MfN1Vkni-xHzx1r8G3L0t2IqzUFjl2kl_2SHnCgE2ngqzDLiRqgAyrAWwg2blcvoSbxg0u7v5E6uUvHZfvGBQ2TuY_No9DFoV51D9TlSq80gtF1QZrSLvt9b7QyiHs68teUOA&sig=Cg0ArKJSzFTheIUx4NvREAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=https://www.paginegialle.it/inserisci_attivita%3F%26source%3Dld_vetpg_aut_mc_far%26from%3Dld_vetpg_aut_mc_far%26utm_source%3Diol_ron_pg_aut_mc%26utm_medium%3Ddisplay%26utm_campaign%3Dld_vetpg_aut_mc_far

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://delivery.handwrittenstudynotes.com/BMLKIQUJHGNW?id=174124=IBhTVQNQCVRWGVJfVAJUWgAAD1kFUV0JA1APVlUFDlFUXVZWDQUJBAEAB19WBgZbCQJKVVNeC19xDlBVUkFXGQoQH1UCXA9UUlUEDwMBXFUJVwUITl0QREFYFhhTVlReFQERHRoMWQgGEkVQQ0IBDEISQ1xLWwtEVBEXVFheF3UuKCgtZTFyLiUrYAZeUhgUAg==&fl=CxAXFEdeF0kQE1ZOUk5KEERIVVdfGgldWBBQGFtaWhgKCgcBTEpIDhI= HTTP 302
https://rvawex.ru.com/mmiri/lib/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request index.php Show response
rvawex.ru.com/mmiri/lib/
Redirect Chain

http://delivery.handwrittenstudynotes.com/BMLKIQUJHGNW?id=174124=IBhTVQNQCVRWGVJfVAJUWgAAD1kFUV0JA1APVlUFDlFUXVZWDQUJBAEAB19WBgZbCQJKVVNeC19xDlBVUkFXGQoQH1UCXA9UUlUEDwMBXFUJVwUITl0QREFYFhhTVlReFQER...
https://rvawex.ru.com/mmiri/lib/index.php

6 KB
7 KB

166ms
90ms

Document
text/html

51.68.106.168
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rvawex.ru.com/mmiri/lib/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.68.106.168 , France, ASN16276 (OVH, FR),
Reverse DNS: server13.conferencenews.buzz
Software: Apache /
Resource Hash: 1e7271f832628acc449ce087d6d75f51739b98094a637c4169940287705ba497

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 20 Jun 2023 08:01:42 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked

Redirect headers

Content-Type: text/html
Date: Tue, 20 Jun 2023 08:01:42 GMT
Location: https://rvawex.ru.com/mmiri/lib/index.php
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=7200
Transfer-Encoding: chunked
Via: 1.1 google
X-Content-Security-Policy: default-src 'self'; script-src 'self'
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK style.css
rvawex.ru.com/mmiri/lib/files/ 26 KB
26 KB 33ms
28ms Stylesheet
text/css 51.68.106.168
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rvawex.ru.com/mmiri/lib/files/style.css
Requested by: Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.68.106.168 , France, ASN16276 (OVH, FR),
Reverse DNS: server13.conferencenews.buzz
Software: Apache /
Resource Hash: 148c0dcd3eff6305eaffe3600d31334604cc02591259020e54d8835be0e20dfe

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/mmiri/lib/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 08:01:42 GMT
Last-Modified: Thu, 25 Aug 2022 14:13:24 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 26719

GET
H/1.1 200
OK jquery.min.js Show response
rvawex.ru.com/mmiri/lib/files/ 87 KB
88 KB 88ms
28ms Script
application/javascript 51.68.106.168
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rvawex.ru.com/mmiri/lib/files/jquery.min.js
Requested by: Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.68.106.168 , France, ASN16276 (OVH, FR),
Reverse DNS: server13.conferencenews.buzz
Software: Apache /
Resource Hash: c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/mmiri/lib/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 08:01:42 GMT
Last-Modified: Thu, 25 Aug 2022 12:41:28 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 89493

GET
H/1.1 200
OK placeholders.min.js Show response
rvawex.ru.com/mmiri/lib/files/ 4 KB
4 KB 90ms
29ms Script
application/javascript 51.68.106.168
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rvawex.ru.com/mmiri/lib/files/placeholders.min.js
Requested by: Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.68.106.168 , France, ASN16276 (OVH, FR),
Reverse DNS: server13.conferencenews.buzz
Software: Apache /
Resource Hash: bb631cb41d70ab6f8a07ab80b053676bca8589e7e1d835827f30e1bffbed91c5

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/mmiri/lib/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 08:01:42 GMT
Last-Modified: Thu, 25 Aug 2022 12:41:28 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3907

GET
H/1.1 200
OK iam2.0.js Show response
rvawex.ru.com/mmiri/lib/files/ 139 KB
139 KB 93ms
28ms Script
application/javascript 51.68.106.168
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rvawex.ru.com/mmiri/lib/files/iam2.0.js
Requested by: Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.68.106.168 , France, ASN16276 (OVH, FR),
Reverse DNS: server13.conferencenews.buzz
Software: Apache /
Resource Hash: 6371356d9cb87a361f550a77f374e58eb68a25ab048440a04e11fba1cc575876

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/mmiri/lib/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 08:01:42 GMT
Last-Modified: Thu, 25 Aug 2022 12:41:28 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 141862

GET
H2 200 prebid.js Show response
www.iolam.it/js/ 433 KB
139 KB 73ms
21ms Script
application/javascript 213.209.30.161
MATRIX-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.iolam.it/js/prebid.js

Requested by

Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/index.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.209.30.161 Assago, Italy, ASN8660 (MATRIX-AS, IT),

Reverse DNS

Software

Apache /

Resource Hash

9517af506cfec0779a8b02dcf1a5862f550887488ff96ac9946110a168ab3c3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 08:01:42 GMT
strict-transport-security: max-age=63072000;
content-encoding: gzip
x-content-type-options: nosniff
x-original-content-length: 443001
server: Apache
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
expires: Tue, 20 Jun 2023 18:14:24 GMT

GET
H/1.1 200
OK AdvContent20x20.png
rvawex.ru.com/mmiri/lib/files/ 537 B
778 B 29ms
28ms Image
image/png 51.68.106.168
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rvawex.ru.com/mmiri/lib/files/AdvContent20x20.png
Requested by: Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.68.106.168 , France, ASN16276 (OVH, FR),
Reverse DNS: server13.conferencenews.buzz
Software: Apache /
Resource Hash: 68cfa5d1e626ad1796c8c8db8276c8196f7235100b9ae6f7380a4f8920bd994c

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/mmiri/lib/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 08:01:42 GMT
Last-Modified: Mon, 14 Mar 2022 13:18:42 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 537

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 87 KB
31 KB 89ms
25ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/index.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 08:00:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31017
x-xss-protection: 0
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 08:00:35 GMT

GET
H2 200 jquery.validate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.5/ 24 KB
8 KB 62ms
24ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.5/jquery.validate.min.js

Requested by

Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/index.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

270524b0d27afd1d3b6622d1a176c678daed94564c143297e217a63e21ce9820

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 08:01:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2468587
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 7032
last-modified: Fri, 01 Jul 2022 15:30:23 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "62bf130f-1b78"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RrJaKrw0aQF5%2FCSIacqJIFiIjCtN6pd6WIgZD0I59puS23gBLjnpULLtgIvb%2BWLDSUbK2vYT569M5%2B%2FSDYL2YmISTpC%2BEfCXdOMO83DZdfusmTu8avL8c1fNUHLVnMqLT4sr3CPogeWknp65LBjKieMt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7da27c437d710e66-MXP
expires: Sun, 09 Jun 2024 08:01:42 GMT

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1 KB 93ms
34ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap

Requested by

Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/files/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2170f04df3b7e03e3439440b22f30247a1ee0606d4a0253e159c8a725372ac8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 20 Jun 2023 08:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 07:56:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 20 Jun 2023 08:01:42 GMT

GET
H/1.1 404
Not Found ;);%20background-repeat:%20no-repeat;%20background-color:%20rgb(104,%20231,%20255);%20background-position:%20center%20top;
rvawex.ru.com/mmiri/lib/ 315 B
315 B 29ms
28ms Image
text/html 51.68.106.168
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rvawex.ru.com/mmiri/lib/;);%20background-repeat:%20no-repeat;%20background-color:%20rgb(104,%20231,%20255);%20background-position:%20center%20top;
Requested by: Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.68.106.168 , France, ASN16276 (OVH, FR),
Reverse DNS: server13.conferencenews.buzz
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/mmiri/lib/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 08:01:42 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK logo.svg
rvawex.ru.com/mmiri/lib/files/ 5 KB
5 KB 30ms
28ms Image
image/svg+xml 51.68.106.168
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rvawex.ru.com/mmiri/lib/files/logo.svg
Requested by: Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.68.106.168 , France, ASN16276 (OVH, FR),
Reverse DNS: server13.conferencenews.buzz
Software: Apache /
Resource Hash: 54ea3b729d9ff4a499d3bf59b0497606ceb27b7100c60d74d28467224f3983f9

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/mmiri/lib/files/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 08:01:42 GMT
Last-Modified: Mon, 14 Mar 2022 13:18:42 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 4827

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 95ms
28ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://rvawex.ru.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 275475
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Jun 2024 03:30:27 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 99ms
32ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://rvawex.ru.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 19:08:02 GMT
x-content-type-options: nosniff
age: 219220
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Jun 2024 19:08:02 GMT

OPTIONS
H2 400 targeting
italiaonline.profiles.tagger.opecloud.com/v1/ Frame 0
0 96ms
32ms Preflight
text/plain 52.28.213.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://italiaonline.profiles.tagger.opecloud.com/v1/targeting?url=https%3A%2F%2Frvawex.ru.com%2Fmmiri%2Flib%2Findex.php&gdpr_applies=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.213.225 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-213-225.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: referrer-policy
Access-Control-Request-Method: GET
Origin: https://rvawex.ru.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/plain; charset=UTF-8
date: Tue, 20 Jun 2023 08:01:43 GMT

GET targeting
italiaonline.profiles.tagger.opecloud.com/v1/ 0
0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 230ms
129ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/files/iam2.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

641901f8a84adb7dcf21db28755979459c7cccf321b788d5f19fdb93c243140a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 08:01:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26681
x-xss-protection: 0
server: cafe
etag: 997 / 19528 / 31075400 / config-hash: 8267584658048972417
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 08:01:43 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/ 411 KB
127 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/pubads_impl.js?cb=31075400

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f295fdb1019a3c2ff2479582f5eda1915c67e8d8634f8b089920f86b6cc4fb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 18:36:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48293
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129960
x-xss-protection: 0
server: cafe
etag: 10643696450713337328
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 18 Jun 2024 18:36:50 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 98 B
622 B 122ms
60ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=rvawex.ru.com&ppc_eid=31075025

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

050554b518397012d807fdd494c769b96507052384daaa644fd9b69980564f13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 08:01:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80
x-xss-protection: 0
expires: Tue, 20 Jun 2023 08:01:43 GMT

POST trk
www.iolam.it/service/ 0
0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 96ms
36ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=rvawex.ru.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/pubads_impl.js?cb=31075400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 08:01:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 36 KB
14 KB 118ms
118ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=194407626543895&correlator=2256524784084596&eid=31075025%2C31075349%2C31075351%2C31075353%2C31075400%2C21065725&output=ldjh&gdfp_req=1&vrg=202306150101&ptt=17&impl=fifs&npa=1&iu_parts=5180%2Clibero%2Cwebmail%2Clogin%2Cundefined&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=1540x1024&ifi=1&adks=68688629&sfv=1-0-40&eri=1&cust_params=oe%3DUTF-8%26optout%3D1%26adv_infocus%3Dyes%26adv_referrer%3Dother%26adv_sgt%3D1%26is_native%3Dno%26xdid_user_ui%3Dfalse%26adv_sso1%3D0%26adv_sso2%3D0%26adv_sso3%3D0%26gdpr%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1687248105207&lmt=1687248105&dlt=1687248102710&idt=583&adxs=576&adys=50&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Frvawex.ru.com%2Fmmiri%2Flib%2Findex.php&frm=20&vis=1&psz=980x0&msz=1540x0&fws=0&ohw=0&ga_vid=1141932396.1687248105&ga_sid=1687248105&ga_hid=1942055022&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/pubads_impl.js?cb=31075400

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1332ba9b1a04c2b88e81bf80f3bbbdfe1e48a3cb590c6e3392276e86e746f8a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 08:01:45 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14055
x-xss-protection: 0
google-lineitem-id: 6276855270
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138429738624
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://rvawex.ru.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 137ms
76ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306150101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/pubads_impl.js?cb=31075400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

23af8637dfc909df9a82c94392b24e7240da86323420198062c60030037bbf02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 08:01:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11294
x-xss-protection: 0

GET
H2 200 container.html Show response
e43d0093eb790c5d856e15c44e249f07.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 58BC 6 KB
3 KB 151ms
34ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e43d0093eb790c5d856e15c44e249f07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/pubads_impl.js?cb=31075400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://rvawex.ru.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 08:01:45 GMT
expires: Wed, 19 Jun 2024 08:01:45 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 60BB 0
0 64ms
64ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvNHU8OnzWPqkzQlqKG4s2ntCN88fQxBuMfMNrFyVuX06xkgJ8pqX6QJhq87wdOP2hYmAXuDKBveLG3APTYllI4WFrg7js_hNwPcv-ojdz0-15JkD33Cq_RC_p8Bd5_z4qeMHhUbKpcgre2oGu-YPzKekV4ipNUQzyAS-T3a1Hm3-RVyqRHq70OlSOFsyRm4m-rHFSdNaLLiF_cFURVWod6H99pP5-yHMYWxlHxQGT7FNCEgwbdaoQ62urFLiDuhT30yQcX32kDXYRaxUo6Ry2hIAgRhCb3YYvIJxjpTVO0v4TO1bd2SmvkUrIYdCHLO5avOmWBJ8jOHvr8dKIcL3px0LhWXg&sai=AMfl-YSjdwfHEIjoVQycmgFiS299b74hYxshjbUtjbgbTzC9JckmMHQWWoVSSuKupxLdpc1DYy3Fqayeav8PYRS3LXa7eUTRmQDHEIQJGnHhW62wE0OY66wE7FJzBWQRgEe57_A63fsRGHXFUoCAblE&sig=Cg0ArKJSzEhG3Xjtt9fYEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/index.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 08:01:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 20 Jun 2023 08:01:45 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 60BB 178 KB
56 KB 136ms
36ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/pubads_impl.js?cb=31075400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 08:01:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 08:01:45 GMT

GET
H2 200 AdvContent20x20.png
i3.plug.it/banners/img/ 537 B
913 B 177ms
30ms Image
image/png 13.225.78.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.plug.it/banners/img/AdvContent20x20.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-19.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 68cfa5d1e626ad1796c8c8db8276c8196f7235100b9ae6f7380a4f8920bd994c

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 03:48:16 GMT
via: 1.1 eb1a8c1b1275e33a016e623478052110.cloudfront.net (CloudFront)
last-modified: Tue, 09 Jun 2020 08:23:45 GMT
server: nginx
x-amz-cf-pop: FRA2-C2
age: 15271
etag: "5edf4711-219"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=1200, public
accept-ranges: bytes
content-length: 537
x-amz-cf-id: XhRverHY5aP2I4jzHOsqjJyi9iT5ouYSe-rvOfUmjySS8tIHxO3L4A==
expires: Tue, 20 Jun 2023 04:07:14 GMT

GET
H2 200 11195385152846610796
tpc.googlesyndication.com/simgad/ 59 KB
59 KB 119ms
27ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11195385152846610796?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8e7b643e88a94d2535adcf97fe77fce211179231d8407671968d1d0e1a5ff9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 18 Jun 2023 06:16:41 GMT
x-content-type-options: nosniff
age: 179104
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60024
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 09:45:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 17 Jun 2024 06:16:41 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 166ms
78ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/pubads_impl.js?cb=31075400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 08:01:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 08:01:45 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 27D6 13 KB
5 KB 29ms
28ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://rvawex.ru.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

accept-ranges: bytes
age: 60619
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 19 Jun 2023 15:11:26 GMT
expires: Tue, 18 Jun 2024 15:11:26 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AF12 783 B
1 KB 108ms
36ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ae25815fd6618ea8dfdb9346be35ea649a5f8186f8a991c2c76eee0e44c3eed1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ULkZ2_wT3XZPg0Ug-zFryw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://rvawex.ru.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-ULkZ2_wT3XZPg0Ug-zFryw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 08:01:45 GMT
expires: Tue, 20 Jun 2023 08:01:45 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ Frame 60BB 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ec3eeb262d662a91b7bd7ea7a51f20c15260ab5307288b24d7d5e952f2479d6c

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 29B1 49 KB
13 KB 172ms
53ms Script
application/javascript 54.154.68.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=926174&campId=1540x1024&pubId=38840327&chanId=131213447&placementId=6276855270&pubCreative=138429738624&pubOrder=2934514703&cb=554974440&impId=&ias_adpath=%23adv_click
Requested by: Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/index.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.68.54 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-68-54.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 431f87fa9d5414ee565016996baa22ee63778b6ea78ceae19ba82a268b96e723

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 08:01:45 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 60BB 0
0 68ms
62ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstetrHqRupgV-XKPskJPoPs2qhwfVhzMIzieHuTavet70LaOiDOmvU5xwITnNqToZVxHSGyUDHQCgjRW3c5jUb4ikK7cSxZq6hgKS2b-Rg9Ap-PSyZHJrXxjdCaR_ZmkDAAzc7X6z6lm-N2Q4aOe5jc7OghpRkViqyRr0dI9cyoGI9RaU_RLDiSh7rtC_BUry5lmAbqXb6VGt5DJGrC4hQi2gf96JiE_OWMbIW3OJcLHOSD7bLSSNqw0QXsAVJ-ejKkIahmwPF4i1EhIvWwZ0UK5jF6yO6vY5agC0vXW9Rb-OycbMVhyvMVINtuuuvD0M18vgmRwKxQb9agzJVK8kIimvMkS8-H&sai=AMfl-YS-qZWdu999668wcGYncq85o1bYLP08oW822W5vHW0VRjIwHjm-ZOucUcBXspmOhfk95FQURnjPLxlljSCGJ1Os-rAl6HG0-JqcoCOL8JwkVpfRfREg8HN2ZAThFB95PVZCTPNJM-upCBf3Oeo&sig=Cg0ArKJSzC4FrqsLzPZdEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 08:01:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 20 Jun 2023 08:01:45 GMT

GET
H3 200 1SSVsYZJr8uIwdDGCB28uEfJ_gMT-7RJhMj1JjXxEHA.js Show response
pagead2.googlesyndication.com/bg/ Frame 27D6 38 KB
14 KB 83ms
26ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1SSVsYZJr8uIwdDGCB28uEfJ_gMT-7RJhMj1JjXxEHA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d52495b18649afcb88c1d0c6081dbcb847c9fe0313fbb44984c8f52635f11070

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 11:20:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 333671
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14776
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Jun 2024 11:20:34 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AF12 0
0 114ms
60ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202306150101&jk=194407626543895&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 main.19.8.417.js Show response
static.adsafeprotected.com/ Frame 29B1 202 KB
63 KB 176ms
45ms Script
application/javascript 2600:9000:223f:c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.417.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=926174&campId=1540x1024&pubId=38840327&chanId=131213447&placementId=6276855270&pubCreative=138429738624&pubOrder=2934514703&cb=554974440&impId=&ias_adpath=%23adv_click
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 751fb681f54d257d1e40ec453a64608224a9862491da12791310bdeb0c1d8a2a

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 15:17:27 GMT
x-amz-version-id: UVbFefY6UOYSsxlF6c.82fk2mbTK4IKy
content-encoding: gzip
via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1010659
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 07 Jun 2023 21:53:40 GMT
server: AmazonS3
etag: W/"bb95c129f80c46c33e169dde0694b792"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: oxSJSsFtCnTD97C_2E1XJTRt_hrvMpcNWUSwb84lzfDvtdyEZ6aKig==

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 27D6 0
10 B 26ms
26ms Image
text/plain 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?1xIfog
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 08:01:46 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame DF10 91 KB
23 KB 39ms
38ms Script
application/javascript 2600:9000:223f:c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: rvawex.ru.com
URL: https://rvawex.ru.com/mmiri/lib/index.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 23473530
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: KQ8y4zlafQg43DK0RqcwynRY6WCJzH4pndUhoZVVMz-uninSjPryGA==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
216 B 95ms
94ms Image
image/gif 54.154.68.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=926174&campId=1540x1024&pubId=38840327&chanId=131213447&placementId=6276855270&pubCreative=138429738624&pubOrder=2934514703&cb=554974440&impId=&ias_adpath=%23adv_click&adsafe_url=https%3A%2F%2Frvawex.ru.com%2Fmmiri%2Flib%2Findex.php&adsafe_type=abcedq&adsafe_url=https%3A%2F%2Frvawex.ru.com%2F&adsafe_type=f&adsafe_jsinfo=,id:bb85b83e-8cf1-736d-a309-6e00f89d98ba,c:g3YDzd,sl:inView,em:true,fr:true,thd:1,mn:jsserver-primary-6c5d9cf586-6swwf,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1.grpm1.ferit1.dfhui1.brLes1,mtim:250,mot:0,app:0,maw:0,fm:tHHP6ub+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:278,oid:b3711452-0f40-11ee-82a4-ceb029e84fbd,v:19.8.417,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.68.54 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-68-54.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 08:01:46 GMT
server: nginx
x-server-name: app13.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 411ms
133ms Image
image/gif 2600:1f18:1aca:4281:9272:5c37:e8e:834a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=926174&asId=bb85b83e-8cf1-736d-a309-6e00f89d98ba&tv=%7Bc:g3YDzm,pingTime:-8,time:285,type:l,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:285,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:276,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B30~100%5D,as:%5B30~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:tHHP6ub+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:280%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:9272:5c37:e8e:834a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 08:01:46 GMT
server: nginx
x-server-name: dt09.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
216 B 403ms
133ms Image
image/gif 2600:1f18:1aca:4281:9272:5c37:e8e:834a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=926174&asId=bb85b83e-8cf1-736d-a309-6e00f89d98ba&tv=%7Bc:g3YDAd,pingTime:0,time:338,type:pf,clog:%5B%7Bpiv:100,vs:i,r:,w:1600,h:1200,t:276%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:338,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:276,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B84~100%5D,as:%5B84~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:tHHP6ub+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:280%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:9272:5c37:e8e:834a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 08:01:46 GMT
server: nginx
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 395ms
134ms Image
image/gif 2600:1f18:1aca:4281:9272:5c37:e8e:834a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=926174&asId=bb85b83e-8cf1-736d-a309-6e00f89d98ba&tv=%7Bc:g3YDAn,pingTime:-2,time:348,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:186,beZ:187,mfA:436,cmA:438,inA:438,inZ:445,prA:445,prZ:452,si:463,poA:472,poZ:516,cmZ:516,mfZ:516,loA:528,loZ:532,ltA:533,ltZ:533,mdA:187,mdZ:408%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:100,vs:i,r:,w:1600,h:1200,t:276%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:348,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:276,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B93~100%5D,as:%5B93~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:tHHP6ub+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:280,slid:%5Bgoogle_ads_iframe_/5180/libero/webmail/login/undefined_0,google_ads_iframe_/5180/libero/webmail/login/undefined_0__container__,adsplash,wrapper-iol%5D,sinceFw:62,readyFired:true%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:9272:5c37:e8e:834a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 08:01:46 GMT
server: nginx
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 133ms
133ms Image
image/gif 2600:1f18:1aca:4281:9272:5c37:e8e:834a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=926174&asId=bb85b83e-8cf1-736d-a309-6e00f89d98ba&tv=%7Bc:g3YDGa,pingTime:-10,time:707,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xMzMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1687248106529%7C%7Ca508cea8f54778ec33092996c6b5f584%7C%7C8623b242deb4313525321dba17b62725%7C%7C33ccfb03662f12defbff337514237456%7C%7C3f9f5e1c606aee3118b6ea5fa469a451%7C%7Cfbae229889238a24f841c5dbde80f47c%7C%7Ca4069385def45844d3eb989b53129a20%7C%7Cc8eb2dd2bcb9342760ad199e54363f33%7C%7C1663701684%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:9272:5c37:e8e:834a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 08:01:46 GMT
server: nginx
x-server-name: dt11.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 63ms
63ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202306150101&jk=194407626543895&bg=!Y2ClYDTNAAaGYqkwpmI7ADkAdvg8WnwI_Od_8gOTgQ1Z-jNjFsEVmkWVNSCgfccF1cl8HFyN3XPGLRkGMFh-kLly_y1wpr-JaukCAAAAt1IAAAAKaAEHCgB3wZI3tA4TMtiqhRO6B5oMQY4iE1L1hz8Ft93FvpJtivsWuA0JDDDlS7TQjL99vZFQbEl16ghPpWjcbc788j6sYtt3cvPz6YOrGNdcTjlU0XkhrdtzSu6zfhE89IrgNU7np-xCEGa7vJxWmvKRF4dJEur433z47ySZAsRE15NvTHgsblFEzLTjOMcrh3GpJ4rznvIwGAPThUU7sQSpal-vqgIa9Iget9WxIsU0r-xa4XQB-mKFzg47tragR9iL59Cs0WjOp5TctaRXupCCQf_UZ1RxFL8IjZdg4sroW0LsgJoV3O51AnWR3u2USULar4KHCWUcpNF3WaxBuk7ivkLX_dtTrTy3VfXvx6rDqWeJq5y-0z2lzign4d5YB__mzH2vndEw581iiGFV6CZ1Kzm5Xm10s6AK3RK8i8SYcMzmLrpDvGrXbF4ETp4Vq4IrzrLgreDnFSpQDMzs7APU3p7pNlwS536rZPKD6IKH4tJ2jtV75EwYiBBmRs4zO2kP6p77OHZMB_HvLdYPYaE94pkfCMOSXgSAv0T1-cCCyfkKj2AHHvXD0nFOrPg0T_TCgOacc7ypwLqHyVfpSu-yCK-czSO_LZ30Cd9fmy6EBvMcez1Q7c_oXmi_6yTj5MuWEhLUB51-njw0T0Au16DZvPqcNofbdtE6zsQWYsA2wXfHQ8su1tdf5t8QoHc1jafsmRjrGUKlOiBOvSNGFN_dgNamTUweA48IUqSFgyq-VlpKx83BbkmhPEgum6DDvzF6WojxQPvKGjWGMHQ6-WjgrKay7jL_9-nsMdAzjxdpjbWff4DySYntjXs77jiBIIjko36akdmNDXriskrxB1b-J3ueJ_bYHXV9_x9_lXotkgcqVfOMRSg6RLaeYXlZqnJiotzapuNHgGUWbJpXij3qZAcUv_KdG-4DTwHzr-8_hNXA0aSFwY4r7n1-bgNq-sxgRoyc0l-nGuBf8W9O0gZ6IZ5G760yofxwlgceCJUxzwVgT_O20ppqwsla0RNZQ7o6iwnCNzqenENKbyYz6ypiMz4arsy_iTSMlQ7IuvS4VAy8a1F-HsSpA_G7dQtnLn4txNUq7G51ERdRkbUYSl5BK-Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 132ms
132ms Image
image/gif 2600:1f18:1aca:4281:9272:5c37:e8e:834a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=926174&asId=bb85b83e-8cf1-736d-a309-6e00f89d98ba&tv=%7Bc:g3YDQo,pingTime:1,time:1341,type:p,clog:%5B%7Bpiv:100,vs:i,r:,w:1600,h:1200,t:276%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1341,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:276,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1086~100%5D,as:%5B1086~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:142,fm:tHHP6ub+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:280,sis:428%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:9272:5c37:e8e:834a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 08:01:47 GMT
server: nginx
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 132ms
132ms Image
image/gif 2600:1f18:1aca:4281:9272:5c37:e8e:834a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=926174&asId=bb85b83e-8cf1-736d-a309-6e00f89d98ba&tv=%7Bc:g3YDQo,pingTime:1,time:1341,type:pf,clog:%5B%7Bpiv:100,vs:i,r:,w:1600,h:1200,t:276%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1341,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:276,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1086~100%5D,as:%5B1086~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:142,fm:tHHP6ub+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:280,sis:428%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:9272:5c37:e8e:834a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 08:01:47 GMT
server: nginx
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 134ms
133ms Image
image/gif 2600:1f18:1aca:4281:9272:5c37:e8e:834a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=926174&asId=bb85b83e-8cf1-736d-a309-6e00f89d98ba&tv=%7Bc:g3YDQp,pingTime:1,time:1342,type:c,clog:%5B%7Bpiv:100,vs:i,r:,w:1600,h:1200,t:276%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1342,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:276,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1087~100%5D,as:%5B1087~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:142,fm:tHHP6ub+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:280,sis:428,metricId:publ1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:9272:5c37:e8e:834a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 08:01:47 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 135ms
134ms Image
image/gif 2600:1f18:1aca:4281:9272:5c37:e8e:834a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=926174&asId=bb85b83e-8cf1-736d-a309-6e00f89d98ba&tv=%7Bc:g3YDQp,pingTime:1,time:1342,type:c,clog:%5B%7Bpiv:100,vs:i,r:,w:1600,h:1200,t:276%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1342,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:276,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1087~100%5D,as:%5B1087~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:142,fm:tHHP6ub+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:280,sis:428,metricId:grpm1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:9272:5c37:e8e:834a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 08:01:47 GMT
server: nginx
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 135ms
135ms Image
image/gif 2600:1f18:1aca:4281:9272:5c37:e8e:834a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=926174&asId=bb85b83e-8cf1-736d-a309-6e00f89d98ba&tv=%7Bc:g3YDQp,pingTime:1,time:1342,type:c,clog:%5B%7Bpiv:100,vs:i,r:,w:1600,h:1200,t:276%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1342,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:276,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1087~100%5D,as:%5B1087~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:142,fm:tHHP6ub+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:280,sis:428,metricId:ferit1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:9272:5c37:e8e:834a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 08:01:47 GMT
server: nginx
x-server-name: dt03.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 133ms
132ms Image
image/gif 2600:1f18:1aca:4281:9272:5c37:e8e:834a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=926174&asId=bb85b83e-8cf1-736d-a309-6e00f89d98ba&tv=%7Bc:g3YDQq,pingTime:1,time:1343,type:c,clog:%5B%7Bpiv:100,vs:i,r:,w:1600,h:1200,t:276%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1343,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:276,wc:0.0.1600.1200,ac:0.0.1600.1200,am:sp,cc:0.0.1600.1200,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1088~100%5D,as:%5B1088~1600.1200%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:142,fm:tHHP6ub+11%7C12%7C13*.926174%7C131%7C14%7C15,idMap:13*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:280,sis:428,metricId:dfhui1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:9272:5c37:e8e:834a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://rvawex.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 08:01:47 GMT
server: nginx
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: italiaonline.profiles.tagger.opecloud.com
URL: https://italiaonline.profiles.tagger.opecloud.com/v1/targeting?url=https%3A%2F%2Frvawex.ru.com%2Fmmiri%2Flib%2Findex.php&gdpr_applies=0

Domain: www.iolam.it
URL: https://www.iolam.it/service/trk

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Libero (Online)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			rvawex.ru.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 0f1996e3a80ef27da590846523be8546
			.doubleclick.net/	1970-01-20 22:02:24	Name: IDE Value: AHWqTUlwspGk3kiuCUZmmg86AtDma1DfyOA4MX_RyMW1O7a33tobYweMXHqsxGcOhVw

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://rvawex.ru.com/mmiri/lib/;);%20background-repeat:%20no-repeat;%20background-color:%20rgb(104,%20231,%20255);%20background-position:%20center%20top; Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://rvawex.ru.com/mmiri/lib/index.php Message: Access to XMLHttpRequest at 'https://italiaonline.profiles.tagger.opecloud.com/v1/targeting?url=https%3A%2F%2Frvawex.ru.com%2Fmmiri%2Flib%2Findex.php&gdpr_applies=0' from origin 'https://rvawex.ru.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://italiaonline.profiles.tagger.opecloud.com/v1/targeting?url=https%3A%2F%2Frvawex.ru.com%2Fmmiri%2Flib%2Findex.php&gdpr_applies=0 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://rvawex.ru.com/mmiri/lib/index.php Message: Access to XMLHttpRequest at 'https://www.iolam.it/service/trk' from origin 'https://rvawex.ru.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.iolam.it/service/trk Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
ajax.googleapis.com
cdnjs.cloudflare.com
delivery.handwrittenstudynotes.com
dt.adsafeprotected.com
e43d0093eb790c5d856e15c44e249f07.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
i3.plug.it
italiaonline.profiles.tagger.opecloud.com
pagead2.googlesyndication.com
pixel.adsafeprotected.com
rvawex.ru.com
securepubads.g.doubleclick.net
static.adsafeprotected.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.iolam.it
italiaonline.profiles.tagger.opecloud.com
www.iolam.it
13.225.78.19
213.209.30.161
2600:1f18:1aca:4281:9272:5c37:e8e:834a
2600:9000:223f:c00:8:48e:53c0:93a1
2606:4700::6811:180e
2a00:1450:4001:80f::2003
2a00:1450:4001:812::2002
2a00:1450:4001:827::2002
2a00:1450:4001:828::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2001
2a00:1450:4001:831::2001
2a00:1450:4001:831::200a
34.117.197.73
51.68.106.168
52.28.213.225
54.154.68.54
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
050554b518397012d807fdd494c769b96507052384daaa644fd9b69980564f13
1332ba9b1a04c2b88e81bf80f3bbbdfe1e48a3cb590c6e3392276e86e746f8a8
148c0dcd3eff6305eaffe3600d31334604cc02591259020e54d8835be0e20dfe
1e7271f832628acc449ce087d6d75f51739b98094a637c4169940287705ba497
2170f04df3b7e03e3439440b22f30247a1ee0606d4a0253e159c8a725372ac8f
23af8637dfc909df9a82c94392b24e7240da86323420198062c60030037bbf02
270524b0d27afd1d3b6622d1a176c678daed94564c143297e217a63e21ce9820
431f87fa9d5414ee565016996baa22ee63778b6ea78ceae19ba82a268b96e723
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
54ea3b729d9ff4a499d3bf59b0497606ceb27b7100c60d74d28467224f3983f9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6371356d9cb87a361f550a77f374e58eb68a25ab048440a04e11fba1cc575876
641901f8a84adb7dcf21db28755979459c7cccf321b788d5f19fdb93c243140a
68cfa5d1e626ad1796c8c8db8276c8196f7235100b9ae6f7380a4f8920bd994c
751fb681f54d257d1e40ec453a64608224a9862491da12791310bdeb0c1d8a2a
7f295fdb1019a3c2ff2479582f5eda1915c67e8d8634f8b089920f86b6cc4fb7
9517af506cfec0779a8b02dcf1a5862f550887488ff96ac9946110a168ab3c3f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
ae25815fd6618ea8dfdb9346be35ea649a5f8186f8a991c2c76eee0e44c3eed1
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bb631cb41d70ab6f8a07ab80b053676bca8589e7e1d835827f30e1bffbed91c5
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
c8e7b643e88a94d2535adcf97fe77fce211179231d8407671968d1d0e1a5ff9f
d52495b18649afcb88c1d0c6081dbcb847c9fe0313fbb44984c8f52635f11070
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
ec3eeb262d662a91b7bd7ea7a51f20c15260ab5307288b24d7d5e952f2479d6c
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

rvawex.ru.com Open in urlscan Pro 51.68.106.168 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

50 Requests

96 %HTTPS

68 %IPv6

13 Domains

19 Subdomains

19 IPs

5 Countries

907 kBTransfer

2045 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

rvawex.ru.com Open in urlscan Pro
51.68.106.168 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

96 %
HTTPS

68 %
IPv6

13
Domains

19
Subdomains

19
IPs

5
Countries

907 kB
Transfer

2045 kB
Size

2
Cookies

50 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!