vsim.ua Open in urlscan Pro
2606:4700:3035::ac43:d201 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://vsim.ua/
Effective URL:
https://vsim.ua/
Submission: On June 30 via api (June 30th 2022, 8:22:43 am UTC) from GB — Scanned from GB

Summary HTTP 303 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 52 IPs in 9 countries across 36 domains to perform 303 HTTP transactions. The main IP is 2606:4700:3035::ac43:d201, located in United States and belongs to CLOUDFLARENET, US. The main domain is vsim.ua.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 9th 2022. Valid for: a year.

This is the only time vsim.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 45	2606:4700:303... 2606:4700:3035::ac43:d201	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	79.171.117.17 79.171.117.17	() ()
2 3	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:801::200d	15169 (GOOGLE) (GOOGLE)
7	45.133.44.4 45.133.44.4	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
5	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:6ea0:c70... 2a02:6ea0:c700::17	60068 (CDN77 ^_^) (CDN77 ^_^)
2	31.41.216.82 31.41.216.82	42655 (BESTHOSTI...) (BESTHOSTING-AS)
2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1	35.214.184.209 35.214.184.209	15169 (GOOGLE) (GOOGLE)
4	185.239.173.66 185.239.173.66	55081 (24SHELLS) (24SHELLS)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
27	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
4 10	37.252.172.45 37.252.172.45	29990 (ASN-APPNEX) (ASN-APPNEX)
1	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
8 17	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	46.249.52.248 46.249.52.248	50673 (SERVERIUS-AS) (SERVERIUS-AS)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	74.125.133.155 74.125.133.155	15169 (GOOGLE) (GOOGLE)
4 8	52.213.113.49 52.213.113.49	16509 (AMAZON-02) (AMAZON-02)
18	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
12 32	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
36	2a00:1450:400... 2a00:1450:4001:812::2006	15169 (GOOGLE) (GOOGLE)
6	2600:9000:206... 2600:9000:206f:2400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
24	52.33.66.202 52.33.66.202	16509 (AMAZON-02) (AMAZON-02)
6	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:11::215:14dc	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	18.184.224.159 18.184.224.159	16509 (AMAZON-02) (AMAZON-02)
1 3	2620:116:800d... 2620:116:800d:21:5ed4:8d5d:fed7:f5ef	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
3	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
6 6	8.28.7.81 8.28.7.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2a05:d01c:1d8... 2a05:d01c:1d8:8101:7677:5b33:71a6:2d38	16509 (AMAZON-02) (AMAZON-02)
2 2	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2.16.186.35 2.16.186.35	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	52.214.225.206 52.214.225.206	16509 (AMAZON-02) (AMAZON-02)
1 1	18.195.144.156 18.195.144.156	16509 (AMAZON-02) (AMAZON-02)
1	18.157.110.183 18.157.110.183	16509 (AMAZON-02) (AMAZON-02)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	141.95.98.70 141.95.98.70	16276 (OVH) (OVH)
303	52

45 2606:4700:3035::ac43:d201 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

vsim.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 79.171.117.17 (None, )

ASN- ()

leokross.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7aaf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 45.133.44.4 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

cdn.gravitec.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
player.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.gravitec.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::17 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

id.gravitec.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.41.216.82 (Ukraine)

ASN42655 (BESTHOSTING-AS, UA)
PTR: dedic.dc.besthosting.ua

tracker_beam.20minut.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.184.209 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 209.184.214.35.bc.googleusercontent.com

api.gravitec.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.239.173.66 (United Kingdom)

ASN55081 (24SHELLS, US)

ghb.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 37.252.172.45 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 104.18.18.126 (None, ) 8 redirects

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.249.52.248 (Amsterdam, Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

pbjs.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

adtelligent-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.133.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f155.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.213.113.49 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-113-49.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 142.250.186.98 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:206f:2400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 52.33.66.202 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-33-66-202.us-west-2.compute.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:11::215:14dc (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.184.224.159 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-224-159.eu-central-1.compute.amazonaws.com

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 8.28.7.81 (United States) 6 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.139 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d01c:1d8:8101:7677:5b33:71a6:2d38 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.191 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.16.186.35 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-35.deploy.static.akamaitechnologies.com

secure-ds.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.214.225.206 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-225-206.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.144.156 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-144-156.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.157.110.183 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-110-183.eu-central-1.compute.amazonaws.com

lm.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.70 (France)

ASN16276 (OVH, FR)
PTR: ns3216620.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	doubleclick.net 12 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209 stats.g.doubleclick.net — Cisco Umbrella Rank: 119 googleads.g.doubleclick.net — Cisco Umbrella Rank: 54 bid.g.doubleclick.net — Cisco Umbrella Rank: 465 cm.g.doubleclick.net — Cisco Umbrella Rank: 205 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 287	310 KB
48	googlesyndication.com 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 tpc.googlesyndication.com — Cisco Umbrella Rank: 160	273 KB
45	vsim.ua 1 redirects vsim.ua	1 MB
38	adsafeprotected.com 4 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 771 static.adsafeprotected.com — Cisco Umbrella Rank: 562 dt.adsafeprotected.com — Cisco Umbrella Rank: 481	381 KB
36	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 276	401 KB
17	casalemedia.com 8 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 542 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 608 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 576	15 KB
11	google.com accounts.google.com — Cisco Umbrella Rank: 116 ampcid.google.com — Cisco Umbrella Rank: 1722 region1.analytics.google.com — Cisco Umbrella Rank: 5133 adservice.google.com — Cisco Umbrella Rank: 92 www.google.com — Cisco Umbrella Rank: 8	76 KB
10	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 244	10 KB
9	serving-sys.com bs.serving-sys.com — Cisco Umbrella Rank: 1051 secure-ds.serving-sys.com — Cisco Umbrella Rank: 1709 lm.serving-sys.com — Cisco Umbrella Rank: 1808	190 KB
8	pubmatic.com 6 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 520 image6.pubmatic.com — Cisco Umbrella Rank: 629	3 KB
8	adtelligent.com player.adtelligent.com — Cisco Umbrella Rank: 5725 ghb.adtelligent.com — Cisco Umbrella Rank: 6305	153 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 179	199 KB
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 391 mug.criteo.com — Cisco Umbrella Rank: 2727	1 KB
4	openx.net adtelligent-d.openx.net — Cisco Umbrella Rank: 17930 rtb.openx.net — Cisco Umbrella Rank: 1589	921 B
4	google.de ampcid.google.de — Cisco Umbrella Rank: 48123 www.google.de — Cisco Umbrella Rank: 5448 adservice.google.de — Cisco Umbrella Rank: 7751	2 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 155	195 KB
3	rubiconproject.com 3 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 336	1 KB
3	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 1107	1 KB
3	gravitec.net cdn.gravitec.net — Cisco Umbrella Rank: 26513 id.gravitec.net — Cisco Umbrella Rank: 126561	20 KB
3	unpkg.com 2 redirects unpkg.com — Cisco Umbrella Rank: 944	38 KB
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1872	1 KB
2	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1383	592 B
2	e-planning.net 1 redirects pbjs.e-planning.net — Cisco Umbrella Rank: 6853	1 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 96	315 B
2	20minut.ua tracker_beam.20minut.ua	135 B
2	gravitec.media cdn.gravitec.media — Cisco Umbrella Rank: 53179 api.gravitec.media — Cisco Umbrella Rank: 41114	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 89	115 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 49	20 KB
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 550	614 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 557	765 B
1	everesttech.net 1 redirects pixel.everesttech.net — Cisco Umbrella Rank: 3023	378 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 907	356 B
1	createjs.com code.createjs.com — Cisco Umbrella Rank: 1291	63 KB
1	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 6442	169 B
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1355	38 KB
1	leokross.com leokross.com
303	36

	Domain	Requested by
45	vsim.ua	1 redirects vsim.ua
36	s0.2mdn.net	vsim.ua s0.2mdn.net 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
32	cm.g.doubleclick.net	12 redirects googleads.g.doubleclick.net 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
25	pagead2.googlesyndication.com	9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com bid.g.doubleclick.net tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com securepubads.g.doubleclick.net
24	dt.adsafeprotected.com	9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
18	tpc.googlesyndication.com	9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net
13	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net
10	ib.adnxs.com	4 redirects player.adtelligent.com googleads.g.doubleclick.net
8	fw.adsafeprotected.com	4 redirects 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com vsim.ua
8	googleads.g.doubleclick.net	9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com vsim.ua
6	image6.pubmatic.com	6 redirects
6	googleads4.g.doubleclick.net	vsim.ua
6	static.adsafeprotected.com	9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
6	www.googletagservices.com	9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com fw.adsafeprotected.com
5	secure-ds.serving-sys.com	fw.adsafeprotected.com secure-ds.serving-sys.com 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
5	www.google.com	9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com tpc.googlesyndication.com
5	9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	securepubads.g.doubleclick.net	vsim.ua securepubads.g.doubleclick.net
4	ghb.adtelligent.com	player.adtelligent.com
4	player.adtelligent.com	vsim.ua player.adtelligent.com
4	connect.facebook.net	vsim.ua connect.facebook.net
3	ssum-sec.casalemedia.com	3 redirects
3	pixel.rubiconproject.com	3 redirects
3	rtb.openx.net	9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
3	cms.quantserve.com	1 redirects 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
3	bs.serving-sys.com	9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com secure-ds.serving-sys.com
3	unpkg.com	2 redirects
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	e.dlx.addthis.com	2 redirects
2	ag.innovid.com	9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
2	pbjs.e-planning.net	1 redirects
2	hbopenbid.pubmatic.com	player.adtelligent.com
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.facebook.com
2	tracker_beam.20minut.ua	vsim.ua
2	www.googletagmanager.com	vsim.ua www.googletagmanager.com
2	www.google-analytics.com	vsim.ua www.google-analytics.com
2	cdn.gravitec.net	vsim.ua cdn.gravitec.net
2	accounts.google.com	vsim.ua accounts.google.com
1	id5-sync.com	player.adtelligent.com
1	lm.serving-sys.com	secure-ds.serving-sys.com
1	d.agkn.com	1 redirects
1	pixel.everesttech.net	1 redirects
1	odr.mookie1.com	9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
1	code.createjs.com	s0.2mdn.net
1	bid.g.doubleclick.net	9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
1	adtelligent-d.openx.net	player.adtelligent.com
1	htlb.casalemedia.com	player.adtelligent.com
1	prebid-eu.creativecdn.com	player.adtelligent.com
1	www.google.de
1	region1.analytics.google.com	www.googletagmanager.com
1	api.gravitec.media	cdn.gravitec.media
1	ampcid.google.de	www.google-analytics.com
1	cdn.gravitec.media	cdn.gravitec.net
1	id.gravitec.net	cdn.gravitec.net
1	ampcid.google.com	www.google-analytics.com
1	www.googleoptimize.com	vsim.ua
1	leokross.com	vsim.ua
303	61

This site contains links to these domains. Also see Links.

Domain
vn.20minut.ua
zt.20minut.ua
te.20minut.ua
kazatin.com
invite.viber.com
t.me
www.facebook.com
news.google.com
www.instagram.com
www.youtube.com
www.besthosting.ua
ua.depositphotos.com
www.eeas.europa.eu
www.irf.ua

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-09` - `2023-06-08`	a year	crt.sh
leokross.com R3	`2021-12-20` - `2022-03-20`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-04-08` - `2022-07-07`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.gravitec.net AlphaSSL CA - SHA256 - G2	`2022-03-22` - `2023-04-23`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
player.adtelligent.com R3	`2022-05-20` - `2022-08-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
cdn.gravitec.media R3	`2022-05-23` - `2022-08-21`	3 months	crt.sh
*.20minut.ua Sectigo RSA Domain Validation Secure Server CA	`2021-10-18` - `2022-10-18`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
api.gravitec.media R3	`2022-06-15` - `2022-09-13`	3 months	crt.sh
ghb.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2022-06-06` - `2022-09-04`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
fw.adsafeprotected.com Amazon	`2022-04-28` - `2023-05-27`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2021-11-19` - `2022-12-18`	a year	crt.sh
tls.adobe.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-29` - `2023-05-30`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.innovid.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-15` - `2023-04-15`	a year	crt.sh
secure-ds.serving-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-05` - `2023-03-08`	a year	crt.sh
lm.serving-sys.com Amazon	`2022-02-15` - `2023-03-16`	a year	crt.sh
bs.serving-sys.com Amazon	`2022-04-10` - `2023-05-09`	a year	crt.sh
*.id5-sync.com R3	`2022-05-31` - `2022-08-29`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-15` - `2022-09-18`	3 months	crt.sh

This page contains 29 frames:

Primary Page: https://vsim.ua/
Frame ID: 9E8A79DDFEFF8225C85189839C51FA95
Requests: 101 HTTP requests in this frame

Frame: https://vsim.ua/site_login/iframe
Frame ID: E64B356E9ABA2DE0DEDB0F615F9A35BB
Requests: 4 HTTP requests in this frame

Frame: https://id.gravitec.net/
Frame ID: E509E596A70278060F8B1B8B4B460FE8
Requests: 1 HTTP requests in this frame

Frame: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 49BF9C8FB095C2F55BBEC5DE8F880A0A
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 156D61D74FD40478B01384A40A315FB6
Requests: 1 HTTP requests in this frame

Frame: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F332BA6C7230B5782D6BFAE6CB244410
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJ3VmscBMAE&v=APEucNXWU7IeQSZWzLbmrEtrKRxWCbzarnuoyLoENCa3ZOdDNpfH-6nGNK0tH0M3ohemrqA0xxM7oO2z3V9ZtlhX2S6VWTklnd1wtG_gWNDGWHrXSX031wVVPpaq3qVo01WOa8dBfTn-kSJ6LhN-aq3jBaLr1izEkC_Om1t39cjLdntnekA3JYc
Frame ID: C6ADCA2FE17A0CF07BA1F3DE4C2B5FFD
Requests: 5 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 9B1EBA536D1F62589625CC3314D7E332
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 795ECA3277F43CDDA44A3592BE0E8132
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
Frame ID: 030B9313ED3981D04D874F563217478C
Requests: 18 HTTP requests in this frame

Frame: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 75BFC873FFE3B0F1074F0ABFFFAAB5A5
Requests: 28 HTTP requests in this frame

Frame: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 02A5928EBB1C118B24249BABD457EC3C
Requests: 21 HTTP requests in this frame

Frame: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 14C2FD748A78BBD498697BB7928A3EFB
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN3Y4tMCEIis7NsCGNmu6s0BMAE&v=APEucNXwL5p_AClWvBTiGqViluKQhOybvAUx75gGoqVytcHqU5Ig3lLZEZeT2nawuT3E3hjxFJXwj31oyC7SaPVMGF7VUfi7SeYgFWLXFWcE3pUbHOxHgqYIF1lVKBXmwJHz1vUdt29kheiTDY2KRBv7BPEsyU5-Zv6DCK-D1FNncXkmai-8cpM
Frame ID: 286276B3DA7A47BFFFBEBA52E98E4802
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz43OxQEwAQ&v=APEucNVgAZvGB2OdqdzOahbT-vqtXQ4bycBy9_dLhtKhIhOXaI9FpJoBUCvJhlMWJtAizPOeFPcn6v6VTndRFDfKhmK4Mk0ec51q64K3H58WikOSUNvxU5ezZb5KtarMAuuEc_HBrBeC1Bhk4CGpKXCTGYa3ixPfJp5_nKRGcfPq7HnZ3Wn7Bv0
Frame ID: 842F515FD3238DE8AAA482B829748971
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz43OxQEwAQ&v=APEucNUQv-WcyAsof9frfaxhuXQ-H_rUcGKm1kwLDJWnk7hMuZvQpYrvCnArOxvGnQ8mrH8k0a4_CD8DOGu31b2K0RyEfZOnzgfIc0b0Zk11h3wdoV95q4GGVx9mHherMfOJRs9sxtYjhNM3vFmOyv1QiU1NI695cPe4hfIXqAIlr2HtiBGoiAM
Frame ID: 628F3E601752F14ACA2DB806E876A4B8
Requests: 5 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: A53AF26E7A6DAED9068CC0D660E7B27E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AA77BF795794965B373D48B85684C27F
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EEDAAD6D017A1FDB0BB69566BFC08363
Requests: 9 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 8733066738A76FF61E4D394E41B6C221
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1B4DB123618A2B6CC250BAEDB5DDF9CF
Requests: 9 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 5F862B87F42B0FB2FA611E40F565A029
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8E9D2A1FE598122803C05D1CB6BDC22C
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
Frame ID: 33FD72F89C05A1CA5F92CBC58B424AAB
Requests: 8 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
Frame ID: 781CBE6C647B34A6AB94417BF92CF7B0
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 03271A74806241C9DD55AB113DE0D597
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3BB80BBE6399EA071F673FD40F6AA1DB
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E3FF17CBCF826A2EC6DA320F573B8B38
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 635A8017366A262D41728947012E1A81
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Всім - Новини Хмельницького

Page URL History Show full URLs

http://vsim.ua/ HTTP 301
https://vsim.ua/ Page URL

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

accounts\.google\.com/gsi/client

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Sizmek (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

serving-sys\.com/

Page Statistics

303
Requests

85 %
HTTPS

48 %
IPv6

36
Domains

61
Subdomains

52
IPs

9
Countries

3584 kB
Transfer

10049 kB
Size

45
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://vn.20minut.ua/
Title: Вінниця

Search URL Search Domain Scan URL

URL: https://zt.20minut.ua/
Title: Житомир

Search URL Search Domain Scan URL

URL: https://te.20minut.ua/
Title: Тернопіль

Search URL Search Domain Scan URL

URL: https://kazatin.com/
Title: Козятин

Search URL Search Domain Scan URL

URL: https://invite.viber.com/?g2=AQAlCG5A7vvn5UlcXTVOPYYe8%2BNbbSdYNqt%2FAkWqrcA8b94WcKGEqaRwpKqWVh9M

Search URL Search Domain Scan URL

URL: https://t.me/vsimnews

Search URL Search Domain Scan URL

URL: https://www.facebook.com/vsim.ua/

Search URL Search Domain Scan URL

URL: https://news.google.com/publications/CAAqBwgKMOzqjwswxLKjAw?hl=uk&gl=UA&ceid=UA%3Auk

Search URL Search Domain Scan URL

URL: https://www.instagram.com/vsim_ka/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/%D0%86%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B2%D0%B8%D0%B4%D0%B0%D0%BD%D0%BD%D1%8F%D0%92%D0%A1%D0%86%D0%9C

Search URL Search Domain Scan URL

URL: http://www.besthosting.ua/

Search URL Search Domain Scan URL

URL: https://ua.depositphotos.com/

Search URL Search Domain Scan URL

URL: https://www.eeas.europa.eu/delegations/ukraine_en

Search URL Search Domain Scan URL

URL: https://www.irf.ua/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://vsim.ua/ HTTP 301
https://vsim.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://unpkg.com/imask HTTP 302
https://unpkg.com/imask@6.4.2 HTTP 302
https://unpkg.com/imask@6.4.2/dist/imask.js

Request Chain 82

https://pbjs.e-planning.net/pbjs/1/2e43c/1/vsim.ua/ROS?rnd=0.8363762809100395&e=1200x250_0%3A1200x250%2C1200x400%2B1200x250_1%3A1200x250%2C1200x400%2B1200x250_2%3A1200x250%2C1200x400&ur=https%3A%2F%2Fvsim.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fvsim.ua%2F&e_pubcid=47988ff1-a3c5-44eb-bf03-ed210e0130ce HTTP 302
https://pbjs.e-planning.net/hb/1/2e43c/1/vsim.ua/ROS?ct=1&r=pbjs&rnd=0.8363762809100395&e=1200x250_0%3A1200x250%2C1200x400%2B1200x250_1%3A1200x250%2C1200x400%2B1200x250_2%3A1200x250%2C1200x400&ur=https%3A%2F%2Fvsim.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fvsim.ua%2F&e_pubcid=47988ff1-a3c5-44eb-bf03-ed210e0130ce

Request Chain 95

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKwuSlpLc8etYGGB8hFJNSU&google_cver=1

Request Chain 96

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

Request Chain 97

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1

Request Chain 98

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1

Request Chain 106

https://fw.adsafeprotected.com/rfw/www.googletagservices.com/1005482/61968045/dcm/dcmads.js?adsafe_url=https%3A%2F%2Fvsim.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:fa62f8d9-0a59-a562-b0b5-034369a1d333,c:h0x8ZY,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-86c8d9dc9d-b4r56,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:6,fm:tae9LLI+11%7C12%7C13%7C14*.1005482-61968045%7C141,idMap:14*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:25,oid:ccb90323-f84d-11ec-975b-d6980d802130,v:19.8.319,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://www.googletagservices.com/dcm/dcmads.js

Request Chain 154

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

Request Chain 155

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

Request Chain 156

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1

Request Chain 157

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1

Request Chain 159

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

Request Chain 160

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

Request Chain 161

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1

Request Chain 162

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1

Request Chain 163

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

Request Chain 164

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

Request Chain 165

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1

Request Chain 166

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1

Request Chain 178

https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/733337/64001342/Serving/adServer.bs?ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCM_-3TV29YsPXF6ys9u8PtpyU4AvPlc_SavmbnJqTEPAuEAEgtb3JIWCVAsgBCagDAaoE3AFP0NF4TcuNRi5W91zCV6knhDI7doMlO5Aiv4OTf2-7zF8Jk7cSo2-dEptVH7j32UWdjYzJRunJkERuQI2GZne9nlb4VzoDtHWyZZJ5Zn1lSJU2M6Zac9NerdyiQLbKzxuq1H6KqtsX7GjHw_-Kv7vka88GDk6ET16xCrml5PC-NwLHge3W5twqaOwmkm6BykcJ6AYzgsy68oLPfndmJcSd72i7mV3lAh3jn6LVY6VtiKDLexzgHEtGHPX_gNgzJsTjlmOt33rfHh2yNw23Ew9_4Eol3QO7mBeKrp9fwATzjM_f_wPgBAOQBgGgBk2AB7zu-toCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoBmAsByAsBgAwBsBPJ5dMP0BMA2BMK2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORonPtbbb7L84ex10P36sQjklK5AIua_-ZRp5ZfeT34-YAJfQ%26sig%3DAOD64_0rz3Mgwr3_AdCOM13fei-EWXHwwg%26client%3Dca-pub-9161109566094614%26dbm_c%3DAKAmf-BlqSFonfyTyInjdoNnObcN76HeJgBbJ04pXeeXKNfgHnyt3wp_ccek-yqA5Vf_LrfTO228mroFSoex2nNRqv1CZgar8-o9rrIXEV0iof933amefU6zOeDojFdW_Zu__fVMFz4wQPhwATe70EQ9RffgbPZS8A%26cry%3D1%26dbm_d%3DAKAmf-DiSjZB_LRKSrOOq3AK4KGpK4YyUmAkEmKrYuOnQEs6LUyB9oV6f5XteJU0drBnziuYKnUoGgpc0GZ0skC-JzoCOFlZBL-I6cMGRzTy0axgSA1xsM5P2nC4eFyS9M-HhgVipjaPcNETrQV8XW8aCQwRSZ27s6ePh02NEX1pwTlseixbZtvS5UCGDWg9iHdZSm5x-URMUiegOBrJqug30jI7kaKFkTzNfwpO2W6zKMF47tgRNF5sDaqOvY7Bf2n3gWEWaEFo2n09U_O85shYyKJ75FQqnZP03p2vaWDSNMDHBgisrXfegT_GWMZycr7vcgI5L84D3Fxlw2JUvSlTsE5RUZXITQHmvvVcG82xUgG7jvHmQFIsUNRN3b1fCfeIb453crtu_lk0DMosC2cFNtCZvPGfZcIbLLzlYgEEsALPcZ0Hhr1SshzW6549Vsf55clfajOw%26adurl%3D$$&c=28&cn=display&pli=1078114055&gdpr=&gdpr_consent=&w=970&h=250&ord=[timestamp]&ifrm=-1&pcp=$$ABAjH0gYEy-wnS-P4qaOg1bWcRS2$$&z=10000&ias_dspID=3&ias_campId=1007662875&ias_pubId=pub-9161109566094614&ias_chanId=1&ias_placementId=17497334822&bidurl=https://vsim.ua/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0gYEy-wnS-P4qaOg1bWcRS2&adsafe_url=https%3A%2F%2Fvsim.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:2eeaa10f-5e52-5c68-bd2f-44f6c4109cbb,c:h0x9f3,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-86c8d9dc9d-k54m7,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.1192.250,am:i,cc:NaN.NaN.1192.250,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:3,fm:tae9M0U+11%7C12%7C13%7C141%7C142%7C143%7C144%7C15*.733337-64001342%7C151%7C161%7C171,idMap:15*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:18,oid:cd495cc8-f84d-11ec-86c6-6a2e036ba311,v:19.8.319,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bs.serving-sys.com/Serving/adServer.bs?ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCM_-3TV29YsPXF6ys9u8PtpyU4AvPlc_SavmbnJqTEPAuEAEgtb3JIWCVAsgBCagDAaoE3AFP0NF4TcuNRi5W91zCV6knhDI7doMlO5Aiv4OTf2-7zF8Jk7cSo2-dEptVH7j32UWdjYzJRunJkERuQI2GZne9nlb4VzoDtHWyZZJ5Zn1lSJU2M6Zac9NerdyiQLbKzxuq1H6KqtsX7GjHw_-Kv7vka88GDk6ET16xCrml5PC-NwLHge3W5twqaOwmkm6BykcJ6AYzgsy68oLPfndmJcSd72i7mV3lAh3jn6LVY6VtiKDLexzgHEtGHPX_gNgzJsTjlmOt33rfHh2yNw23Ew9_4Eol3QO7mBeKrp9fwATzjM_f_wPgBAOQBgGgBk2AB7zu-toCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoBmAsByAsBgAwBsBPJ5dMP0BMA2BMK2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORonPtbbb7L84ex10P36sQjklK5AIua_-ZRp5ZfeT34-YAJfQ%26sig%3DAOD64_0rz3Mgwr3_AdCOM13fei-EWXHwwg%26client%3Dca-pub-9161109566094614%26dbm_c%3DAKAmf-BlqSFonfyTyInjdoNnObcN76HeJgBbJ04pXeeXKNfgHnyt3wp_ccek-yqA5Vf_LrfTO228mroFSoex2nNRqv1CZgar8-o9rrIXEV0iof933amefU6zOeDojFdW_Zu__fVMFz4wQPhwATe70EQ9RffgbPZS8A%26cry%3D1%26dbm_d%3DAKAmf-DiSjZB_LRKSrOOq3AK4KGpK4YyUmAkEmKrYuOnQEs6LUyB9oV6f5XteJU0drBnziuYKnUoGgpc0GZ0skC-JzoCOFlZBL-I6cMGRzTy0axgSA1xsM5P2nC4eFyS9M-HhgVipjaPcNETrQV8XW8aCQwRSZ27s6ePh02NEX1pwTlseixbZtvS5UCGDWg9iHdZSm5x-URMUiegOBrJqug30jI7kaKFkTzNfwpO2W6zKMF47tgRNF5sDaqOvY7Bf2n3gWEWaEFo2n09U_O85shYyKJ75FQqnZP03p2vaWDSNMDHBgisrXfegT_GWMZycr7vcgI5L84D3Fxlw2JUvSlTsE5RUZXITQHmvvVcG82xUgG7jvHmQFIsUNRN3b1fCfeIb453crtu_lk0DMosC2cFNtCZvPGfZcIbLLzlYgEEsALPcZ0Hhr1SshzW6549Vsf55clfajOw%26adurl%3D$$&c=28&cn=display&pli=1078114055&gdpr=&gdpr_consent=&w=970&h=250&ord=[timestamp]&ifrm=-1&pcp=$$ABAjH0gYEy-wnS-P4qaOg1bWcRS2$$&z=10000

Request Chain 187

https://fw.adsafeprotected.com/rfw/st/990511/61634097/4.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=&adContainerId=brand_safety_Tl29Yv-NE5LO7_UP996YqAI&cbFunctionName=goog_wrapCb_Tl29Yv-NE5LO7_UP996YqAI&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_970x250.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fvsim.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:e41cc051-22de-4b25-6939-68b1ba4b8062,c:h0x9gx,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-86c8d9dc9d-4vqlc,rg:ie,pt:1-2-3-4-5-6-7-8-9-10-11-12-13-14-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,br:c,abv:na,an:n,oam:0,scm:grpm1,nbld:0,mtim:3,fm:tae9M2h+11%7C12%7C13%7C141%7C142%7C143%7C144%7C151%7C152%7C153%7C161%7C17*.990511-61634097%7C171%7C172,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:25,oid:cd7527b3-f84d-11ec-bd13-228efff636d3,v:19.8.319,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js

Request Chain 195

https://fw.adsafeprotected.com/rfw/st/990511/61634097/4.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=&adContainerId=brand_safety_Tl29Yp2fE4jJ7_UP-524iAU&cbFunctionName=goog_wrapCb_Tl29Yp2fE4jJ7_UP-524iAU&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_970x250.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fvsim.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:65ec09dd-0c01-7e87-d883-6031e1372e12,c:h0x9i9,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-86c8d9dc9d-v4vmj,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,br:c,abv:na,an:n,oam:0,scm:grpm1,nbld:0,mtim:3,fm:tae9M3Y+11%7C12%7C13%7C141%7C142%7C143%7C144%7C151%7C152%7C153%7C16*.990511-61634097%7C161%7C162%7C171%7C172%7C173,idMap:16*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:19,oid:cd76ae14-f84d-11ec-8b0b-5aad1d0216a0,v:19.8.319,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js

Request Chain 209

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESED1TvCZLKVFKN4ub7dWGaYk&google_cver=1&google_push=ARnp8GDS31rGTHV78rgATo6-w0cHaphaY6D4R9LOZjaxnjz3NfZfM4U6WhdDS_VPuDREv6_tO0gyPvgiyfYRDwrwP9m5rMOj5ro HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESED1TvCZLKVFKN4ub7dWGaYk&google_cver=1&google_push=ARnp8GDS31rGTHV78rgATo6-w0cHaphaY6D4R9LOZjaxnjz3NfZfM4U6WhdDS_VPuDREv6_tO0gyPvgiyfYRDwrwP9m5rMOj5ro&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=MwGSXkblSOmJOcReqx6u0Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDS31rGTHV78rgATo6-w0cHaphaY6D4R9LOZjaxnjz3NfZfM4U6WhdDS_VPuDREv6_tO0gyPvgiyfYRDwrwP9m5rMOj5ro

Request Chain 210

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEZxWhLlUkpUptzK4y7SF8U&google_cver=1&google_push=ARnp8GAgZk6qNd-CXHcK5bh2MMCl9bJUwcbwTCpgAVcrnKrpwAK9KHlIHcjlybVAI8DIE3uvH7PMl3vsgQPmJk8HrKzdvaHuYw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUwUkRZVEItRS0xMkJV&google_push=ARnp8GAgZk6qNd-CXHcK5bh2MMCl9bJUwcbwTCpgAVcrnKrpwAK9KHlIHcjlybVAI8DIE3uvH7PMl3vsgQPmJk8HrKzdvaHuYw

Request Chain 211

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_cver=1&google_push=ARnp8GBs5rNLGLLqy7IE2ycg8tbvLviZ0GOGtVsGGAplDsoekJNT1x9UXQpzrfgqLSmlLW6MtSzQvCAwWkPyiwu9o1v8khZ8rUE HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAAAU0AAAIB&google_nid=index&google_push=ARnp8GBs5rNLGLLqy7IE2ycg8tbvLviZ0GOGtVsGGAplDsoekJNT1x9UXQpzrfgqLSmlLW6MtSzQvCAwWkPyiwu9o1v8khZ8rUE

Request Chain 218

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GCSEOU-JklibDz9wPau_wONsw5STlk7xV3rk3WZYeTlPElx-OwejeyHd4jx0zYV2aidBgtQYNstOeDl5uM37Gowjr4YhTOmUQ&google_gid=CAESEOjgQCZp3xxxMt11cGCLamg&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GCSEOU-JklibDz9wPau_wONsw5STlk7xV3rk3WZYeTlPElx-OwejeyHd4jx0zYV2aidBgtQYNstOeDl5uM37Gowjr4YhTOmUQ&google_gid=CAESEOjgQCZp3xxxMt11cGCLamg&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MzAwODIyMzkwMDAxNDM5MzY1OTg5MQ%3D%3D&google_push=ARnp8GCSEOU-JklibDz9wPau_wONsw5STlk7xV3rk3WZYeTlPElx-OwejeyHd4jx0zYV2aidBgtQYNstOeDl5uM37Gowjr4YhTOmUQ

Request Chain 220

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESED1TvCZLKVFKN4ub7dWGaYk&google_cver=1&google_push=ARnp8GDuqL-i5FnvzVJL4Jxyj3hZblwoGFe4ONafRARjjpQF5hzjlSny7nyIsByHS3Ew7XzS-sLGMj85niJfUfLy50qwA5HXfL7wHQ HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESED1TvCZLKVFKN4ub7dWGaYk&google_cver=1&google_push=ARnp8GDuqL-i5FnvzVJL4Jxyj3hZblwoGFe4ONafRARjjpQF5hzjlSny7nyIsByHS3Ew7XzS-sLGMj85niJfUfLy50qwA5HXfL7wHQ&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=xPe18xiySymDOzOzIyQr2Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDuqL-i5FnvzVJL4Jxyj3hZblwoGFe4ONafRARjjpQF5hzjlSny7nyIsByHS3Ew7XzS-sLGMj85niJfUfLy50qwA5HXfL7wHQ

Request Chain 221

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEZxWhLlUkpUptzK4y7SF8U&google_cver=1&google_push=ARnp8GBMb9Aq0bymUo5T3d9hF2PlqHgfAMpsI4cxccwmHn0L6zo08dml6Lx1aHC70lv_MvJsYMOFtPSNBk6k3Mew6jJmoQ7Yp54P-Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUwUkRZVEMtVC02MzdG&google_push=ARnp8GBMb9Aq0bymUo5T3d9hF2PlqHgfAMpsI4cxccwmHn0L6zo08dml6Lx1aHC70lv_MvJsYMOFtPSNBk6k3Mew6jJmoQ7Yp54P-Q

Request Chain 222

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_cver=1&google_push=ARnp8GCqRhTk3Nk_3bPHsh5rh3EE1sUEzjsKr1Sn8pi7w7nnJrdjF0jQLkfcH1GMsWI-uPpfc6AMxWZtHyuMZ9JY6qHfx8jXDc_oRA HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAAAU0AAAIB&google_nid=index&google_push=ARnp8GCqRhTk3Nk_3bPHsh5rh3EE1sUEzjsKr1Sn8pi7w7nnJrdjF0jQLkfcH1GMsWI-uPpfc6AMxWZtHyuMZ9JY6qHfx8jXDc_oRA

Request Chain 252

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESED11mdEJzW3h-ZTFEfA8gPw&google_cver=1&google_push=ARnp8GAXMdG-mGAvQ2JDK0-z4UndO4oMjIBjwxokE2rEuNzSVqBfrbIzmklQLGsHbdCjcl8UNRj7QRFYPxq2xbTHFJ1lfnFcqg5j HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ARnp8GAXMdG-mGAvQ2JDK0-z4UndO4oMjIBjwxokE2rEuNzSVqBfrbIzmklQLGsHbdCjcl8UNRj7QRFYPxq2xbTHFJ1lfnFcqg5j&google_hm=fIp17tdbzcEQkpSjMpxgUg

Request Chain 253

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DARnp8GDD75cAhGGenKVLs6f8yEKclGVfUvGt_FK_ffhshR1907DBrXF7JVAengdGnuBXvU_R2RJW6upW6I_FyWI5L_16tkVlFBJ5lA&google_gid=CAESEF76RaQKVOuRVU73UvRcIrw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXIxZFR3QUFCTkViQUU0bw&google_push=ARnp8GDD75cAhGGenKVLs6f8yEKclGVfUvGt_FK_ffhshR1907DBrXF7JVAengdGnuBXvU_R2RJW6upW6I_FyWI5L_16tkVlFBJ5lA

Request Chain 254

https://d.agkn.com/pixel/2175/?google_gid=CAESEKQabAP-dFYvJMoUQBXDHFo&google_cver=1&google_push=ARnp8GDBmmYiTn0iYC-yJr-THPjgSTZmShQIS1jnMYt1pUr5Uo9k3th3xqWJJBHiPxV6FR1Ey-vUMkA32n-8_GgNH0YEmUkFv13lBg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ARnp8GDBmmYiTn0iYC-yJr-THPjgSTZmShQIS1jnMYt1pUr5Uo9k3th3xqWJJBHiPxV6FR1Ey-vUMkA32n-8_GgNH0YEmUkFv13lBg&google_hm=Q0FFU0VLUWFiQVAtZEZZdkpNb1VRQlhESEZv

Request Chain 256

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESED1TvCZLKVFKN4ub7dWGaYk&google_cver=1&google_push=ARnp8GDOOvltaWwqgCaOrV8OEIvFCWUrcW5h9IvaKy3GKGm2otBstpYUZR9A8EHlPpCJnDt-EQCVbryg8U1o2P4tbYd7BV4sR5Ti HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESED1TvCZLKVFKN4ub7dWGaYk&google_cver=1&google_push=ARnp8GDOOvltaWwqgCaOrV8OEIvFCWUrcW5h9IvaKy3GKGm2otBstpYUZR9A8EHlPpCJnDt-EQCVbryg8U1o2P4tbYd7BV4sR5Ti&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=l5rpzArKQOGi8lqQ28JyAA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDOOvltaWwqgCaOrV8OEIvFCWUrcW5h9IvaKy3GKGm2otBstpYUZR9A8EHlPpCJnDt-EQCVbryg8U1o2P4tbYd7BV4sR5Ti

Request Chain 257

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEZxWhLlUkpUptzK4y7SF8U&google_cver=1&google_push=ARnp8GD9WkooZ4HdL4mSKTBtuwXXfbq3mPfbuqGIOmT5UTChQ6ua10UAqAbmp90pQdsicHrJ64Je1-S6kWsECOWMy7jlsTMmhlbLFw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUwUkRZWTQtMUYtOElCVQ==&google_push=ARnp8GD9WkooZ4HdL4mSKTBtuwXXfbq3mPfbuqGIOmT5UTChQ6ua10UAqAbmp90pQdsicHrJ64Je1-S6kWsECOWMy7jlsTMmhlbLFw

Request Chain 258

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_cver=1&google_push=ARnp8GD7WxndULabJzdQr_6WLzrNIsYXwAT2efSl3ITcALKC0p5Du8ZVNww2gXWEfccGrc5nMqUG5TKUOrKLmIfdXWyTAhTsp0vzkQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAAAU0AAAIB&google_nid=index&google_push=ARnp8GD7WxndULabJzdQr_6WLzrNIsYXwAT2efSl3ITcALKC0p5Du8ZVNww2gXWEfccGrc5nMqUG5TKUOrKLmIfdXWyTAhTsp0vzkQ

Request Chain 282

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fvsim.ua%2F&domain=vsim.ua&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=eO6j-XxIQzlRZmlDU00wVnd3ZkYrNDFxMUM4VHNsdzhXbC8xMTd5WjhSaGowblVDZEdybExldWNXRlBDdEM0czhLMGJZWFk0Vk0zcWNCemRZZ09HMzROQy96aTFmQjd5clAwQjB5K1E3SmFWdHFlUWVoUFQ5WlNSUi9iS3QwbEhRdGdaQVJpU1hlMHpGTHhHWENXM3IvWWpOV1plSUYxMmVNTXQ2YTF6dEIwRytUbmJCY3JOOVFjdzVLTFRJYzY2M0pnMEVWcDhtaXZpdy84d0c1d0ZCekhUbzRIZzlhc211OFBJQ0NEUVcrU3lPVVhFPXw&cppv=2

303 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
vsim.ua/
Redirect Chain

http://vsim.ua/
https://vsim.ua/

176 KB
36 KB

1008ms
916ms

Document
text/html

2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52d0b82fec18a281a1ad672b59bb497db964b708f4df9be0e0d5903d1b8e1a52

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, s-maxage=30
cf-cache-status: DYNAMIC
cf-ray: 72357eaf98077447-LHR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 30 Jun 2022 08:22:35 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AHhEcYIco1QVbG26gedR2FKUhhinxiGOw4uqwkarS8Vy%2FlfNGNNAQFgR%2FANhLlflOl3ugf1l7sMoNFnxEsR%2Fq6OOJNYLkSjbUgcNjA3P8%2FbBsXWzJj8OquDX6aYsA%2Bu8Pc2bpzP5"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-cache: BYPASS
x-dev: Desktop
x-stat: 1

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 72357eae19597743-LHR
Connection: keep-alive
Content-Type: text/html
Date: Thu, 30 Jun 2022 08:22:34 GMT
Location: https://vsim.ua/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E10R9Rj47FSMApoaIsUSG2M%2BNNFiVd0u2ZZwnPKVhasU55cXWBRekLb4HdE753bouEz4LU9LBQPKkS4b2WSYEPWxTKP9DXwPJf0f84lYDw81GpbgNmjX%2BdIQVf8fntPI8gfEiM8D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 3831ad9.css
vsim.ua/css/ 629 KB
98 KB 69ms
66ms Stylesheet
text/css 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/css/3831ad9.css?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c09765834b837729cdca7d9fb46cf11c6d86920927f8102cdc485c2c1aaf415

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 165239
cf-polished: origSize=646145
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 28 Jun 2022 10:15:37 GMT
server: cloudflare
etag: W/"62bad4c9-9dc01"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ib7P4IOk%2FCMiVuI5FCbUsBPzV1DxB%2BSxzGgdESPoA52hPIW6udmh7tDNQ2BYyiSO90wIS48F0TYmzGOgkFgW2uVIIVF6zzwTOgQCAwe%2BFmTqVGT9PTZERSKrRwJOQD7ZoTGni4hU"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 72357eb589567447-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Logo_new_vsim_v8.png
vsim.ua/img/ 5 KB
5 KB 56ms
55ms Image
image/png 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/Logo_new_vsim_v8.png
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8b9e3e8e1276c694f2cb8c6957a36d9d8ec542a8fd8d2166ed58d6897aaaa30

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1798924
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4716
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: cloudflare
etag: "5e4d36b2-126c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oaAsQFFgb94%2Bty6T%2BGqXs7%2FC1LhRlNmXVdpK3P4P9lo6Cw%2BPEFM%2FzCwYt%2FQgnBbzEFKIdJpJvJNZpg0Bp6dwWG3sSM4kPCUWPq4GMYGD%2FIMSv6eyv1HtvO4KFelMS3p0Udew5iQA"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 72357eb5895b7447-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 news_today.svg
vsim.ua/html/20min-page/web/img/icon-title/ 1 KB
1012 B 98ms
95ms Image
image/svg+xml 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/icon-title/news_today.svg
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd6bfabd983e40a92cd350180c9a98cd9e3f282335f73b2c2537ba3d4c9332d8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: cloudflare
age: 1202
etag: W/"5e4d36b2-467"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lglN9ZnokRlAxUOvO3RbhLB5wRWmo9JxS8k0lcoRzYDWB1LErgnLpYGGAWdLOP2vBQYucoap28cmoz1OAtO15KPG%2BOpH1oZTLU7%2FgkGWXKSLkNXzkHUiNmgM%2FYYOT2R1Vc9Q6BSx"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72357eb5b9b97447-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 a9809c8769eb1f0b05d56a16f58ad1c75f7c9224.jpeg
vsim.ua/img/cache/reference/panel_link/0023/03/ 77 KB
78 KB 85ms
82ms Image
image/jpeg 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/reference/panel_link/0023/03/a9809c8769eb1f0b05d56a16f58ad1c75f7c9224.jpeg?hash=2021-04-22-14-46-46
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d055f06176b7d175b33b0c86d749cb1c28072cb4f9aecd978c0581e3efd54c9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4018
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 79231
last-modified: Mon, 26 Apr 2021 13:52:21 GMT
server: cloudflare
etag: "6086c595-1357f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LSQF3Pj3M8SHdEkAkytQTNurAenSzFyiOIy0xveXz%2FbZu21rJ%2BKHvjDvCdLlC%2FsY9lMaUSpY8gtuAA3QsWyEAzcOpn%2BXQTI8yruAS5on%2FXGMg1zahXCAYS%2FYVQ5oBbGk5Uefudg"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 72357eb5b9bb7447-LHR

GET
H2 200 8ffb14cb46cdb5fbc156e7ce18cb8c408f83e06e.jpeg
vsim.ua/img/cache/reference/panel_link/0026/31/ 4 KB
4 KB 84ms
81ms Image
image/jpeg 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/reference/panel_link/0026/31/8ffb14cb46cdb5fbc156e7ce18cb8c408f83e06e.jpeg?hash=2022-02-25-14-28-31
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eaf2c9137e521e1f030246115b742374c4594cc7facea8f516f19f44ffe05571

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6409
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3623
last-modified: Fri, 25 Feb 2022 12:28:56 GMT
server: cloudflare
etag: "6218cb88-e27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VZqhPU6G3S0FMax3PNTdFn0yOzD%2BiBT8I7q%2FHNkOA1d2XAnVB%2FGYz4Is0SYPT0th9RqB24Kd%2F%2FzmXmQFM9Q9egbfpmtRt1RbxLx2vqEuMog0su5VHNL89Jh1FfUfuGJVUmaOCjw5"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 72357eb5b9bd7447-LHR

GET
H2 200 bg_img.jpg
vsim.ua/html/20min-page/web/img/ 285 B
631 B 86ms
84ms Image
image/jpeg 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/bg_img.jpg
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 976781a6b69b836769e66569658da0331231de13c91eeb66948cb035b91f8971

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1798924
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 285
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: cloudflare
etag: "5e4d36b2-11d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QyD53%2FeQ94Oki%2FANBzPpUzKDdpOCRJ2JcYGLYrRjKRNMnZbcmtT99A9PvAApXCSTYGVu%2BdHuv%2BmwleAwAtTKTK4p3H%2FBpR%2BEQhACVxjI9KwT19jJSguvDCRrFYsef2CuVPEbiMD4"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 72357eb5b9c57447-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Often_comment.svg
vsim.ua/html/20min-page/web/img/icon-title/ 929 B
831 B 252ms
250ms Image
image/svg+xml 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/icon-title/Often_comment.svg
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e81753a8f9689cc6359d1219ef65e37e7827db414e82711378357de5377c18a7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: cloudflare
etag: W/"5e4d36b2-3a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vodGKcGWkSb40zshfRhVjRD%2FdEFtfE5pZyuNZ1vJxCyuslkF4kaW%2FbiOuoxX2OhkUCEul6QLZ8S0iJFov74s4ESQHIARdDW3jZOhIrxz6TJWINf9tFeNPcx3NTZ4qAjneVWDxgwa"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72357eb5b9c77447-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 bg_img.jpg
vsim.ua/html/20min-page/web/img/ 285 B
587 B 79ms
77ms Image
image/jpeg 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/bg_img.jpg?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 976781a6b69b836769e66569658da0331231de13c91eeb66948cb035b91f8971

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 165239
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 285
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: cloudflare
etag: "5e4d36b2-11d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2uoT4mo7Oj8%2B%2BolfByQnD9fpjOoYodgKxBHJ%2BezFolyTnI3m9Q0KWaY6oR2N%2FE1fr%2F9xsNqdNH8psW0IYoB2O%2BGpjPMLSMzIF29bDWdxkQktYKYlgAOuth6LrN5hARUzHWAj44t5"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 72357eb5b9ca7447-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Newslater.svg
vsim.ua/bundles/twentyminutuamain/img/icon-title/ 766 B
817 B 89ms
86ms Image
image/svg+xml 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/bundles/twentyminutuamain/img/icon-title/Newslater.svg?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f7395272e337bd77d47ff9ba8f42f01348f039527171842d0cd2f802e322721

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 29858
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: cloudflare
etag: W/"5e4d36b1-2fe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bHCSPFq2z35MAbky1ry4FqPJEPNrEk6fFZnGdapglfxTDSc3FVr5PZKXiUvPfwktCTwvxO92BytXu82qYnr4mdubzp4ei1E2eHjOIv5VJFUoYOfzEkueNQUvRB40Wv7ZGWhSf9E3"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=315360000
cf-ray: 72357eb5c9ce7447-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 04757c045656223f79bdfdb8cb09896f9b1eaf03.png
vsim.ua/img/cache/reference/rubric_partner/0021/76/ 8 KB
9 KB 259ms
257ms Image
image/png 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/reference/rubric_partner/0021/76/04757c045656223f79bdfdb8cb09896f9b1eaf03.png?hash=2021-01-22-11-59-23
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f0c2b0a2c352645b53399aff7d600aef3a1d49377280b4dbe6d6d8cc291a935

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: REVALIDATED
last-modified: Mon, 14 Feb 2022 16:26:41 GMT
server: cloudflare
etag: "620a82c1-200e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g34VZbgeop6Tip%2FRlMUdCllL85eecgStyPniBpXfPqS42wJXFPrCftbcVAXeZy3AnnqTAKqzVlHXcrcZpxuWSWMFtioIysVaRUvDcnAOSKKo9tFEhkrUGl%2B8BC1NmD0PMlABdFZo"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 72357eb5c9d67447-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8206

GET
H2 200 EU_hor.png
vsim.ua/html/20min-page/web/img/ 77 KB
77 KB 80ms
78ms Image
image/png 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/EU_hor.png
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0f3f63b8aa81276ab867ee8172db9e3f7a03df59f3c868670c35cd7c635c762

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1798924
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78494
last-modified: Wed, 27 Apr 2022 07:07:05 GMT
server: cloudflare
etag: "6268eb99-1329e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NL2UkRPo9lYfxZiuTuxYopY0EIcg4wTGE7ZqGJDASeGRKIkDfM5VsUF%2BROXXg9JxmXtefAwcvB2pb7iu1jJYt0ufBdtI19MbdGDrZZzyqxp5WS2Pzk%2FgpiHbzqot3JIT9R6hhG6P"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 72357eb5c9d87447-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Vidrod%C5%BEennia-Logos-Horizontal-16-01.png
vsim.ua/html/20min-page/web/img/ 13 KB
14 KB 82ms
80ms Image
image/png 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/Vidrod%C5%BEennia-Logos-Horizontal-16-01.png
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88b263a05e0fa2a8084852de8152c02ade2b1cb33a2d9bbb780a2d9561e48c63

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1798924
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13734
last-modified: Wed, 27 Apr 2022 07:07:05 GMT
server: cloudflare
etag: "6268eb99-35a6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8kGk43A0YDcAj6ccwxAcCSIKERItNeAyzlTHLi4jQo3%2FQRddnUX9ax560E654D1zqfAU4yrNoW7G6N4r9VxuPBCxOCBFlpGMSEkl%2F2oXKtxkwc9yNjRgARn0O2SWw%2F9hlYZ7pZ1G"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 72357eb5c9da7447-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Push_notifacation.svg
vsim.ua/html/20min-page/web/img/sub_image/ 2 KB
1 KB 90ms
88ms Image
image/svg+xml 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/sub_image/Push_notifacation.svg?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b50736d5ec0097525d6ff80d1b680bbbec44ada253b9f2c8171d76ec1350c28e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: cloudflare
age: 1201
etag: W/"5e4d36b2-75a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ondYgABC6OLDgxUD1U7me5wIwMQfturz%2BTv9PQvNh9YgxXrL%2BvTUzMWdVF7vxkrcbv94htx%2FM%2BJcZyvqgf7gTiyNKjL0m8oAI6F23ntuVtTKTLu93MNloiz%2B3VPy3N6v7nbIVn6D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72357eb5c9db7447-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Instagram.svg
vsim.ua/html/20min-page/web/img/sub_image/ 2 KB
1 KB 91ms
90ms Image
image/svg+xml 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/sub_image/Instagram.svg?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f42c410eba2c4dc22b4c39f686000a1a7093a01b84551a19ffc30b26c72a86a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: cloudflare
age: 1201
etag: W/"5e4d36b2-884"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BOHd9DBPPEVPo5wZG%2FUlqOCcjmWPgq8t1WH6RAnnjM2LtgMOd5ryunLE2fWUnenPKTRVaAilgU0RTT%2FIRt9Blc324IsZrj2aeGikyP9zhntzBnlm2VbJ%2BFeqgfLaRupVa6hxIsc%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72357eb5c9dc7447-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Email.svg
vsim.ua/html/20min-page/web/img/sub_image/ 3 KB
1 KB 93ms
91ms Image
image/svg+xml 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/sub_image/Email.svg?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eccd88565d076df2201301bafbec831407665672e90f547f4de6c0cf850be75a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: cloudflare
age: 1201
etag: W/"5e4d36b2-aa0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KbV7pqJI77bDw%2BSvymUWx%2BAJKwNcPiPETY38EDkcVlvzmQolYibHwREHRGKNHvIbodiNznWbN7LJmpL2Ek2xtG3XrkToVUC3KSYmQQA4d6YmiLwItixuOhzfXApvsBWKOue%2F7oLp"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72357eb5c9e07447-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Telegram.svg
vsim.ua/html/20min-page/web/img/sub_image/ 2 KB
1 KB 98ms
96ms Image
image/svg+xml 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/sub_image/Telegram.svg?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f303a0de1cfe53713218d7f8b6d58cb3a85e0946f81cf0e4b79d1ce76e3a97b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: cloudflare
age: 3928
etag: W/"5e4d36b2-7c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=htZR8c48qjporyysobgOXR4qedQPkKZMbkQgSW%2F0E8XPag9sNACQgkmi2%2BhHTOEskrVJgLzmuSiLi5AUN4u7fnuNtxw1gTi2FiA9bPYfI5uXHchIB9QHTnMQmB3T09prhSrU3uzj"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72357eb5c9e17447-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Viber.svg
vsim.ua/html/20min-page/web/img/sub_image/ 4 KB
2 KB 95ms
93ms Image
image/svg+xml 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/sub_image/Viber.svg?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91c51f424031f6d025726982227527bc60cdc06c4bbe948cda46c66c54c2a695

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: cloudflare
age: 2727
etag: W/"5e4d36b2-1132"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1qhW2kobgqNYsh9jqDNt2L0S293UoRh3ACd8Axe%2BkilG1%2FLFkIHSVS3LKqexyEsbgVgikMVS8MJdG1dlzdczmrpJtRe2DNyIaASmXL8iQ7N1sAD0%2FOIAKpHpKa%2F7OQsK8wLkEQpQ"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72357eb5c9e37447-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 GN.svg
vsim.ua/html/20min-page/web/img/sub_image/ 5 KB
3 KB 99ms
98ms Image
image/svg+xml 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/sub_image/GN.svg?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34b32035c62caeb6ba158476cdc55287421596f7db6cfc52ca84d7a7bede75aa

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: cloudflare
age: 1201
etag: W/"5e4d36b2-145a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yd84Ow5J4mb2l98LTV%2FSkp8M5fDPkKc8%2Fg%2FBMKgKe6IhPEPPvJN7Xc3YXtn%2B0foyZyx4VXdVC016vgOBAtlJJx8QxtsagBIN9cSVVT2fjKWCcpSH1ZKz%2FggnTOwVfXPg1pNTybbU"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72357eb5c9e57447-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 email-decode.min.js Show response
vsim.ua/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 79ms
76ms Script
application/javascript 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vsim.ua/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 14 Jun 2022 16:43:30 GMT
server: cloudflare
etag: W/"62a8bab2-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JXgE69eqX7Eqhet2Ogv%2Bzt8xlTrQgHOHnYnJHjU3Rdn6B4b0EhLBaLcIy8E3OIuMdoQCXwTVLgQ65e95H6EmT3YTRqmkth1iZe7v2uZVtAqjY%2FTSW46415oyyh2NkC%2B7XHMF3lUS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72357eb5b9b87447-LHR
vary: Accept-Encoding
expires: Sat, 02 Jul 2022 08:22:35 GMT

GET
H2 200 rocket-loader.min.js Show response
vsim.ua/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 86ms
85ms Script
application/javascript 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vsim.ua/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 14 Jun 2022 16:43:30 GMT
server: cloudflare
etag: W/"62a8bab2-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eD1BseEJ1utw6utqU937v5wd%2F8nJWVuEnaSZiHBDSU1lUhtwDlNq0rSVlHExeTXhHjVglgxGOHwwm48G3kZXSU1ud81Kek85bOi1uqeOENup87UzRUUTSAlH0KxuNa3ZRquVRXvw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72357eb5c9e87447-LHR
vary: Accept-Encoding
expires: Sat, 02 Jul 2022 08:22:35 GMT

GET
H2 200 iframe Show response
vsim.ua/site_login/ Frame E64B 5 KB
2 KB 267ms
266ms Document
text/html 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/site_login/iframe
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0da891591ee9710b569ff2317a4ddbd250af64cccf85eb8f040ddfc3fdf5833

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 72357eb5d9ed7447-LHR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 30 Jun 2022 08:22:35 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l8y4oaVvV%2FB%2Biq3A36cwr0xvL779R26RWKiTc9jM9Ff0CXJjP%2FQoDQwP4cSKEv9wDWfdekwjB0BL5B4fDhdHjLewu%2BtBQEMeK%2BcoPRLAe9AzrgZ%2B1brFEfqyPN3zHQ0BkcUJAgNt"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-cache: BYPASS
x-dev: Desktop
x-stat: 1

GET
H3 200 viber-f.svg
vsim.ua/bundles/twentyminutuamain/img/ 3 KB
2 KB 55ms
55ms Image
image/svg+xml 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/bundles/twentyminutuamain/img/viber-f.svg
Requested by: Host: vsim.ua
URL: https://vsim.ua/css/3831ad9.css?5ee17681
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e51999eebc0b9e4ac7b5387bf86f7c05970eb7b77df960003955d399e232c5c1

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/css/3831ad9.css?5ee17681
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 29858
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: cloudflare
etag: W/"5e4d36b1-bff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2BnyDcgUPTcsaH2n%2FJWNCJdcklpfN7BM7h52bNZMu8nB8XIOb%2BZez4opcd51fNHQX3L3WVzxoCF8RuCP6Da3DoGzrrWM83LmJSY55pcKq8Yv3MswsaHHXsg5%2FDh6pHhRdlBP8siX"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=315360000
cf-ray: 72357eb6aca38883-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 g_n_icon.svg
vsim.ua/bundles/twentyminutuamain/img/ 1 KB
1 KB 146ms
145ms Image
image/svg+xml 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/bundles/twentyminutuamain/img/g_n_icon.svg
Requested by: Host: vsim.ua
URL: https://vsim.ua/css/3831ad9.css?5ee17681
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e98501745c1500c02ede59eb329ac24f220509633741250b371199ecc9020ea8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/css/3831ad9.css?5ee17681
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 29858
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: cloudflare
etag: W/"5e4d36b1-478"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YsOicssBsDmjOvngNGghaOj9dZO%2FUNxMtBRD3dzyHTBTOxc7B4Li3d5laYka2lbgOkb97XD%2BwfotxKC6UxoGTxMV8iCGpkZGT1xwnjY0SDzca1eyCAnYU2EiSbX3XU1bOwnV3lvm"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=315360000
cf-ray: 72357eb6aca48883-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 telegram-f.png
vsim.ua/bundles/twentyminutuamain/img/ 548 B
1 KB 56ms
56ms Image
image/png 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/bundles/twentyminutuamain/img/telegram-f.png
Requested by: Host: vsim.ua
URL: https://vsim.ua/css/3831ad9.css?5ee17681
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa058ce5fd598607573ff9194857267322682a83b3547840b211bce2ef4bd5c0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/css/3831ad9.css?5ee17681
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 29858
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 548
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: cloudflare
etag: "5e4d36b1-224"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xZyImRQ9%2FYUPWUrnSZP%2BLgM6bhN3MnmHXayq22SE2m1hbtSeHaACWVjOSZVLbxFrLSvJMdi6MypJ9ISF3eQIUInaahNSnx3VDM8jDbMlmpnPlHYyINc%2FKO0sWCqxNcDUO5DiV5Li"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 72357eb6aca58883-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 fontawesome-webfont.woff2
vsim.ua/bundles/twentyminutuamain/fonts/ 70 KB
71 KB 54ms
54ms Font
font/woff2 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/bundles/twentyminutuamain/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by: Host: vsim.ua
URL: https://vsim.ua/css/3831ad9.css?5ee17681
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Request headers

Referer: https://vsim.ua/css/3831ad9.css?5ee17681
Origin: https://vsim.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1798785
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 71896
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: cloudflare
etag: "5e4d36b1-118d8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6JyivmPcrWxI4x4vFSKJQeURUk8YBhT%2BuGiCGx7LuSoARo3zA8AU4STAG90dRE7s7dJobsmESRTEYo0L6s0ACG1IBuPhJp1Yh9we7IbW%2FUimrkMNgGdnCrXoHhelGps7v4HdetsX"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 72357eb6acad8883-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 MaterialIcons-Regular.woff2
vsim.ua/bundles/twentyminutuamain/fonts/ 43 KB
44 KB 167ms
167ms Font
font/woff2 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/bundles/twentyminutuamain/fonts/MaterialIcons-Regular.woff2
Requested by: Host: vsim.ua
URL: https://vsim.ua/css/3831ad9.css?5ee17681
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726

Request headers

Referer: https://vsim.ua/css/3831ad9.css?5ee17681
Origin: https://vsim.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1798785
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44300
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: cloudflare
etag: "5e4d36b1-ad0c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mFAKNsQUomxqQa2q5OYw9DRkQoY43obzIQfKy3wYp75gIpvA%2BvEFWSeSrxLrJPWbxO%2B0Vw72J%2Bksl6RJ85U6X8RLNKdb6KSXweLICI7tQg4%2BgNtt3oqGArHpmkYbkdk71jbIfAmj"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 72357eb6bcb18883-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 504 aGeq.js
leokross.com/vAW/ 0
0 7408ms
6865ms Script
text/html 79.171.117.17

General

Check archive.org

Show headers Download Go to

Full URL: https://leokross.com/vAW/aGeq.js
Requested by: Host: vsim.ua
URL: https://vsim.ua/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 79.171.117.17 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 0728b5d.js Show response
vsim.ua/js/ 879 KB
246 KB 103ms
102ms Script
application/javascript 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/js/0728b5d.js?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 359793ee46fbdf7a9782612719c4a08dbc83704fa3f2326e5b4d9eebb6fd9ba0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 165757
cf-polished: origSize=900004
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 28 Jun 2022 10:15:31 GMT
server: cloudflare
etag: W/"62bad4c3-dbba4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jGtWhGb9e8R0vOSk05t6S9GMSm3Q1PxmNbD%2BFms48aGLx%2Bp7T2SkuJ6RCqGkcIGihwHUIMGGAPyeIfe%2BUkNQjtNYfld8m9ne6xCNG1RbcwSgsdE5WvAALjcyvSdxgOKVGBBJlbMT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 72357eb73dfd8883-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

imask.js Show response
unpkg.com/imask@6.4.2/dist/
Redirect Chain

https://unpkg.com/imask
https://unpkg.com/imask@6.4.2
https://unpkg.com/imask@6.4.2/dist/imask.js

166 KB
37 KB

63ms
63ms

Script
application/javascript

2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/imask@6.4.2/dist/imask.js

Protocol

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8fad7ea6d56c85bc473f0091aa9870e4a7db6609c037eac826ed00c68ea3fb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 12174704
fly-request-id: 01FVF0JCGKJZ47HXFJ547A8X32
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"297db-B/zbN+2crPCo1IRXSpVqEqQx/1k"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 72357eb8ccb87795-LHR

Redirect headers

date: Thu, 30 Jun 2022 08:22:35 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01FVF0JCXHBK3TSCKQVCWY231A
server: cloudflare
age: 12174704
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /imask@6.4.2/dist/imask.js
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 72357eb86bec7795-LHR
access-control-allow-origin: *

GET
H2 200 sdk.js Show response
connect.facebook.net/uk_UA/ 3 KB
2 KB 165ms
54ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/uk_UA/sdk.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

775cbfc10227443b6a5b93e5f8e555532f6a71852c62a0d3c4e11a4b1054212a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://vsim.ua/
Origin: https://vsim.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: ZnZ/HGzHTh7nUCuYG71nmQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: dgQzuDrZOe7VW10l4UyJNeGR8oZHdfznbLpky+XadOx9GAKJoRCj3y8acm8MAHf2e5xm6PLDGIXZKFSgm4Pssg==
x-fb-trip-id: 917726464
x-fb-content-md5: 3a57d1f85bbacb3135616b4459a92441
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 30 Jun 2022 08:22:35 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "1d6e40030260d800cf09038f9e4fe9b4"
timing-allow-origin: *
expires: Thu, 30 Jun 2022 08:29:07 GMT

GET
H2 200 client Show response
accounts.google.com/gsi/ 185 KB
74 KB 223ms
105ms Script
application/javascript 2a00:1450:4001:801::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Host: vsim.ua
URL: https://vsim.ua/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c1f39195106732008423844c281afd28e9cce777ce569465d593f03707829c5f

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-SauT0Gt8zL2eZwdULVTnwA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-SauT0Gt8zL2eZwdULVTnwA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Thu, 30 Jun 2022 08:22:35 GMT

GET
H3 200 ed8d0db.js Show response
vsim.ua/js/ 95 KB
35 KB 202ms
201ms Script
application/javascript 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/js/ed8d0db.js?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc9c2a692b2e51f7452889365de85134341d53f8d36539cdaef3a8277db2edd1

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 165757
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 28 Jun 2022 10:15:38 GMT
server: cloudflare
etag: W/"62bad4ca-17b3b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F4UMDAkt%2F1pNEbZvW%2BtNgCZExQDxSMct2Db2uaGUvmY8hFg3a%2FJmGxIu9pn%2FtV1E5lEq26Ycj41edOIMzw03rjFJRx0uDDYCeAVybqNzt273OraphOOZR2iZFZ%2FHdCsO9y%2BrF%2FgD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 72357eb73e068883-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 client.js Show response
cdn.gravitec.net/storage/d9345397765ace7e36f5036f718db82e/ 64 KB
18 KB 242ms
114ms Script
application/javascript 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/storage/d9345397765ace7e36f5036f718db82e/client.js
Requested by: Host: vsim.ua
URL: https://vsim.ua/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: ae45377af9d89238bdd28995edb79dc857c596ee256268874c5478e020807211

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: gzip
last-modified: Tue, 05 Apr 2022 09:11:37 GMT
server: nginx
etag: W/"624c07c9-100fb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Tue, 05 Apr 2022 09:14:07 GMT
cache-control: max-age=10
x-proxy-cache: REVALIDATED

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 97 KB
38 KB 181ms
64ms Script
application/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-NWSHLFG

Requested by

Host: vsim.ua
URL: https://vsim.ua/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f863515ed7acc35dfe991abf9e322b2ec65a6ada96009c8c1c59d5fd8d4783ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38271
x-xss-protection: 0
last-modified: Thu, 30 Jun 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Jun 2022 08:22:35 GMT

GET
H3 200 fc40332.css
vsim.ua/css/ Frame E64B 177 KB
31 KB 144ms
144ms Stylesheet
text/css 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/css/fc40332.css?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/site_login/iframe
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf3151eb02230f6f505658b2df91cb14159810f9e4a083ce21920b76297a7989

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/site_login/iframe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 165758
cf-polished: origSize=181636
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 28 Jun 2022 10:14:14 GMT
server: cloudflare
etag: W/"62bad476-2c584"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hlSaVA1LvCbv1xcaeIabvOEytgNn5wm44xtJ1DX7TBCb6EVKQUNeZ5qb12qxtg254bndOsZ%2B%2Bxc%2FAT0fvjSHdsC26pCijtMuayBkk8F7xjhfU%2FI52NhiTPYXLpVyYGX16hvtIuJm"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 72357eb7aef38883-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 rocket-loader.min.js Show response
vsim.ua/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ Frame E64B 12 KB
4 KB 147ms
147ms Script
application/javascript 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vsim.ua/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/site_login/iframe

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/site_login/iframe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 14 Jun 2022 16:43:30 GMT
server: cloudflare
etag: W/"62a8bab2-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S3VvBnmpfYvDlX%2B4JUUXFCDHuRxtI3xJkSzSjSHOuff5R8l00MHp%2F8xDb64EeNTVGHs%2Bj8ScQPrJudFMuQTOz1%2BF0p0YdZuQAf8w62qKV8T5XlA9zDYYSk1l8yYG8%2BK2IYu%2Bndj%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72357eb7aef58883-LHR
vary: Accept-Encoding
expires: Sat, 02 Jul 2022 08:22:35 GMT

GET
H3 200 dba7e9c.js Show response
vsim.ua/js/ Frame E64B 246 KB
73 KB 62ms
62ms Script
application/javascript 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/js/dba7e9c.js?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dbd991c12551f95524a9ca44db10706d942e698b9ef56d6111fe568c5cf193ef

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/site_login/iframe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 165571
cf-polished: origSize=251457
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 28 Jun 2022 10:14:20 GMT
server: cloudflare
etag: W/"62bad47c-3d641"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BRmMltEGw%2FeAvd%2B%2FIcviZsh3rMPTlbNJuBhoDqtlCqVbpB1AYRRWKpAueQH3TTgCKw4OOUMsZrdOsEXkhIFlPPbkXEHXC2VkXyKHtCu%2Ft1HhrYBAAHOZC7rpk74l9d0aPa6MK0tP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 72357eb8a9518883-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 hb_306660_6693.js Show response
player.adtelligent.com/prebidlink/460160/ 385 KB
118 KB 239ms
111ms Script
application/javascript 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/460160/hb_306660_6693.js
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: cbf391c4d3dd8f61e7a802609296c8ef3955ac3adb146cbe3252944c8ea94360

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: gzip
last-modified: Wed, 29 Jun 2022 13:50:00 GMT
server: nginx
etag: W/"62bc5888-6023a"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 02 Jul 2022 08:22:35 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
28 KB 223ms
94ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

8af594bfbdd1efc543b1dfdfd771d97631d6a30f8d3ac0ca4d19888cbf4d0354

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28092
x-xss-protection: 0
server: sffe
etag: "1259 / 85 of 1000 / last-modified: 1656540322"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 30 Jun 2022 08:22:35 GMT

GET
H2 200 wrapper_hb_306660_6693.js Show response
player.adtelligent.com/prebidlink/460160/ 786 B
744 B 325ms
198ms Script
application/javascript 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/460160/wrapper_hb_306660_6693.js
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: aef231caad9876f19aba7e2abc99353c2a2f45b4fee982fd2ca7edc59978a8f4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: gzip
last-modified: Thu, 30 Jun 2022 07:55:51 GMT
server: nginx
etag: W/"62bd5707-312"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 02 Jul 2022 08:22:35 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 169ms
53ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5187
date: Thu, 30 Jun 2022 06:56:08 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 30 Jun 2022 08:56:08 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 129 KB
46 KB 184ms
68ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TST74WS

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

962344e179f8dce97ce49f49a0d210431c4a9f5613b6c97298304f911db42acf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46709
x-xss-protection: 0
last-modified: Thu, 30 Jun 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Jun 2022 08:22:35 GMT

GET
H3 200 remplib.js Show response
vsim.ua/bundles/twentyminutuapaywall/js/ 93 KB
32 KB 64ms
63ms Script
application/javascript 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/bundles/twentyminutuapaywall/js/remplib.js?5ee17681
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30015300955352764840758227634ade8cc98299ccadc46cf9f3f6681385a756

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 165571
cf-polished: origSize=197222
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 10 Sep 2021 08:36:22 GMT
server: cloudflare
etag: W/"613b1906-30266"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ek0pIML8PkEMMO2h1dVVOtlBolGRP5sXKvWn63xEwaswVsTHPzQjLwMcIm2WicFOLpnPB5p3zE1ebx%2F26VCtzAEpgv6m8jkYGgD%2FJNiZSNGokwWPCMT2GXS1EzY4LsholdYmHatW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 72357eb8ea028883-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
25 KB 110ms
54ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f8bdb531d36caf4bb43071d1be58a2d1b153d3a403f4b8f4e6a919dd46213f47

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 25939
x-xss-protection: 0
pragma: public
x-fb-debug: nevqXLy159OeTRubXEDeBV2ANKdZNSzxmPjWqPoeejsqRNqU6MYXLkTdoDwGO6MBLbQNOXp+jSzK+E4VW5AOMg==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 30 Jun 2022 08:22:35 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 configs Show response
cdn.gravitec.net/sdk/web/ 5 KB
1 KB 185ms
70ms Fetch
application/json 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/sdk/web/configs?appKey=d9345397765ace7e36f5036f718db82e
Requested by: Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/d9345397765ace7e36f5036f718db82e/client.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: bb81a3f6452967a392101c3127a76d8b5f22cafd70f8baa1046cc753aa5a0824

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
x-correlation-id: ee3bfc6e89731195acc5b3520928e445
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
content-encoding: gzip
x-proxy-cache: MISS

GET
DATA 200
OK truncated
/ 185 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a62693b523955f6ddca2965c2e8be1a7bcb1d41e6e98f6834abf23f0090bed6

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 79ee8e336798d71b75211b6dc774e2d7017c3962.webp
vsim.ua/img/cache/news_rtp_large/news/0028/06/ 30 KB
30 KB 54ms
53ms Image
image/webp 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_large/news/0028/06/79ee8e336798d71b75211b6dc774e2d7017c3962.webp?hash=2022-06-29-16-26-23
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76bf43cf5597f7953241dfff75d915d0d6775d6a1ec8a0b5e5d65f464609bb61

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5165
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 30526
last-modified: Wed, 29 Jun 2022 17:54:16 GMT
server: cloudflare
etag: "62bc91c8-773e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rpyv9UU2%2Fw5%2BEutb5rTbXplqoezL4UI6KPUIiN33%2Fym0KrMuZc6IOrVS6PQHo%2F4ww3cFALO5o8ZcT%2BJz8o2edvm8%2FJJOQptJLICsBU%2BE62%2BM5B5t%2BY416iaH3qiAnvt7uJ5knHnb"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 72357eb9ab878883-LHR

GET
H3 200 5b181a6488cd124c85e409870038d42c79c021ff.webp
vsim.ua/img/cache/news_rtp_large/news/0028/06/ 40 KB
40 KB 55ms
54ms Image
image/webp 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_large/news/0028/06/5b181a6488cd124c85e409870038d42c79c021ff.webp?hash=2022-06-29-16-11-22
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 914ae1610f5786356faacfe310695912004ca4e60e378a0098739aa07926ab4a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6407
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 40818
last-modified: Wed, 29 Jun 2022 13:23:32 GMT
server: cloudflare
etag: "62bc5254-9f72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q%2Bc%2FYqU3%2BioIFlIcIKCbksILY2vPSszygtOQp%2F0p7S5gv%2BmEF0bsiZ3u0lc4JQQiciS9GgtVlx7UmcyT1rXEjRNrJzkPuYDbsAjPjJmUUsWMSj7blRBEz6tnw25qrlHkq04Cq1qd"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 72357eb9ab898883-LHR

GET
H3 200 2703809-kamyanchanin-skupiv-u-kramnitsi-prapori-rf-i-vikinuv-yih-na-smitnik.jpeg
vsim.ua/img/cache/news_rtp_large/news/0028/04/ 19 KB
20 KB 247ms
247ms Image
image/jpeg 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_large/news/0028/04/2703809-kamyanchanin-skupiv-u-kramnitsi-prapori-rf-i-vikinuv-yih-na-smitnik.jpeg?hash=2022-06-29-09-09-01
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e22384019dd6a399f90078abb812e214fb07e676d5978b327b36d2f31c6b8f9b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: REVALIDATED
last-modified: Wed, 29 Jun 2022 08:39:03 GMT
server: cloudflare
etag: "62bc0fa7-4c45"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SbGc27S%2F%2FtRTHPD62JlRdriXBcqJ0ARClZ3wgyKkl27yTPR4TJMvXFvRLJA9Pe1GD5cReQcIymhz14TlOVEuZq6xlMjfpobf7tm8u3GfszCTJSGvU8Lq0X42HtlG%2Be%2BIR8QPhwLY"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 72357eb9ab8c8883-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19525

GET
H3 200 2704573-hmelnichanin-dmitro-chavalah-otrimav-geroya-ukrayini-za-proriv-na-hersonschini.jpeg
vsim.ua/img/cache/news_rtp_large/news/0028/05/ 18 KB
19 KB 253ms
253ms Image
image/jpeg 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_large/news/0028/05/2704573-hmelnichanin-dmitro-chavalah-otrimav-geroya-ukrayini-za-proriv-na-hersonschini.jpeg?hash=2022-06-29-11-46-35
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9eb8562273908e7707ffd48842a4c945283c4fd660453c77ae6ea00d2a73da86

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
cf-cache-status: REVALIDATED
last-modified: Wed, 29 Jun 2022 08:46:41 GMT
server: cloudflare
etag: "62bc1171-4975"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6lMfl%2FYWjbHBVx6BcW3s%2BBVG6Dkec3DImYTYqXzA5BXIbVjl%2BabAv%2BK4rgHeuoq4UmY%2BeDVMv3XehgboQayRrIeIJU4v1zUxvh530ravtOZYB3y95364WtOPn5TsmiJ50fE2Zp7V"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 72357eb9ab8d8883-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18805

GET
H3 200 506134916849111 Show response
connect.facebook.net/signals/config/ 291 KB
84 KB 55ms
55ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/506134916849111?v=2.9.64&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6f5737160f8a1f843e9d9e9f3fa4cf1e1b1484902ad0607b450031c4f83bcaaf

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 85604
x-xss-protection: 0
pragma: public
x-fb-debug: nlFMjmZg0KtV2E2h1zgz7bxgwZ1gNHgmBC/jjrgfEgDfNihNUQ5UxZD1Qvynr3yUA3ORBKkX+yJ5bu5DD6S5Nw==
x-frame-options: DENY
date: Thu, 30 Jun 2022 08:22:35 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
526 B 191ms
62ms XHR
application/json 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://vsim.ua
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 0

GET
H2 200 / Show response
id.gravitec.net/ Frame E509 621 B
698 B 203ms
53ms Document
text/html 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://id.gravitec.net/
Requested by: Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/d9345397765ace7e36f5036f718db82e/client.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9d1cb86ec27e86dfdefab39206fb510070d00b81d91f11ddc6720e3c62629d32

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=315360000 public
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 30 Jun 2022 08:22:36 GMT
etag: W/"5e9485b6-26d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 13 Apr 2020 15:31:02 GMT
pragma: public
server: CDN77-Turbo
x-77-cache: HIT
x-77-nzt: AZySIRB9Qwz/434TAA
x-77-nzt-ray: xlRiudeSxcA
x-77-pop: frankfurtDE
x-accel-expires: @1970659689
x-age: 1277667
x-cache: HIT

GET
H2 200 track.min.js Show response
cdn.gravitec.media/ 4 KB
2 KB 184ms
56ms Script
application/javascript 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.media/track.min.js
Requested by: Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/d9345397765ace7e36f5036f718db82e/client.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 7d55d36ab7029a3ac11096692671cdfc36fa8446e8cf7584fc23de06074b0f85

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: gzip
last-modified: Wed, 27 Nov 2019 14:51:46 GMT
server: nginx/1.18.0
etag: W/"5dde8d82-11d5"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 28 Sep 2022 08:22:35 GMT
cache-control: max-age=7776000
x-proxy-cache: HIT

POST
H2 202 pageview Show response
tracker_beam.20minut.ua/track/ 0
135 B 90ms
89ms XHR
text/plain 31.41.216.82
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tracker_beam.20minut.ua/track/pageview
Requested by: Host: vsim.ua
URL: https://vsim.ua/bundles/twentyminutuapaywall/js/remplib.js?5ee17681
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.216.82 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://vsim.ua
date: Thu, 30 Jun 2022 08:22:36 GMT
access-control-allow-credentials: false
server: nginx/1.16.1
content-length: 0
access-control-max-age: 3600

OPTIONS
H2 200 pageview
tracker_beam.20minut.ua/track/ Frame 0
0 276ms
89ms Preflight 31.41.216.82
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tracker_beam.20minut.ua/track/pageview
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.216.82 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://vsim.ua
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-origin: https://vsim.ua
access-control-max-age: 3600
content-length: 0
date: Thu, 30 Jun 2022 08:22:36 GMT
server: nginx/1.16.1

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 193 KB
69 KB 182ms
74ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0CS1NTGGLB&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TST74WS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0319711b3eb9c9323047ec73a7ab50cc3b8627acc117aa60719d9d5253d54fe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:36 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 70470
x-xss-protection: 0
expires: Thu, 30 Jun 2022 08:22:36 GMT

GET
H3 200 pubads_impl_2022062701.js Show response
securepubads.g.doubleclick.net/gpt/ 373 KB
127 KB 162ms
53ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

01fb24629611503ba4ea42ea9d94c1b82449d62985a6087c5e22e9e38b9b0ff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:08:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 876
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130259
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:39:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 30 Jun 2023 08:08:00 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 104 B
115 B 171ms
62ms XHR
application/json 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=vsim.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

5ee58d63b466de0f67a216954ad930f8cfa99fcb23b97c3c27e9c714520d2fa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 08:22:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 90
x-xss-protection: 0
expires: Thu, 30 Jun 2022 08:22:36 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 162ms
54ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=506134916849111&ev=PageView&dl=https%3A%2F%2Fvsim.ua%2F&rl=&if=false&ts=1656577355942&sw=1600&sh=1200&v=2.9.64&r=stable&ec=0&o=30&fbp=fb.1.1656577355941.130752814&it=1656577355812&coo=false&exp=p0&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 30 Jun 2022 08:22:36 GMT

GET
H2 200 hbw_master_306660_6693.js Show response
player.adtelligent.com/prebidlink/460160/ 188 KB
32 KB 63ms
62ms Script
application/javascript 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/460160/hbw_master_306660_6693.js
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/wrapper_hb_306660_6693.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: b2b6a099f2b0cc9a29e31a8232a6e53b8ed27154ffad84a83bcdd121ac01b601

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:35 GMT
content-encoding: gzip
last-modified: Thu, 30 Jun 2022 07:55:51 GMT
server: nginx
etag: W/"62bd5707-2f00d"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 02 Jul 2022 08:22:35 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
455 B 192ms
61ms XHR
application/json 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Jun 2022 08:22:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://vsim.ua
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

GET
H2 201 track
api.gravitec.media/api/stats/ 0
0 173ms
53ms Fetch 35.214.184.209
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.gravitec.media/api/stats/track?app_key=d9345397765ace7e36f5036f718db82e&user_id=c3fae23c-f763-48b9-a0d6-cee4b3deea3f&utmb=d17c8819-1a9e-442e-9556-6f4fd68f0ad1&path=https%3A%2F%2Fvsim.ua%2F&referrer=

Requested by

Host: cdn.gravitec.media
URL: https://cdn.gravitec.media/track.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.214.184.209 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

209.184.214.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1 ; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:36 GMT
x-correlation-id: 3864496fad25f73c324ddbaf91d6f53a
x-content-type-options: nosniff
server: nginx
x-frame-options: DENY
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length: 0
x-xss-protection: 1 ; mode=block
referrer-policy: no-referrer
expires: 0

GET
H/1.1 200
OK / Show response
ghb.adtelligent.com/geo/ 133 B
396 B 510ms
57ms XHR
application/json 185.239.173.66
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/geo/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/hbw_master_306660_6693.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.239.173.66 , United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: eaf824b5fdf0375ecea296a774abb055e025b6818c0604db02ddc2b18a439408

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 30 Jun 2022 08:22:36 GMT
Server: Adtelligent
Content-Type: application/json
Access-Control-Allow-Origin: https://vsim.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 133

GET
H/1.1 200
OK tracking Show response
ghb.adtelligent.com/adunit/ 43 B
424 B 510ms
58ms XHR
image/gif 185.239.173.66
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/tracking?event=11&type=0&client_id=306660&site_id=6693&full_page_url=https%3A%2F%2Fvsim.ua%2F&adid=0rdwk3.na&features=16416&vpbv=N066&lifecycle_tte=2198
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/hbw_master_306660_6693.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.239.173.66 , United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 30 Jun 2022 08:22:36 GMT
Server: Adtelligent
Content-Type: image/gif
Access-Control-Allow-Origin: https://vsim.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 43

POST
H2 204 collect
region1.analytics.google.com/g/ 0
332 B 179ms
62ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-0CS1NTGGLB&gtm=2oe6r0&_p=2099569843&_z=ccd.v9B&_gaz=1&cid=2141105347.1656577356&ul=en-us&sr=1600x1200&_s=1&sid=1656577356&sct=1&seg=0&dl=https%3A%2F%2Fvsim.ua%2F&dt=%D0%92%D1%81%D1%96%D0%BC%20-%20%D0%9D%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%A5%D0%BC%D0%B5%D0%BB%D1%8C%D0%BD%D0%B8%D1%86%D1%8C%D0%BA%D0%BE%D0%B3%D0%BE&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0CS1NTGGLB&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
341 B 167ms
56ms Ping
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-0CS1NTGGLB&cid=2141105347.1656577356&gtm=2oe6r0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0CS1NTGGLB&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 193ms
79ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-0CS1NTGGLB&cid=2141105347.1656577356&gtm=2oe6r0&aip=1&z=485703484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 config.json Show response
player.adtelligent.com/exchange_rates/306633/ 2 KB
1 KB 174ms
58ms XHR
application/json 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/exchange_rates/306633/config.json?cb=https%3A%2F%2Fvsim.ua%2F
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/hb_306660_6693.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 4d6d0d015fbe03479ae37ff12b169c9ceebba72307aec79da7d6b8e19f8255e4

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Jun 2022 08:22:36 GMT
content-encoding: gzip
last-modified: Thu, 30 Jun 2022 00:02:32 GMT
server: nginx
etag: W/"62bce818-8f9"
content-type: application/json
access-control-allow-origin: https://vsim.ua
expires: Sat, 02 Jul 2022 08:22:36 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 176ms
65ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2099569843&t=pageview&_s=1&dl=https%3A%2F%2Fvsim.ua%2F&ul=en-us&de=UTF-8&dt=%D0%92%D1%81%D1%96%D0%BC%20-%20%D0%9D%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%A5%D0%BC%D0%B5%D0%BB%D1%8C%D0%BD%D0%B8%D1%86%D1%8C%D0%BA%D0%BE%D0%B3%D0%BE&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAQCAC~&jid=241895023&gjid=1936803581&cid=2141105347.1656577356&tid=UA-43975937-2&_gid=7655132.1656577356&_r=1&_slc=1&cd1=NotAuthorizedUser&z=257074588

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 184ms
63ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=vsim.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 08:22:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 182ms
62ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=vsim.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 08:22:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
10 KB 541ms
541ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2290266153323570&correlator=339835179961918&eid=31067917%2C31068159&output=ldjh&gdfp_req=1&vrg=2022062701&ptt=17&impl=fifs&iu_parts=45035109%2Cvsim_main_(300x250)&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x400&ifi=1&adks=978356717&sfv=1-0-38&ecs=20220630&fsapi=false&prev_scp=excl_cat%3DPREPOST&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1656577356284&lmt=1656577356&dlt=1656577355080&idt=1138&biw=1600&bih=1200&adxs=1092&adys=228&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fvsim.ua%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&fws=4&ohw=300&ga_vid=2141105347.1656577356&ga_sid=1656577356&ga_hid=2099569843&ga_fc=true&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

5c9bf9d938c8efe278de4e619b9b00c480fef06bcc4b69743037e88c8232b868

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:36 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10327
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 49BF 6 KB
4 KB 213ms
63ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 08:22:36 GMT
expires: Fri, 30 Jun 2023 08:22:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 170ms
56ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-43975937-2&cid=2141105347.1656577356&jid=241895023&gjid=1936803581&_gid=7655132.1656577356&_u=YADAAEAAAAQCAC~&z=1028415360

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 30 Jun 2022 08:22:36 GMT
content-type: text/plain
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 156D 0
18 B 113ms
54ms Document
text/plain 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://vsim.ua
Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://vsim.ua
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 08:22:36 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H/1.1 200
OK / Show response
ghb.adtelligent.com/v2/auction/ 2 KB
665 B 62ms
62ms XHR
application/json 185.239.173.66
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/v2/auction/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/hb_306660_6693.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.239.173.66 , United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 1b6bc1f7259d0a88f1bab81af28c29fe4a7fc7bd8e36dcaf78665d8706759c29

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 30 Jun 2022 08:22:36 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://vsim.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 363

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 379 B
1 KB 479ms
346ms XHR
application/json 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/hb_306660_6693.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

ab8411fdccc02261a660415d02521f02cf29fbe1bb84fcc6e8371103966970a6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 30 Jun 2022 08:22:37 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 944f107a-8615-4084-ba0a-ff491708d8b6
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://vsim.ua
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 379
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
169 B 167ms
56ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/hb_306660_6693.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://vsim.ua
date: Thu, 30 Jun 2022 08:22:36 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
54 B 692ms
223ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/hb_306660_6693.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://vsim.ua
date: Thu, 30 Jun 2022 08:22:35 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
636 B 184ms
69ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=356568&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2227a9044abc4d692%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fvsim.ua%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0-pre%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2228b6d84af37923a%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A1200%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%221200x250%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%22%2F45035109%2F20minut_news8(1200x250)%23div-gpt-ad-1632837984961-0%22%7D%7D%2C%7B%22id%22%3A%222946b580b2d31e7%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A1200%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%221200x250%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%22%2F45035109%2F20minut_news9(1200x250)%23div-gpt-ad-1632838225160-0%22%7D%7D%2C%7B%22id%22%3A%223064210528996e9%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A1200%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%221200x250%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%22%2F45035109%2F20minut_news10(1200x250)%23div-gpt-ad-1632838267602-0%22%7D%7D%5D%2C%22at%22%3A1%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2247988ff1-a3c5-44eb-bf03-ed210e0130ce%22%7D%5D%7D%5D%7D%7D
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/hb_306660_6693.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b4920c59b4c2cba7bb51a6ba3e1f62644c828fcc216aa4203be9ebfb9223315

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Jun 2022 08:22:36 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ql6Isbos9V5%2BefJ3FiZMDjbwaI5aiwNB7U6889tZqDLXmzdhWa%2FzuEIzjd%2Bqbz%2BG553E4VwgNXvrA9Bcy%2BZcIMKeWtwW02gbgN7Kmgd3HohBjz3%2F6EtrJrfqguG49UYdO5WjuqzY"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://vsim.ua
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 72357ebf993c067a-LHR
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
110 B 535ms
71ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/hb_306660_6693.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://vsim.ua
date: Thu, 30 Jun 2022 08:22:36 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2

200

ROS Show response
pbjs.e-planning.net/hb/1/2e43c/1/vsim.ua/
Redirect Chain

https://pbjs.e-planning.net/pbjs/1/2e43c/1/vsim.ua/ROS?rnd=0.8363762809100395&e=1200x250_0%3A1200x250%2C1200x400%2B1200x250_1%3A1200x250%2C1200x400%2B1200x250_2%3A1200x250%2C1200x400&ur=https%3A%2F...
https://pbjs.e-planning.net/hb/1/2e43c/1/vsim.ua/ROS?ct=1&r=pbjs&rnd=0.8363762809100395&e=1200x250_0%3A1200x250%2C1200x400%2B1200x250_1%3A1200x250%2C1200x400%2B1200x250_2%3A1200x250%2C1200x400&ur=h...

424 B
834 B

53ms
53ms

XHR
application/json

46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pbjs.e-planning.net/hb/1/2e43c/1/vsim.ua/ROS?ct=1&r=pbjs&rnd=0.8363762809100395&e=1200x250_0%3A1200x250%2C1200x400%2B1200x250_1%3A1200x250%2C1200x400%2B1200x250_2%3A1200x250%2C1200x400&ur=https%3A%2F%2Fvsim.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fvsim.ua%2F&e_pubcid=47988ff1-a3c5-44eb-bf03-ed210e0130ce
Protocol: H2
Server: 46.249.52.248 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: a04bb9dca5b8df66fc2d7031e9e4745a9774a62954a04e500f464c0b9dc90703

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:36 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://vsim.ua
expires: Thu, 30 Jun 2022 08:22:36 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 424
x-sid: AMS-743

Redirect headers

date: Thu, 30 Jun 2022 08:22:36 GMT
server: openresty
access-control-allow-origin: https://vsim.ua
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /hb/1/2e43c/1/vsim.ua/ROS?ct=1&r=pbjs&rnd=0.8363762809100395&e=1200x250_0%3A1200x250%2C1200x400%2B1200x250_1%3A1200x250%2C1200x400%2B1200x250_2%3A1200x250%2C1200x400&ur=https%3A%2F%2Fvsim.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fvsim.ua%2F&e_pubcid=47988ff1-a3c5-44eb-bf03-ed210e0130ce
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-743

GET
H2 200 arj Show response
adtelligent-d.openx.net/w/1.0/ 72 B
373 B 220ms
84ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adtelligent-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fvsim.ua%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=b981ccbd-edd0-4d16-8258-418a7cfc7b58%2C55704cd0-d2fd-48cf-b623-34f66a1e7bc8%2C6db647c9-b021-4814-b380-5047cdfddf14&nocache=1656577356599&pubcid=47988ff1-a3c5-44eb-bf03-ed210e0130ce&schain=1.0%2C1!adtelligent.com%2C306660%2C1%2C%2C%2C&aus=1200x250%2C1200x400%7C1200x250%2C1200x400%7C1200x250%2C1200x400&divids=div-gpt-ad-1632837984961-0%2Cdiv-gpt-ad-1632838225160-0%2Cdiv-gpt-ad-1632838267602-0&aucs=%252F45035109%252F20minut_news8(1200x250)%2523div-gpt-ad-1632837984961-0%2C%252F45035109%252F20minut_news9(1200x250)%2523div-gpt-ad-1632838225160-0%2C%252F45035109%252F20minut_news10(1200x250)%2523div-gpt-ad-1632838267602-0&auid=541177132%2C541177132%2C541177132
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/hb_306660_6693.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 94fd08276582ae667bee252f6e799d0297b13eb915a07faff47a08c1751191a9

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:36 GMT
content-encoding: gzip
server: OXGW/7f1e280
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://vsim.ua
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 379 B
1 KB 335ms
215ms XHR
application/json 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/hb_306660_6693.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

701533d78dfbdf328139088493ac508aec92314998813d6b0c90ebb46e73000a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 30 Jun 2022 08:22:36 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 63fc5f17-34f1-4cb3-b5a4-353f0d2a6418
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://vsim.ua
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 379
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 container.html Show response
9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F332 6 KB
3 KB 167ms
55ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 08:22:36 GMT
expires: Fri, 30 Jun 2023 08:22:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C6AD 624 B
976 B 196ms
67ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJ3VmscBMAE&v=APEucNXWU7IeQSZWzLbmrEtrKRxWCbzarnuoyLoENCa3ZOdDNpfH-6nGNK0tH0M3ohemrqA0xxM7oO2z3V9ZtlhX2S6VWTklnd1wtG_gWNDGWHrXSX031wVVPpaq3qVo01WOa8dBfTn-kSJ6LhN-aq3jBaLr1izEkC_Om1t39cjLdntnekA3JYc

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 08:22:37 GMT
expires: Thu, 30 Jun 2022 08:22:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F332 14 KB
11 KB 214ms
87ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CrmmGTv57RI1V6iUSdvw0W7B9agABbOM1en-bVYQStEQ9zrzcSvlkFrlFgUt0mk-9sqFzvhr8ObmlBrmy85qJgxHEp9iPIVkwNlY-zwP5zDPccQ2CnO6VCIozNi7YvhCFQ0587AhRkpfnbpB3h8HI-_hI5tA&cry=1&dbm_d=AKAmf-CsA9dIe31iPN_20fwWVKTBP7HZcqsAJT3Rch7HMsNGSniUzRGvCEDic-5_BnQLAcNJMqLyTZUDjDwPctIjJb00kvgBecLmpicWxu4v3zDGyuNeMkx9SIexnB1CHeNrhr6pLbmmXqHkv5MzVc6M31c9Hu-dnLpKmytAgeH5z1xRftk2HrbYZKCg4YNDmeBtWb8Vp_iTGRywaITJENoXZX5l9P5fHuilk6n2oD250jYgfY7T0zu9oGeKO_BbEZ9PIhAiNwx-7SqgsO0AJPO_IbZ-baTxUSY1nJ29oEQmLb983-eJ5qhmlD_TQWgqYs2qUEJpQS-KQwu-KLxcOd4tQvmsS5nU2IC3QFhbp2JnV57Xb4JkA_pIq4NwEJrNMVwSJfa55gr7_-NgOYg1WzS5FrQ3xahaAqBmEIJtex0Dg3jdTktyWW5COMxmHhzraZ3DNCnJa2ws6FdQHC18lZ10xUHVprTJn4v6hA6UNnViJ0rU3qr9y1RUd96clHO62UzonDULWs6BqT2A1qeDWvrRx4O-U8IIhp6Vd6VzrnlsRQlUsNJQRAhCAQwaDKnoNAUBTlhhpthigKDny71bBprRctRR1d5XlumU69Z9MMoQeOUt2YUInQr4ou361Nf9qdzNjBhhPxA6i4nFJ4_e_mdWy3LaUAmHAzl-9EPz3MzcMx5EYUqGYrqizrwGCcDFmzyo1symBTh_f5eX1EkCaWkUvbACbjWOPu1pRAdpa5JSFaZ_I4n3xfZ0yb-OzaF1VRuqedthMGbCcn_GwAA1Nz5_kvnIwq9n9tDUaXG4SYSQ02ZuP-k2_9AdkbTDCriTLAQsNOYK6FI-FdW7eZG7eOxoBFuPolfripoLG3380od9dPqMrYvvixRhbuOuefy2mKS4Zni0KR5gdWn87-qimMFlnjOwP0nNX9lvkRPhTFV96_cUyA7lO3dHZnojPdp2avzQWTEDQemMVsqDv02dqrZYWFuxet7VchzLnG7P5UOeG4O-FgwR9xCIgMhBxOf9VcLmGUk882w-dFwaHraW08o3YxVAh1r6OvlTUCJ8fUIQR3oTjLLUCxXiFGyo3GMMLKuBz6gQ4aQyGcu7psU9niSNaNG_fPGAbHzxxaIxYZGEZUGkOT7odG4wqX0LMZc3XO3bJEEA4bLYYoq0bXXViIKhS0eyk0A2GaeXMiHgmwHPFB1DjTUatFSWyWZSmKBWjhtAVnch7ZMMWKnVGrC15fuOJfYXMWkZI2Q8fo9Ou2pAqq8zO2ckBRqEf0-SoS7V73htcVCSzrT-5DbW5RZP68NRvBW7VLLpzQ5BWb8Shdr6a_YuAK5_0elABZb9u3wc9yMyWtp4-Twc6T4KGM9-r7q6aT45ZzQFvuqnuUnzUQBLz0Il5MQCwehn2Z-vNrOtYeka51pghI9Y8vwboL-cmsT5_eBhNRlobgPQ_MIlfSgg5aleNdihptAzyI1tOLMyJL4JjZa1rbR49PVIn9ssnK9wfktCDKU4XMP1dReT5A5TPnJhszKltRvJCjZS9AhJYqDuhGKETxmcBK7ASb9LA-v64miHqV437qi2ZMhRhVLFE_3zccoVZi95M2gXykqCnqmm0jLBqZDwXx1EJZi4MP1Ypo2mS2ArExcoD5xelAEjgkZTZMfKArdVQTO-qzfyRg4hetlPlpgCmwAiApMW6iw_K5WundBzm4XuC64SIKog8UozxqVetIoGl_sy5l2NCu8QhzpwuODMbPzzFHa17KbQ4g83s3ICyumeqaUUvkg_2ZA5Goru8jVuMxgMl4yX_L-UjBdfdpEd7LkXvuujgjXV-iHdqkhEQOBzrqQZ2LtStCuOmy3MdE1SEDSQOIWyhITivN1hOHgP4x8HdAjrC3LSmuKB99u6t129ZrVIKFf8zibR1dc4p1Lu_ofxfFUObM907SDNbIbudZbsqOMHNDoPq0sm0caEMfUsjI0ZP7R2kfP-MIeUBo0RtT0WbV3KZKhROHqGtw1J-SskB2vBZ1wlY8W9JB3frdywuNik-SnciyJck177oW_gAbMMOzbGRM4_g2g11u__w25thOWdHuM1dWWlD8COTNTKWBuWv1YFdt9TDrRsXz_G02ZO6KyXFmLsjJBkQ4x7yoNQE9EXCxQsE3Ukdf9Yb3F9KvMADvMaV1jKh2Z3qdZb1iYwvbd_7UMMm31Fzifel_McA9pggqwNixRXvxp9XpJYeEu3Cdhiz6pRJ2O7EqJrQHlY0hE-mwWmQz5QjliCave71s677ZFOfnHWEqOS0yy5jJRI-rI1giSpATTqCondpXQ3jyKa4KNPmQdm0B-MMMDKnl71BbIEX66dCPyA0gWsJO_ja0veaHTVXK8YQPD76GG4Cw6FsXQKt81NGj3mbSDWvVXijHneAveNH7HrlqqrlpNi9-cCPBBs8YIpze_s5AwUbyn2Ge0Bg7IDL0xa26VG-I2wonYxfrmWVZtI8VzqbvyqWXl0flS2M_or7P9voRXUeFv5C-7uEpASZ9iY-1YDQgX3mjBC9isQNTo16A3V4fygwAek3omOu-6HFNdEMVbk3twJxRkfCJ4rygmmrT28uluGbDgEp_EjMxLBXCcuVCd5NDG8NF0esxsOrMZjCTmEsFmMoIrXhPjE5L4CmDez3tiqm7Iyqd55d_D7yQ&cid=CAASJ-RoxqBrbGuaZUssMvQyiWkE7mxZcHYnRIJ55ElTe5jaciRbXzBk2g&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f098a3595ec969f431455f68d7cd1ab6d291cee669501616a38fa2b5e221bbad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10701
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F332 42 B
494 B 220ms
87ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BgQbUpIWC7rN5xzgvjT5QrjNHwM-4QfkNkWmzs-QELKXMu0KTo-K5QMRoW2eJBLIfzjMdqwLy8zlOR-p9cDrihfdkn8oKHNyu-chbVr2B_-WvGXGM

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame F332 61 KB
22 KB 238ms
93ms Script
text/javascript 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWhpxGcKhnr2ofdU-H1iDvWZYZReAHm2MUf6S_OxJZT7Lon0fU&d=CnkAoCZ_4CjC776wIq8AhyX-70Kp-uBm9vraC7FBInEGopxxylOs56z3K-jXZ10IMfigLAirt4d76ULJIuzIY3n7b8SbbZSbyJ_yqgEUzuOvqf7Pp0-nY6ZrFFOzNdW_NveQFFp6JEMY1bnxS25SDQNjCSOB4sBfCyyGErkSAKAmf-DaeIxK95uPHMoRQlEq-GF9RQiDtelg6onTebcS6DJkOGIQUZDriwgfgFocqfeht14RpK7yzlGL2_d4xLRTq73PLLSdM-A0iBlHgGsa6xpVSDg1stVtji4U7s_iFrrvKBTa6R9QeR-_CRO1A1YtsDRZZFipg9ogQGJgvcHQCJcYPL04NG49VqGzUyxDYznmxOgmv-QHprtjR_OE0wkAhZkWCoWGBT1S-1Hf9FFeZE2-awt-sLCvV0A5KEG7nKkN1U4K5eQu5tOZVdQJY2v6r_JeoGL1wMfOeVS0aEA2lyeX7mlkm8PaXEOEM28lfaSClrQf33QqQYAhGcavn1NcDUbNmRcRUmEOSFUwzJ8Fq1cFCkBoqcZq2pMJ4KdTcfko3DlDbKJO0cxLnmc299FhpDJlhM5vTObSTK2VIiuBwIotY3C29rO4u3UOwPqxBVFIipJ5QbgFv2rL8LVxKtSwKZcAxXH0HNYqiwMNMRjlsicblJJtsnka6fCYyCVN85at2YH2uGubSFpQiv8srBqxrTGauVbTVwtCVfU_mPQ1qV8j61nwP1Ak4ri8k5VPII4G9jeSTFT6Ywfwa3QYPUMfj9TQ9qiPaxv5gHGOD0estc1I287NRBEXvWpULUf5oXgSnF31Vlei5wIMxbi4V9BI2QAG6A_fDVxYxvbLWdXBCwmeeJduuxcFvVs0eJdjeNb1WMeeNxrMp0l656sIQdrkVEYWG7Sg_fEVZzp95geL1aG34Hi9I3Hje0DOFP9XrYhPjqY__ly34pRpk93O-E4Z9EbYjbS1Muok3HRQG3jCuLBmBb8eKss479ZOfIdpoNPUBX8-lWe9Et3qLQAMf3neq1Eu3R8DaO885jqIwMsVM24yd_uUWJfdbjCiC1el911MV0bX8Rbo05s4YaSMmtOepY0RH18AHtKVHkaZv4waeS5EgHEXT19aTxZN7S8fj3d3hk8urro1lP1si8PuLqsjI-bzlwM2o-LEi5lCxqyPD-dxT22dsRrgLEiYbeeBLqRzMfIlu6CQhm0kCEZS3nB7q86KadD6vGIwKxiWFUTRdDICaO04Qp6Qqo9L-Z1nFca32s3IhGZC5fy_8SefV62A3jOZz9XuJqROZ2YpK8kLAitsNi8NC6_5RfIXV1WjoEpuIzRAUUkoo6oyPIzpBHWewRg4CROtr_XaW9Pf-UGlilkKNE1rFJAabxfDjnvlaQ0DSYcwtFCSXxQhJD1mPjrWd8ZDJ9fbDBHJ_FlnNFkMk2ELKrcQRtvrOoP4nVgRTEDg-wV338wP2JoLZ8KOymOzMjuNd_mQoEpnqkPn4Xcfr5HR-HPtcOnaBqAfLje3Wmj6Dko6KMlBZdLDqmkZywE337m8lsGxFVXwcf0nZVUp0StOMEjbxZrKE6XtGEGflpX9KqN6RyRSjvxvVL1fF02TIHu4XQNyYxgdctM-7FkOg9kNyp5SoIyuckIUrcphk6nql0nr8izxrMrcZOI4BgITtY2l0_pFEtB9GmnmMVSmIxsYMxVoynL5Zea5-NJhsi-C5UG38StUg7Og0Mfm5wtppll_G-CoL7RM4a7ockOQqOH6pQ7jzj22LplE12RmpRyO2Jdr8U_fQyIHy-XzKEWW9zcV06GpmQOcfsq1jGP-w3MKhMjfDdmG9NystDfpgFxeA4AvHIAcrOWp9-5Fuw6g7Qmm5-aSLEBhvC645yvrhPACotC2f9OqgBRSgg40ju2pWybeN6l6sxpWGNeoWUg2XccrYNR6oxX6pTHhrrNIzn4mdDm51OALpoTXP3Azng1Xm6SCMPmOv5sEhlqGwJvVkgvLhHMdtp8-ppjGuGyk5AuXHMaejuWdeyxTrRoXY4z89-C-zDVJaEMvnfUKl69qUZpSoUU72HQjs5RWDQeztk8_pwvPoRwiYs6SJxuLAeYpBWclYOEFI_p4dsM1lw-hReiCdS4QVxfZWeBCmxnzhT1KHXdJForpN6mMNLvQ7TDvfXumtPBwc8yh15ZoHiH7Wd1ptA4dtccP5YaiWVGbHn04vrECllIa7pk3_NsI2L7s38MlQJgInGn4iI-oSB1qsTtM8fzhAqjTc0MgIsrc7R1J61ETwayX90L268x4SHHIh0YFYb-H5d5x1tdxd88p5vSSLUcop_lE7xTz5ccL8BsCQJy54Ab6bG4Rzut45B4Pl6stq-VHJfu6pypnEsogWg0PlUYYbMiqHiN_S7lFABBsOdn9mqmuc1N7Vu6bQLQMcIFlRcwOxZ_Z7Sq9swfy0gq-EWkPWJ9_BYlv2O0YmvK-qfpHJvfjXTgnlh5TTf1bBZNGen9EeokpXNox22CuZl8xcT2FWrL6xGmfhbvtX8_yMix-MOcGWHLIzdnKGJh82PW-2MUwwQjoxZxigNjDXXcZFrJMldJXjvzkLnjsDFTBdwNr7kwbTjLtSZye1O_9-7sVuPwZUxzV7clPGuW6z1pweJseyP9arenuD0cUnTZWIQSs-OWVX7D5iU0VLwyIEjcNa5zh1FN844gk2stgJ1IekDNgQaH60GvrwL69QywsSjWJc-xBJ_GDMpSUXXp83XVY9cJoDjoFGy5b8Ra5P4VUbhH8XDiNTllwgFjVCSAlzfiFfQb3uDzkR62JjXljE9EXE-Qr2O0EzY-hOncDR1DzPLuaWuB-p3ioTxfQUS2uKiRyj59dfz-H120XktXNEg5vgZrI5b_mGlzqbbtZN5wVwIVyAPCNO4AQhZZ7YAipbXymni0nmEVkPW7wIwiZoE2xveNctnJMxXTqv_qHJm5yM4QWQwxrvlsXwt5CXQrPqVIBUQaj_Ic-4MBaXHXr65ohy1-djA3sly3HyTiRzt5wQXn3s4rqpbcol8934C0Yl57fipBDR9AT8ihAuMCE_FP3WIItMUn4VUrU_tvzkQazzMku8RweNDx4VmydlsKjDjcW2ApGK2GosC6CKIwZM_o8_mQtn4Qpm69NITuJ6l9o6D-3P_gKkwzX9i7PDl9dsSmZ2f8vVc2Fzq5-ciUXwspfXfoDn2RUQxAfj1aF1-o38-OoFCDznNNg8O2DUT2_oqO9MtslYDklhbl2VGcPwXr7oxJODeq6-lHmhTG7yPZVhysBhyusVLmHgWJyFAAttXZXDjwa6vZNiB2pEbI-9sWAcPpZGisIABIn5GjGoGtsa5plSywy9DKJaQTubFlwdidEgnnkSVN7mNpyJFtfMGTaYAE

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

ddcbbc32233cadfaeac8b2d5d74d3c1c8c72f802be95b4dc3ed949cf5bee4fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21561
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dcmads.js Show response
fw.adsafeprotected.com/rjss/www.googletagservices.com/1005482/61968045/dcm/ Frame F332 234 KB
71 KB 202ms
58ms Script
application/javascript 52.213.113.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/www.googletagservices.com/1005482/61968045/dcm/dcmads.js
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.113.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-113-49.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 49dbc49878db407981d251cbf98e4d2f71909b016f438358e3f3ad9ac717ddcc

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:37 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame F332 3 KB
1 KB 204ms
61ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 07:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1646
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 07:55:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F332 138 KB
43 KB 214ms
71ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 08:22:37 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame F332 17 KB
8 KB 196ms
53ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 07:54:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1667
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 07:54:50 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame F332 0
0 209ms
66ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTmUK0b4xFjVQ7uS4SKyMBWncXWXZNKYD6q_txtfQ5BpLXzlobGgYd2LcKq4B5kOTDtECjs_8Ffdny41wwQNa92D4JDhQ
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame C6AD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKwuSlpLc8etYGGB8hFJNSU&google_cver=1

43 B
907 B

102ms
85ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKwuSlpLc8etYGGB8hFJNSU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJ3VmscBMAE&v=APEucNXWU7IeQSZWzLbmrEtrKRxWCbzarnuoyLoENCa3ZOdDNpfH-6nGNK0tH0M3ohemrqA0xxM7oO2z3V9ZtlhX2S6VWTklnd1wtG_gWNDGWHrXSX031wVVPpaq3qVo01WOa8dBfTn-kSJ6LhN-aq3jBaLr1izEkC_Om1t39cjLdntnekA3JYc
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 72357ec4c8c57509-LHR
pragma: no-cache
date: Thu, 30 Jun 2022 08:22:37 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wBlMtwwwii6AJNPogKKh7s7PtLkWO7Br9KtnsImlc8zH7NvxBTmMtDfgL0Jcw%2BXguy3J%2B0CoU%2BBqNpmtAoX22ORls7jr6zI%2FwuFb4sRvvFR6E2o8FR7e8AprSbn1NfNSpu9QET47wUooog%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKwuSlpLc8etYGGB8hFJNSU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame C6AD
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

43 B
914 B

77ms
76ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJ3VmscBMAE&v=APEucNXWU7IeQSZWzLbmrEtrKRxWCbzarnuoyLoENCa3ZOdDNpfH-6nGNK0tH0M3ohemrqA0xxM7oO2z3V9ZtlhX2S6VWTklnd1wtG_gWNDGWHrXSX031wVVPpaq3qVo01WOa8dBfTn-kSJ6LhN-aq3jBaLr1izEkC_Om1t39cjLdntnekA3JYc
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 72357ec65ae07509-LHR
pragma: no-cache
date: Thu, 30 Jun 2022 08:22:37 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Do4NA49kZZbmAc89qY2I4RYdq4w75bMc6TTPuXG6u2qaz8vwu87L%2FDUpjxo0Gz5MRv340qy1f4gZej1GjwFsHP598CF6%2F3z%2FoIL8t%2BQyNoSc28ZOcvO%2FSuV7pTyGcZi%2BOUa%2BwJ15hy%2F2ag%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame C6AD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1

43 B
1015 B

57ms
53ms

Image
image/gif

37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJ3VmscBMAE&v=APEucNXWU7IeQSZWzLbmrEtrKRxWCbzarnuoyLoENCa3ZOdDNpfH-6nGNK0tH0M3ohemrqA0xxM7oO2z3V9ZtlhX2S6VWTklnd1wtG_gWNDGWHrXSX031wVVPpaq3qVo01WOa8dBfTn-kSJ6LhN-aq3jBaLr1izEkC_Om1t39cjLdntnekA3JYc

Protocol

HTTP/1.1

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jun 2022 08:22:37 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 18a843c3-ccf1-4fe0-97a0-56940f0e3910
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame C6AD
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1

170 B
243 B

142ms
67ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Jun 2022 08:22:37 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 718050d2-d7ff-4862-bf9e-e9fd29017b1c
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 173ms
63ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=vsim.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 08:22:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 176ms
66ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=vsim.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 08:22:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 57 KB
20 KB 750ms
750ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2290266153323570&correlator=3549157085688234&eid=31067917%2C31068159&output=ldjh&gdfp_req=1&vrg=2022062701&ptt=17&impl=fifs&iu_parts=45035109%2C20minut_news8(1200x250)%2C20minut_news9(1200x250)%2C20minut_news10(1200x250)&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=1200x250%7C1200x400%2C1200x250%7C1200x400%2C1200x250%7C1200x400&ifi=2&adks=2483578089%2C4059114074%2C1842437250&sfv=1-0-38&ecs=20220630&fsapi=false&prev_scp=city_20minut%3Dkhmelnytskyi%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7Ccity_20minut%3Dkhmelnytskyi%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7Ccity_20minut%3Dkhmelnytskyi%26hb_rfBid%3D0%26excl_cat%3DPREPOST&eri=1&sc=1&cookie=ID%3D61de8279f880d5bf-227752ecc2cd0057%3AT%3D1656577356%3AS%3DALNI_MZrJ7wmL8rJ31Ye1y4B8Fh4Q3Y1Sw&abxe=1&dt=1656577357318&lmt=1656577357&dlt=1656577355080&idt=1138&biw=1600&bih=1200&adxs=204%2C204%2C204&adys=1056%2C3264%2C4265&ucis=2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fvsim.ua%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1192x250%7C1192x250%7C1192x250&msz=1200x250%7C1200x250%7C1200x250&fws=4%2C4%2C4&ohw=1192%2C1192%2C1192&ga_vid=2141105347.1656577356&ga_sid=1656577356&ga_hid=2099569843&ga_fc=true&btvi=0%7C1%7C2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

57bb8ce4acf8f2b3c4e2c7d04c978c8e868eb5c43c6efadf04f547cc79e64ff4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20233
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F332 41 KB
15 KB 185ms
62ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CrmmGTv57RI1V6iUSdvw0W7B9agABbOM1en-bVYQStEQ9zrzcSvlkFrlFgUt0mk-9sqFzvhr8ObmlBrmy85qJgxHEp9iPIVkwNlY-zwP5zDPccQ2CnO6VCIozNi7YvhCFQ0587AhRkpfnbpB3h8HI-_hI5tA&cry=1&dbm_d=AKAmf-CsA9dIe31iPN_20fwWVKTBP7HZcqsAJT3Rch7HMsNGSniUzRGvCEDic-5_BnQLAcNJMqLyTZUDjDwPctIjJb00kvgBecLmpicWxu4v3zDGyuNeMkx9SIexnB1CHeNrhr6pLbmmXqHkv5MzVc6M31c9Hu-dnLpKmytAgeH5z1xRftk2HrbYZKCg4YNDmeBtWb8Vp_iTGRywaITJENoXZX5l9P5fHuilk6n2oD250jYgfY7T0zu9oGeKO_BbEZ9PIhAiNwx-7SqgsO0AJPO_IbZ-baTxUSY1nJ29oEQmLb983-eJ5qhmlD_TQWgqYs2qUEJpQS-KQwu-KLxcOd4tQvmsS5nU2IC3QFhbp2JnV57Xb4JkA_pIq4NwEJrNMVwSJfa55gr7_-NgOYg1WzS5FrQ3xahaAqBmEIJtex0Dg3jdTktyWW5COMxmHhzraZ3DNCnJa2ws6FdQHC18lZ10xUHVprTJn4v6hA6UNnViJ0rU3qr9y1RUd96clHO62UzonDULWs6BqT2A1qeDWvrRx4O-U8IIhp6Vd6VzrnlsRQlUsNJQRAhCAQwaDKnoNAUBTlhhpthigKDny71bBprRctRR1d5XlumU69Z9MMoQeOUt2YUInQr4ou361Nf9qdzNjBhhPxA6i4nFJ4_e_mdWy3LaUAmHAzl-9EPz3MzcMx5EYUqGYrqizrwGCcDFmzyo1symBTh_f5eX1EkCaWkUvbACbjWOPu1pRAdpa5JSFaZ_I4n3xfZ0yb-OzaF1VRuqedthMGbCcn_GwAA1Nz5_kvnIwq9n9tDUaXG4SYSQ02ZuP-k2_9AdkbTDCriTLAQsNOYK6FI-FdW7eZG7eOxoBFuPolfripoLG3380od9dPqMrYvvixRhbuOuefy2mKS4Zni0KR5gdWn87-qimMFlnjOwP0nNX9lvkRPhTFV96_cUyA7lO3dHZnojPdp2avzQWTEDQemMVsqDv02dqrZYWFuxet7VchzLnG7P5UOeG4O-FgwR9xCIgMhBxOf9VcLmGUk882w-dFwaHraW08o3YxVAh1r6OvlTUCJ8fUIQR3oTjLLUCxXiFGyo3GMMLKuBz6gQ4aQyGcu7psU9niSNaNG_fPGAbHzxxaIxYZGEZUGkOT7odG4wqX0LMZc3XO3bJEEA4bLYYoq0bXXViIKhS0eyk0A2GaeXMiHgmwHPFB1DjTUatFSWyWZSmKBWjhtAVnch7ZMMWKnVGrC15fuOJfYXMWkZI2Q8fo9Ou2pAqq8zO2ckBRqEf0-SoS7V73htcVCSzrT-5DbW5RZP68NRvBW7VLLpzQ5BWb8Shdr6a_YuAK5_0elABZb9u3wc9yMyWtp4-Twc6T4KGM9-r7q6aT45ZzQFvuqnuUnzUQBLz0Il5MQCwehn2Z-vNrOtYeka51pghI9Y8vwboL-cmsT5_eBhNRlobgPQ_MIlfSgg5aleNdihptAzyI1tOLMyJL4JjZa1rbR49PVIn9ssnK9wfktCDKU4XMP1dReT5A5TPnJhszKltRvJCjZS9AhJYqDuhGKETxmcBK7ASb9LA-v64miHqV437qi2ZMhRhVLFE_3zccoVZi95M2gXykqCnqmm0jLBqZDwXx1EJZi4MP1Ypo2mS2ArExcoD5xelAEjgkZTZMfKArdVQTO-qzfyRg4hetlPlpgCmwAiApMW6iw_K5WundBzm4XuC64SIKog8UozxqVetIoGl_sy5l2NCu8QhzpwuODMbPzzFHa17KbQ4g83s3ICyumeqaUUvkg_2ZA5Goru8jVuMxgMl4yX_L-UjBdfdpEd7LkXvuujgjXV-iHdqkhEQOBzrqQZ2LtStCuOmy3MdE1SEDSQOIWyhITivN1hOHgP4x8HdAjrC3LSmuKB99u6t129ZrVIKFf8zibR1dc4p1Lu_ofxfFUObM907SDNbIbudZbsqOMHNDoPq0sm0caEMfUsjI0ZP7R2kfP-MIeUBo0RtT0WbV3KZKhROHqGtw1J-SskB2vBZ1wlY8W9JB3frdywuNik-SnciyJck177oW_gAbMMOzbGRM4_g2g11u__w25thOWdHuM1dWWlD8COTNTKWBuWv1YFdt9TDrRsXz_G02ZO6KyXFmLsjJBkQ4x7yoNQE9EXCxQsE3Ukdf9Yb3F9KvMADvMaV1jKh2Z3qdZb1iYwvbd_7UMMm31Fzifel_McA9pggqwNixRXvxp9XpJYeEu3Cdhiz6pRJ2O7EqJrQHlY0hE-mwWmQz5QjliCave71s677ZFOfnHWEqOS0yy5jJRI-rI1giSpATTqCondpXQ3jyKa4KNPmQdm0B-MMMDKnl71BbIEX66dCPyA0gWsJO_ja0veaHTVXK8YQPD76GG4Cw6FsXQKt81NGj3mbSDWvVXijHneAveNH7HrlqqrlpNi9-cCPBBs8YIpze_s5AwUbyn2Ge0Bg7IDL0xa26VG-I2wonYxfrmWVZtI8VzqbvyqWXl0flS2M_or7P9voRXUeFv5C-7uEpASZ9iY-1YDQgX3mjBC9isQNTo16A3V4fygwAek3omOu-6HFNdEMVbk3twJxRkfCJ4rygmmrT28uluGbDgEp_EjMxLBXCcuVCd5NDG8NF0esxsOrMZjCTmEsFmMoIrXhPjE5L4CmDez3tiqm7Iyqd55d_D7yQ&cid=CAASJ-RoxqBrbGuaZUssMvQyiWkE7mxZcHYnRIJ55ElTe5jaciRbXzBk2g&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 06:00:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94944
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Jun 2023 06:00:13 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame F332 106 KB
38 KB 179ms
55ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Origin: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 10:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77801
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 10:45:56 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/elements/html/ Frame F332 8 KB
3 KB 170ms
55ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/elements/html/omrhp.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWhpxGcKhnr2ofdU-H1iDvWZYZReAHm2MUf6S_OxJZT7Lon0fU&d=CnkAoCZ_4CjC776wIq8AhyX-70Kp-uBm9vraC7FBInEGopxxylOs56z3K-jXZ10IMfigLAirt4d76ULJIuzIY3n7b8SbbZSbyJ_yqgEUzuOvqf7Pp0-nY6ZrFFOzNdW_NveQFFp6JEMY1bnxS25SDQNjCSOB4sBfCyyGErkSAKAmf-DaeIxK95uPHMoRQlEq-GF9RQiDtelg6onTebcS6DJkOGIQUZDriwgfgFocqfeht14RpK7yzlGL2_d4xLRTq73PLLSdM-A0iBlHgGsa6xpVSDg1stVtji4U7s_iFrrvKBTa6R9QeR-_CRO1A1YtsDRZZFipg9ogQGJgvcHQCJcYPL04NG49VqGzUyxDYznmxOgmv-QHprtjR_OE0wkAhZkWCoWGBT1S-1Hf9FFeZE2-awt-sLCvV0A5KEG7nKkN1U4K5eQu5tOZVdQJY2v6r_JeoGL1wMfOeVS0aEA2lyeX7mlkm8PaXEOEM28lfaSClrQf33QqQYAhGcavn1NcDUbNmRcRUmEOSFUwzJ8Fq1cFCkBoqcZq2pMJ4KdTcfko3DlDbKJO0cxLnmc299FhpDJlhM5vTObSTK2VIiuBwIotY3C29rO4u3UOwPqxBVFIipJ5QbgFv2rL8LVxKtSwKZcAxXH0HNYqiwMNMRjlsicblJJtsnka6fCYyCVN85at2YH2uGubSFpQiv8srBqxrTGauVbTVwtCVfU_mPQ1qV8j61nwP1Ak4ri8k5VPII4G9jeSTFT6Ywfwa3QYPUMfj9TQ9qiPaxv5gHGOD0estc1I287NRBEXvWpULUf5oXgSnF31Vlei5wIMxbi4V9BI2QAG6A_fDVxYxvbLWdXBCwmeeJduuxcFvVs0eJdjeNb1WMeeNxrMp0l656sIQdrkVEYWG7Sg_fEVZzp95geL1aG34Hi9I3Hje0DOFP9XrYhPjqY__ly34pRpk93O-E4Z9EbYjbS1Muok3HRQG3jCuLBmBb8eKss479ZOfIdpoNPUBX8-lWe9Et3qLQAMf3neq1Eu3R8DaO885jqIwMsVM24yd_uUWJfdbjCiC1el911MV0bX8Rbo05s4YaSMmtOepY0RH18AHtKVHkaZv4waeS5EgHEXT19aTxZN7S8fj3d3hk8urro1lP1si8PuLqsjI-bzlwM2o-LEi5lCxqyPD-dxT22dsRrgLEiYbeeBLqRzMfIlu6CQhm0kCEZS3nB7q86KadD6vGIwKxiWFUTRdDICaO04Qp6Qqo9L-Z1nFca32s3IhGZC5fy_8SefV62A3jOZz9XuJqROZ2YpK8kLAitsNi8NC6_5RfIXV1WjoEpuIzRAUUkoo6oyPIzpBHWewRg4CROtr_XaW9Pf-UGlilkKNE1rFJAabxfDjnvlaQ0DSYcwtFCSXxQhJD1mPjrWd8ZDJ9fbDBHJ_FlnNFkMk2ELKrcQRtvrOoP4nVgRTEDg-wV338wP2JoLZ8KOymOzMjuNd_mQoEpnqkPn4Xcfr5HR-HPtcOnaBqAfLje3Wmj6Dko6KMlBZdLDqmkZywE337m8lsGxFVXwcf0nZVUp0StOMEjbxZrKE6XtGEGflpX9KqN6RyRSjvxvVL1fF02TIHu4XQNyYxgdctM-7FkOg9kNyp5SoIyuckIUrcphk6nql0nr8izxrMrcZOI4BgITtY2l0_pFEtB9GmnmMVSmIxsYMxVoynL5Zea5-NJhsi-C5UG38StUg7Og0Mfm5wtppll_G-CoL7RM4a7ockOQqOH6pQ7jzj22LplE12RmpRyO2Jdr8U_fQyIHy-XzKEWW9zcV06GpmQOcfsq1jGP-w3MKhMjfDdmG9NystDfpgFxeA4AvHIAcrOWp9-5Fuw6g7Qmm5-aSLEBhvC645yvrhPACotC2f9OqgBRSgg40ju2pWybeN6l6sxpWGNeoWUg2XccrYNR6oxX6pTHhrrNIzn4mdDm51OALpoTXP3Azng1Xm6SCMPmOv5sEhlqGwJvVkgvLhHMdtp8-ppjGuGyk5AuXHMaejuWdeyxTrRoXY4z89-C-zDVJaEMvnfUKl69qUZpSoUU72HQjs5RWDQeztk8_pwvPoRwiYs6SJxuLAeYpBWclYOEFI_p4dsM1lw-hReiCdS4QVxfZWeBCmxnzhT1KHXdJForpN6mMNLvQ7TDvfXumtPBwc8yh15ZoHiH7Wd1ptA4dtccP5YaiWVGbHn04vrECllIa7pk3_NsI2L7s38MlQJgInGn4iI-oSB1qsTtM8fzhAqjTc0MgIsrc7R1J61ETwayX90L268x4SHHIh0YFYb-H5d5x1tdxd88p5vSSLUcop_lE7xTz5ccL8BsCQJy54Ab6bG4Rzut45B4Pl6stq-VHJfu6pypnEsogWg0PlUYYbMiqHiN_S7lFABBsOdn9mqmuc1N7Vu6bQLQMcIFlRcwOxZ_Z7Sq9swfy0gq-EWkPWJ9_BYlv2O0YmvK-qfpHJvfjXTgnlh5TTf1bBZNGen9EeokpXNox22CuZl8xcT2FWrL6xGmfhbvtX8_yMix-MOcGWHLIzdnKGJh82PW-2MUwwQjoxZxigNjDXXcZFrJMldJXjvzkLnjsDFTBdwNr7kwbTjLtSZye1O_9-7sVuPwZUxzV7clPGuW6z1pweJseyP9arenuD0cUnTZWIQSs-OWVX7D5iU0VLwyIEjcNa5zh1FN844gk2stgJ1IekDNgQaH60GvrwL69QywsSjWJc-xBJ_GDMpSUXXp83XVY9cJoDjoFGy5b8Ra5P4VUbhH8XDiNTllwgFjVCSAlzfiFfQb3uDzkR62JjXljE9EXE-Qr2O0EzY-hOncDR1DzPLuaWuB-p3ioTxfQUS2uKiRyj59dfz-H120XktXNEg5vgZrI5b_mGlzqbbtZN5wVwIVyAPCNO4AQhZZ7YAipbXymni0nmEVkPW7wIwiZoE2xveNctnJMxXTqv_qHJm5yM4QWQwxrvlsXwt5CXQrPqVIBUQaj_Ic-4MBaXHXr65ohy1-djA3sly3HyTiRzt5wQXn3s4rqpbcol8934C0Yl57fipBDR9AT8ihAuMCE_FP3WIItMUn4VUrU_tvzkQazzMku8RweNDx4VmydlsKjDjcW2ApGK2GosC6CKIwZM_o8_mQtn4Qpm69NITuJ6l9o6D-3P_gKkwzX9i7PDl9dsSmZ2f8vVc2Fzq5-ciUXwspfXfoDn2RUQxAfj1aF1-o38-OoFCDznNNg8O2DUT2_oqO9MtslYDklhbl2VGcPwXr7oxJODeq6-lHmhTG7yPZVhysBhyusVLmHgWJyFAAttXZXDjwa6vZNiB2pEbI-9sWAcPpZGisIABIn5GjGoGtsa5plSywy9DKJaQTubFlwdidEgnnkSVN7mNpyJFtfMGTaYAE

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:17:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 322
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 08:17:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/ Frame F332 27 KB
10 KB 169ms
57ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:21:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10545
x-xss-protection: 0
server: cafe
etag: 4672069523611413616
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 08:21:13 GMT

GET
H3

200

dcmads.js Show response
www.googletagservices.com/dcm/ Frame F332
Redirect Chain

https://fw.adsafeprotected.com/rfw/www.googletagservices.com/1005482/61968045/dcm/dcmads.js?adsafe_url=https%3A%2F%2Fvsim.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9699815f36e2a73a89770d21843c58...
https://www.googletagservices.com/dcm/dcmads.js

23 KB
9 KB

162ms
53ms

Script
text/javascript

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a40641661b54c304ebe64ce944b1261fd061962a6f2b86558f3b3d98237ca0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 07:48:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2042
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8749
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 21:33:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Jun 2022 08:48:35 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:37 GMT
x-server-name: app08.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://www.googletagservices.com/dcm/dcmads.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 9B1E 80 KB
21 KB 210ms
62ms Script
application/javascript 2600:9000:206f:2400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:2400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 16 May 2022 08:34:34 GMT
content-encoding: gzip
age: 3887284
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-C1
content-type: application/javascript
x-amz-cf-id: 3jXDnh3s2Qqd69oCehEDokZYqpBlWtH0_XE_EUS7giyyl7Q_u-kHow==

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 795E 22 KB
8 KB 54ms
54ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 236687
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 14:37:50 GMT
expires: Tue, 27 Jun 2023 14:37:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F332 43 B
216 B 643ms
206ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1005482&asId=fa62f8d9-0a59-a562-b0b5-034369a1d333&tv=%7Bc:h0x90v,pingTime:-3,time:57,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:24%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:57,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B46~0%5D,as:%5B46~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tae9LLI+11%7C12%7C13%7C14*.1005482-61968045%7C141,idMap:14*,rmeas:1,rend:0,renddet:svg.us%7D&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F332 43 B
215 B 641ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1005482&asId=fa62f8d9-0a59-a562-b0b5-034369a1d333&tv=%7Bc:h0x90w,pingTime:-6,time:58,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:58,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B47~0%5D,as:%5B47~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tae9LLI+11%7C12%7C13%7C14*.1005482-61968045%7C141,idMap:14*,rmeas:1,rend:0,renddet:svg.us%7D&tpiLookup=ao:vsim.ua*&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt04.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

POST
H/1.1 204
No Content multitracking Show response
ghb.adtelligent.com/adunit/ 0
218 B 57ms
57ms XHR
text/plain 185.239.173.66
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/multitracking
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/hbw_master_306660_6693.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.239.173.66 , United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://vsim.ua
Date: Thu, 30 Jun 2022 08:22:37 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive
X-Robots-Tag: noindex

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8983349693034261550/ Frame 030B 6 KB
2 KB 163ms
54ms Document
text/html 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57db35b5a7ecf550145de3105d175c51162ebad9a69b1851dd95f528cf39706e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 262949
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2281
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 07:20:08 GMT
expires: Tue, 27 Jun 2023 07:20:08 GMT
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F332 0
575 B 214ms
91ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvi805iV7kKr-pibGjNkClBxzXRBDYOnRcQsq3T0sRrFgbOGw_7BYpUITHqpS89hkDaMLkI55WhK0nHw9v08CpczlcNGEvxqTxUKpC4OvuK-DDg6pWYvTEaRqlBeO452Ijj_Fg&sai=AMfl-YTdm5dBPEWaIvNtbO77j71BBVnpLW9bkzoAmS5Yn2jbl3WScEJemae_b2Zd3Biihbkf-vtAUKb6c0KcBNu362kzik7NGG6U3NTYqW-o4TqyqEwLp3wvRo088kohz3o&sig=Cg0ArKJSzIm00jACuP7tEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=271&cbvp=1&cstd=268&cisv=r20220628.57419&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 08:22:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F332 43 B
215 B 643ms
221ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1005482&asId=fa62f8d9-0a59-a562-b0b5-034369a1d333&tv=%7Bc:h0x90K,pingTime:-2,time:72,type:a,im:%7Bsf:0,pom:1,prf:%7BmdA:209,mdZ:527,beA:671,beZ:675,mfA:678,cmA:680,inA:680,inZ:685,prA:685,prZ:689,si:696,poA:697,poZ:718,cmZ:718,mfZ:718,loA:730,loZ:732,ltA:744,ltZ:744%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:100.100,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:24%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:72,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B61~0%5D,as:%5B61~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tae9LLI+11%7C12%7C13%7C14*.1005482-61968045%7C141,idMap:14*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:svg.us,sinceFw:46,readyFired:false%7D&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js Show response
pagead2.googlesyndication.com/bg/ Frame 795E 36 KB
14 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79db9ed714dce58ba264e8498b854803f736d027ad66de53f72ed0ddc367ad30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 07:41:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2464
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13936
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 07:41:33 GMT

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 030B 236 KB
63 KB 204ms
62ms Script
text/javascript 2a02:26f0:3500:11::215:14dc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:3500:11::215:14dc Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:37 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Thu, 30 Jun 2022 08:37:37 GMT

GET
H3 200 index.js Show response
s0.2mdn.net/sadbundle/8983349693034261550/ Frame 030B 153 KB
28 KB 54ms
54ms Script
application/x-javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5cb3973bbcfa74279cbdf1fed6cb8de5cf4188bd0380132d0db0d87326d5b85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:20:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 262948
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28229
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:20:09 GMT

GET
H3 200 impl_v90.js Show response
www.googletagservices.com/dcm/ Frame F332 54 KB
21 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v90.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/www.googletagservices.com/1005482/61968045/dcm/dcmads.js?adsafe_url=https%3A%2F%2Fvsim.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:fa62f8d9-0a59-a562-b0b5-034369a1d333,c:h0x8ZY,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-86c8d9dc9d-b4r56,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:6,fm:tae9LLI+11%7C12%7C13%7C14*.1005482-61968045%7C141,idMap:14*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:25,oid:ccb90323-f84d-11ec-975b-d6980d802130,v:19.8.319,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aafbe63767b52106445fc908e63387cf0c3064c6f9b9545d70b77b123f626cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 13:29:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240770
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21331
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 13:07:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 27 Jun 2023 13:29:47 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 795E 0
20 B 89ms
89ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BOcPeTV29YoXkDoKj9u8PisWdkA4AAAAAOAHgBAI&bg=!OjmlOX3NAAaLlKKnq5Q7ACkAdvg8WpdnkaVlLPjVWgmQkIQgEAIZMuR78YY8RyrQyZvWfEtU_ZcMsQIAAABKUgAAAAJoAQeZAtyEagetJBidUbkjHaBer3embiiV621FHf5xQVCKQUKFnfsszMluJM2PBZWTb6ymsf0v017gB5S-Ox1WvZlgj1ocTD_ER-6Cos98gPvyAbKmtCgLrmmMaf5yn7XT_iddP_qK9pkdKUQg2bqkH303EPzQqNxj19QyUEqllRYswBxdhOqNh-09E7sN4h9d020PDPtawc3Zv5RCEtV5wQ02aG5fP3SK5f-jdpULb4zziFlBuYITEeRekAEnjM-c_m9Fl6LJPQSm95Bh_XjafDc0fxYB3RfWnhTM9A12oy8xrCGIyFCaAn_9bfnaQAqnIArOngmDLtvKax3BT2f7yZqxeYy9PRV8eB7WBKaDEfRW5evsBUOHoD6167NhE_WB6fNClPIwgeeBqTWxr2brkugMTkw2zkNMIH1UthQG9F9arHxw-dauB-A6DtPmq-fxlcHEOi_Q2ueMTa8RQdNIoTmPEzwS3tVvQiSYCgRHp3W1RdTwPmKj9JuArq2SRC2wt2Kuy27Cp8u-RIPWVvHN6V_ZwyR7GwIsCVrwonI3P2obe8xQbgn8p9WgJYivCmzVJKLGl1zvqoXqyqfv2GcWfkwb8hpJBFmTsCWwXx7gesWLVhBS7gyBalzAtr3jRIbNqwtNhNVjHBD6apyhNayCOnoBdv5g-OLPPY5JKhRRsw0Q_Ox_Yctz6veSjdiv5CVgOPb0DbpbnvhwLAyf8IQ_JbhrfyvEo8Tzd1WS6X9KKoQKULoXpCOMmuUjB2jJnRO5hP3HK5d7EidBVq6_B9pblvrvzSTt8aC5WmgAsuMlrJgjf9YxP18J-JNGgm0xwqgaSQnJOfyPq0JwFRe34NtTzq2sjIO1k9hA22qLLU3A_p6D5lE_mYz44gKk1TDdygKnibHIRLV2SUA5MO3r5aTltrefldERzbItX_C592QLgxiF9_OVUjg_RoLt7gYw7EAG-cn8fV3rA7ppHsL3Mmn9ymM

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F332 43 B
215 B 401ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1005482&asId=fa62f8d9-0a59-a562-b0b5-034369a1d333&tv=%7Bc:h0x94q,time:300,type:e,im:%7Bimprf:%7Bttecl:730,ecd:236,tsecr:6%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:300,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B289~0%5D,as:%5B289~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tae9LLI+11%7C12%7C13%7C14*.1005482-61968045%7C141,idMap:14*,rmeas:1,rend:0,renddet:svg.us%7D&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
DATA 200
OK truncated
/ Frame F332 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a753dd9ef7187a1d741acbacb04ba2b1cc84ceb5e93f16a8cc6533ad06ede89e

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Brush01.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 2 KB
2 KB 54ms
54ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/Brush01.jpg

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2101e85d7c5d9f83207fa16727c99947736b6f582f43970c4f479c50b280aad5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:19:54 GMT
x-content-type-options: nosniff
age: 262964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2312
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:19:54 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F332 0
26 B 198ms
88ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvi805iV7kKr-pibGjNkClBxzXRBDYOnRcQsq3T0sRrFgbOGw_7BYpUITHqpS89hkDaMLkI55WhK0nHw9v08CpczlcNGEvxqTxUKpC4OvuK-DDg6pWYvTEaRqlBeO452Ijj_Fg&sai=AMfl-YTdm5dBPEWaIvNtbO77j71BBVnpLW9bkzoAmS5Yn2jbl3WScEJemae_b2Zd3Biihbkf-vtAUKb6c0KcBNu362kzik7NGG6U3NTYqW-o4TqyqEwLp3wvRo088kohz3o&sig=Cg0ArKJSzIm00jACuP7tEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=719&vt=11&dtpt=448&dett=3&cstd=268&cisv=r20220628.57419&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 08:22:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 container.html Show response
9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 75BF 6 KB
3 KB 54ms
53ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 08:22:36 GMT
expires: Fri, 30 Jun 2023 08:22:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 02A5 6 KB
3 KB 53ms
53ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 08:22:36 GMT
expires: Fri, 30 Jun 2023 08:22:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 14C2 6 KB
3 KB 54ms
53ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 08:22:36 GMT
expires: Fri, 30 Jun 2023 08:22:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F332 43 B
215 B 321ms
321ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1005482&asId=fa62f8d9-0a59-a562-b0b5-034369a1d333&tv=%7Bc:h0x98Z,pingTime:-10,time:583,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1656577358121%7C%7Cc4f480335765861ae63d44178f748fb8%7C%7C6b9a00393fb1607b0ada13520f814ab5%7C%7C9a79943f75b031136e4b997b30b728eb%7C%7C9508d9287f271fc97c6859d1ba1500dc%7C%7C5d4f978063f56be55102fced27199b4d%7C%7C41e27066c7e4e93cc012cebbd1a28307%7C%7C651e07fe13c612e1ab706c392155dbad%7C%7C1629390669,im:%7Bpci:%7Btdr:552%7D%7D%7D
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 Brush02.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 2 KB
2 KB 54ms
54ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/Brush02.jpg

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14e76607f32a4936efaffced3ce6d74d65bc710a880f62f291888d99596c0197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:19:54 GMT
x-content-type-options: nosniff
age: 262964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2255
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:19:54 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2862 624 B
297 B 193ms
82ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN3Y4tMCEIis7NsCGNmu6s0BMAE&v=APEucNXwL5p_AClWvBTiGqViluKQhOybvAUx75gGoqVytcHqU5Ig3lLZEZeT2nawuT3E3hjxFJXwj31oyC7SaPVMGF7VUfi7SeYgFWLXFWcE3pUbHOxHgqYIF1lVKBXmwJHz1vUdt29kheiTDY2KRBv7BPEsyU5-Zv6DCK-D1FNncXkmai-8cpM

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 08:22:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 75BF 26 KB
16 KB 203ms
94ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BTGR0VUmAMKoIOVB1EkqRAKuLXt2yRTvBMx2DqghwkQenyDy36GRVCh5sSctGRBS1q4tQmOQUqikWc2UfYm3D-DOMPIgNszTijFQxh2Ggoj42_3F30i1PF0ObF7oDYKNqRUNxPKdpJIBFiTgUA4L1ZQX-1kA&cry=1&dbm_d=AKAmf-AmazAItOwVgc3WKSXAWE5jgzjFYKQKB2EgMed6TXjHXwTR-dpexaC0R60h3mfVphQe7KFbACWnFsAHW-1wkSvVVyHQUjnB8NDqAQMaVs1OGjaUmH3BiHAst9l_xWJypARLlhaaBp0YxBr9vgwHvPXSz88TtXtNfWlV0xk4F6EHLTqdupXgTbwFPrGRWVUzpOGhiplRfLfIv8PHABQLywmlKSALgp2RQmQuDfDgHlS0o-CoHff92BUPJcLCeVgmTASb91OXpwCTHlsL4qsaH_Ermfazcd6N8K6_8xv8LQH_HTfg6X-HM2lBJ4XwVZbSK3pKZ8cTVr9ugwHpfEgvYs3X-Ev--aRT1taUWuSuSMHUud7-YalY33K4Rt6AOhPyAxXXsTtdtdF37Q5RA64xlLR5Yid5oyGCxYTfIwcWosc9j1nZ9i1HE3LB1plv_0nxzRlZpLCULDcDeHuUfZ_qfhRweqjkZF2x-hmt1EXqrr__I_-rTnHztOz19O6bIRrdU4OiX9L_LpT81lwX7vRca_b0P9NFRfpjR0gY_w0YrsoaECPoTwJD852uCx9otvQiKTsXlH7_MGUZ1_uGoz3rr1hx3C1wI-sEUpCoLOrSx-qBpSnM84X2ueyz57XhknoafoVg5vwsWHV5Ev7r3bMpFSZcKcStRM6LOqfeqXn5QKBEfnoxbczSD4MZVpBw6-4pvPM0Mzex5iJSEyccEHOFh6cADc2E0exhRmSGkkaFdJ8ZSyopEoN7SwiNe19FZ5wI47Cn_buF0Dl1T17hdx_8UfIeFO8Pj4DVNw88Ze6TKVUqOp5-3SXaJEO16VmoeaHiqR0IwFtRoq8gXScQahuKq7adN8fu4qTN1Z_aPN8jil8IOa3k1jD7TLnZatZ6MlO9LidKjKAVazUgamaKKuLRKtpxY8Q3S16EZQX2Yp_QrDGAAlaklVWFq6pY4wlWX3HLjMd-bZAYvtsUeRe0z2PA2cSptgvPuZPlKjF4miAh6tHwm1EfFRlwWdOQ25fQo8ROtPC6RBlNb8TNIPeiZ5crcw1UWTz4n_qYzUNSVrHvjL36S05QEljLXhsaJ5ytsj9W00O9J97dEMBkWBMuvVEzkqVTUO4DnsDK5VA_HappQX336x1fJarHyJ_bCVmx1LMrnDbdxodfaKkR8yeGnb3lgliiout7cnV1qoEP5R4xzH9oqgO0zTITpNYmWPp5W1Ttu2NwyxQnUoDRPw2Rbzj2gqmRRbyRmEROWSEcw6pdA1X7JU-RRKr6NgecM9FTADZlZUpV_8T6-7Ccy7dEUFwdz4QEh5vfn5jXMZ1dL-49UGTFjPfRArfz5kQOGlnpsjH4tNdJMzl2nwcRkAo3wyQftmh9Tim6rHYfkyrxe7id8xbLykpS0OpwrBikYr9NZxEpGLt3UR3Uti6VRz5y_gJ37-z_XrglIeMORUVWNe7eTghyp-qQqy_qynsIjWRT520zFPD1nBoJf9X5ZgLf_9wC7K3rBv0IdpxX72v2EGldBiblOm5HyTnaOA6uACTonAmdZihP9qp9ycqofvP2WX8EiPFuzAUXZBFo3fWbrjJ9j2xCvU2ddJBCzclf0hXyTwmxcLxB0NUu2tgAUfll6ilOrmaAun97H7zhQehScm-Jh6afsZv_ysQ5lgzwFzNygpxqY7w8AhEeV-ZGyfwdgIuiMfUQLipzQyWPyo0qhnCfrK390MDJ-ZMYpcW9zvgKWi5-BCZtaN1ObIz_FpgAMCfMDrEtdc9jbPBjts6jkfpHGHWUvWy99bW3dMkkXCApJ4s_5XQujRgDgRjxf3gj6ojfS1f8kNn2wP5iDv3Sfbfb33WhpOQdnLkZOcp79B6LqGGkIYz5lZjtfmesvHusz3EnTwYoQAiNJHz5eITUiz09wntRAecAiA_d3y-Sm1t7CknVvTe2LGSG2YHTNdC7Ju8DKdOZ-yqukoYGvhdANbay83mOwHFcbJ2itX0tK8j1UZI7Lt_TXUtgbRyHWCTEjbI8oBBUs7Q_xHSzelKOvb1z75ec-PFiaXwq4yEuAq-Ta_sF2iPmZHN7SL8fKvBqvH9NCXAtKH0labZ_88J0W-g99-0HKtSfBNGZDbGpEtL7DZ5LfP9jR_iB8eUN-cezEI_8rQ4JBdcBTJrHHGJ0gSupKu3uImwwsgwfteASNcnOGh8H0uyLJyol9ByzVQ_MxIp2PnvLzcAtXHn8-zrHvAm42Yvqa-7aqVNT8d5zmvNpF6-HhOnDS-m7b8RlUYj5mO9453roK6hdGyStBicmQJje4GomCTryWg0akY4tf_Az4E1Ii0myZazlSSVZHaR8Zq5Vl5VJJmHHe8rM432tMn897zkTsnCZ-Lu9qMgMROi6uPZ27Uu7GPzLsQ8VsZVjJo-ogaPuZ00TRCb6G1gwqvp0zBpb9nzGEN5zqr297ZP7XH10ODy5oLx7FiK_94bxBTok1G42MdRv92gdj-7cqF1ERsYW5PvCr5X940OAfJREdR60lLyf3_A0ky_9JX1KGWtQ3kZ1NFFs9SAWRpUVz1UjlUE2XKsOcvZeiDqM7Z8IgoNtZklHMexxIjkAhrRbf1KV51AijE5sJijo4RpO9_OT3gK4iXTLHt7uU4Ers8Sta1Clva6PceM56Bc1CFC4oLPseR9_EzZtw9DH-i3hwYqvcf7o-gIxrrHzlbC7A-wZU-eCwDIrmF-hHj0pZzVRo-iMUoAluN8C5T7N5qYbDmYuWC94t60E-1diKfdyOdXswOxUSKODeNgWtTAV1Fk4PxE23DQl4PCEJPDGnPJje2sHCxs-PEQdJSr7htv91vlDOe8a6R6dqNQiQQEm_7JrDZdTTPUMOiLRKcGjGkenl7vpunZpmv8O0wTv_7YErYZuxkxP-RYeIMufDySMH9-r_GrRoeI3g4sUyontGLbmi-Jzk1UA3CuW_pm7iR43cJyRpIrwgW3bko4GIFYxl8LchxJ8CvSN7VzD9YuwMcbRelFLdtqhaDeXwYfQVXh7SgxJh4mNhb5et3hyGs11AoinoPty40NHPZx2sT2oVEhaBQGRPRn0cd3CF4GmORTrZqDDqtDJtN0PY7AeGNM4J0XRI5NlxKN5vPqiW3yXeBaNHJm7Ofw6RVwiQLDrppqJp2Y6IgsqodSOBdJBwSyrHNfK9sRmu-PwVeWjc3TnaPfZGspBQ8SX8SnXiVhWqXWpmx2qBkJ0fq6rGKlr&cid=CAASJORonPtbbb7L84ex10P36sQjklK5AIua_-ZRp5ZfeT34-YAJfQ&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d44ff903ae2f7a30bf8d369ebcc45937a2e8159b4902b3d813a8afd2a644d9ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16081
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 75BF 42 B
63 B 87ms
86ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DgqFVzSjPXX-URIOUl70gPM5BrvpAOOgPF3gEkQ6uslpLbuTz-KJrwcOayK7wswN9sG9SpDuRQWmmd9wLcCQktX-l97aiFuaS4kI85d6ozTsaXMJY

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adServer.bs Show response
fw.adsafeprotected.com/rjss/bs.serving-sys.com/733337/64001342/Serving/ Frame 75BF 237 KB
73 KB 58ms
56ms Script
application/javascript 52.213.113.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bs.serving-sys.com/733337/64001342/Serving/adServer.bs?ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCM_-3TV29YsPXF6ys9u8PtpyU4AvPlc_SavmbnJqTEPAuEAEgtb3JIWCVAsgBCagDAaoE3AFP0NF4TcuNRi5W91zCV6knhDI7doMlO5Aiv4OTf2-7zF8Jk7cSo2-dEptVH7j32UWdjYzJRunJkERuQI2GZne9nlb4VzoDtHWyZZJ5Zn1lSJU2M6Zac9NerdyiQLbKzxuq1H6KqtsX7GjHw_-Kv7vka88GDk6ET16xCrml5PC-NwLHge3W5twqaOwmkm6BykcJ6AYzgsy68oLPfndmJcSd72i7mV3lAh3jn6LVY6VtiKDLexzgHEtGHPX_gNgzJsTjlmOt33rfHh2yNw23Ew9_4Eol3QO7mBeKrp9fwATzjM_f_wPgBAOQBgGgBk2AB7zu-toCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoBmAsByAsBgAwBsBPJ5dMP0BMA2BMK2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORonPtbbb7L84ex10P36sQjklK5AIua_-ZRp5ZfeT34-YAJfQ%26sig%3DAOD64_0rz3Mgwr3_AdCOM13fei-EWXHwwg%26client%3Dca-pub-9161109566094614%26dbm_c%3DAKAmf-BlqSFonfyTyInjdoNnObcN76HeJgBbJ04pXeeXKNfgHnyt3wp_ccek-yqA5Vf_LrfTO228mroFSoex2nNRqv1CZgar8-o9rrIXEV0iof933amefU6zOeDojFdW_Zu__fVMFz4wQPhwATe70EQ9RffgbPZS8A%26cry%3D1%26dbm_d%3DAKAmf-DiSjZB_LRKSrOOq3AK4KGpK4YyUmAkEmKrYuOnQEs6LUyB9oV6f5XteJU0drBnziuYKnUoGgpc0GZ0skC-JzoCOFlZBL-I6cMGRzTy0axgSA1xsM5P2nC4eFyS9M-HhgVipjaPcNETrQV8XW8aCQwRSZ27s6ePh02NEX1pwTlseixbZtvS5UCGDWg9iHdZSm5x-URMUiegOBrJqug30jI7kaKFkTzNfwpO2W6zKMF47tgRNF5sDaqOvY7Bf2n3gWEWaEFo2n09U_O85shYyKJ75FQqnZP03p2vaWDSNMDHBgisrXfegT_GWMZycr7vcgI5L84D3Fxlw2JUvSlTsE5RUZXITQHmvvVcG82xUgG7jvHmQFIsUNRN3b1fCfeIb453crtu_lk0DMosC2cFNtCZvPGfZcIbLLzlYgEEsALPcZ0Hhr1SshzW6549Vsf55clfajOw%26adurl%3D$$&c=28&cn=display&pli=1078114055&gdpr=&gdpr_consent=&w=970&h=250&ord=[timestamp]&ifrm=-1&pcp=$$ABAjH0gYEy-wnS-P4qaOg1bWcRS2$$&z=10000&ias_dspID=3&ias_campId=1007662875&ias_pubId=pub-9161109566094614&ias_chanId=1&ias_placementId=17497334822&bidurl=https://vsim.ua/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0gYEy-wnS-P4qaOg1bWcRS2
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.113.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-113-49.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 7f0330c318d01e6600ee4f5bded3d51be18edd6a4a3dd198889c5e4c8941442f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame 75BF 3 KB
1 KB 55ms
53ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/window_focus_fy2019.js

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 07:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3420
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 07:25:38 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame 75BF 17 KB
7 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92cc22507e69f2baa9a37f4dd7767bad45f4531a1667fd8cfb0665dd7bfd52d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:16:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 346
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7350
x-xss-protection: 0
server: cafe
etag: 4581267900612465077
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 08:16:52 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 75BF 0
0 174ms
62ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR-EeL7Dnq87ypCYcM5392Hl2ifHDqD_SVOl2nEBUUhp5Lgd_qSQEx64TtJlPd1pu--nkRA2pBgKc2RyqYzU8ZEMsfxAw
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 75BF 138 KB
42 KB 66ms
64ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 08:22:38 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 842F 624 B
297 B 177ms
78ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz43OxQEwAQ&v=APEucNVgAZvGB2OdqdzOahbT-vqtXQ4bycBy9_dLhtKhIhOXaI9FpJoBUCvJhlMWJtAizPOeFPcn6v6VTndRFDfKhmK4Mk0ec51q64K3H58WikOSUNvxU5ezZb5KtarMAuuEc_HBrBeC1Bhk4CGpKXCTGYa3ixPfJp5_nKRGcfPq7HnZ3Wn7Bv0

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 08:22:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 02A5 89 KB
35 KB 223ms
124ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D7WEIjoyhRgca8ptlEtQdTz5kEtUO4K0bTWkhtK-rcWBWK0Di8TZpcmV-IjzxYKGI9lGo6enP8OAN5afnZy-04NioAREIFUpUBdkE8c8bEz7rlLXYsdvqTZMzVAIMYocyy_zGqNqA9rSAxes9TxmavmgG3lw&dbm_d=AKAmf-BqtvyWqFnvJ0nUtR0SvyG6TRuefcpOE_dAcQVSX6jkhJAmjIp32z5IuU2BNRvSye2Slm_Gfs-o2OlyZbUK5avtlG7MYf8_Q7ZaHGr2avaxx6c2K5xPYHNF6P1Lm4uUAjENO2kELsSbLdbhQ9mHmX6Ykn5YX-SE2o4YkeN-QJvV0VAOIfQUZfE9cH7X9U-SCivwUmmi9wp8VfS8u5gsT_d2KYOD5dZXQJ28HLqoImwxacoOJMcDao3QFknktCtmMd91Kzy_K7yRkyEg68szqT7lWcotJ39lllPZYSl3OwAuu3YsCB3SZfJK9KJef2QUUApJomdsK-Q8R_Ov5XmYOCdOZFCTuGNxdkq2YfqoEE1AnHsZfG1WfAgq8XTrWJctBp7Tn6HT_BJV7Idfeveh9k2q6O7nJOowU5a8ZWhZAYVcMqXpxBKdggQgryt4cNFwQh4EsadpGaQRBCyOr7CSRFJWyTTr7yYkfIKcrGhscB0SWebDpg8_T9ySll6gfvVsaL0Cyhd-s2FNRKRT1h6XEWC6C3LMuVeHRFDYSlIPmhIxA1vJIUBpgCRp1Ynak5OrBhTBWWa4b8reW79FO0sx4MviWFTHjZV6nQsM6pDf_rBD75qZT1kXz0toDbWLYo5_UYAMNL5LvUqetc05Yy6aQpGkEvTsWnDe55ffaA-B_n7phfrkxh_FDudv-_czYrgsz6zZ5jKgIpUy0lXQZEWdBq8SNVu5Ns4A6FhOs5VupqJXSIyui8RNF9uQdSODUnVVDVvK4etC5DuBY5wsQ1Zv2uro7K1OchUBDGQaJnML2OF5YJZhw5n2YvFV-mwlkywkAHsUbJ6GBq0MfFkAI5rr3UXhWoka7DLNufWHVmyQwxzGwHDBFFlCU2ZRLzkOvqoZXuXjXF4PhNuDfru-DqoX-LJJB_yRnDRW9BjmIj-w7cAh9GXwsue5NboNRRyXsrswQNsqPgqyZbZSGXfDILe2M_F8hsSx2AFH7InYU2GzLxc0-HLQMKGMqO9J48eOb4_B2TyJ7OxSm2LaUCPfkNFOZ3zbghnbR-m0ujlFGYEFLs1XV-laRLPED3eYKVZ6QhZ4avz6cPu5w24sVX8r_7-90hsXbMFiaI-SZPeSnK7lRv-nXYxmP9IjtWlo5GwA6zw4DVrkwuwCix6Q1-50u-lU7mS9ce72Jg5YgreR2e5Mf2oyjxIhzIndqnLeOXZjmL23v_E0DPkS2gLWMirpIlkRrFIabNQzi49MtimjHxH2ts9vK3vW6o0xaOOeWIe8guXuxr6WP_fciZh9MMRdZHN_b2MHJQ9kGnTZX1EQnOaoDTPhHdb0xwHX1jy07xWoqeiQOMKpmPxaFC_cxGQaFZj3OJTBzNlRqNTfhyfQx85K8CSVajEuzNW56nqvU_huZqu0klfcyM8usZAarWTLBGutyIKKqlZLst2AcniDUdbM1GcN8aHrs7qYTS0bFpS4mhglGfYqbf_p_AXSlSF_Ib99n1hDQo49Wlk6EfcPAuVyYf0rNwharpvVFaW1yzocbvz165rCkz3LgQSypnqe_JbZK7rb_1AnDKN7PyoGFzJippSNWz0byLFI3WS_iW9bCZ5nSVLKdOkl2VC45cMqtSxu3vn1XaEvXdRPp92wzBCVXRu8TDMdw-mrruevkIzyoK3yhL8czRYLqRRe4bU0QrXKAmqwSo1fdyvoM2OTxTlK1uXi6QgqdfgyPlO_wcK7M17LI2MhAzqjcjCUwTOGnJy7hP4HEK26awAO6TvSQmWq_R_xpJ-9LCfyzyCjKSiH1W1jf9ToRlzSoHks7XJCzEHnvC5lZXR7Js-Md5AIFQU4kVU7g8d_MvnmTHzeLIVjeMOiLNx5bt7X8jeaVsS1mwZkWupjmgJxQnMSdN-LURnhbm03NOBIETLV0iuhw0N2piW-XCmHSrLN5Hl2-1AniqZC8ANBaw8CMTEx58XhrhhI9IBzEMg7EqfZiMbOJcTuXDpr3HeG8qfHTKIGT8mhH8ic5O-_fCQNPuU-1XViInWOWhO0CsNkfw7bOBVXPcJk3M1afNlTnTl5z1uVoS5p9096GodHL-hfqu5-AQ7swi3c4LPAXc7nMMo4TO64qwI5i46APfozJYfospyZPA5cLMYe6kn1oh8P8huajxNBpNgTbr8h08aB9FOVXkvCc6jXx2M8I3LymjmyIoMavkWHeB-JqWCi6koDYM6EERTyUokpR9b52eeNTPyyPbvVDcz-DZfpRIOM4NhPOw--dTuOmjilkSleiWnV1-QD6erxLBkSaggQlofPfbUR6iYsFPYTrOXp_nRDFdmUHZ5-D6zyTwOH0YEZ1dYtUkZLJxcKlB0ARkqpFTbszXKL5b2okzqwstGPKJDIxxsIMHlsCGW0rVRG8oIXpzQgeWcGTCFSb1yjx07loU3rji384NA134QwWL5qbHyI11wQ8UJ5qfB56SoDenfzmlhPEUDWGdIyI04RZ1n1O6A_BUKx1XaxMAxrqIzEpRnwA70WZZyjM5cz-0DB8tHqOiXYvQZJSq9yi8duaxfJ7msUZOOSP8sqFBrEqQngKAJLnLEGESrWJHKlSjCQlIjsE9l6w5HXQIUSWeuEPbate0rlvRDuJNw0ku-2xp-tMGXZKUQhVmeIV40O1e0VGxJwv3iapefh7RfdgRKUMn-C-wmh9JYXPtE5rdrjQSOQF_55KvGf0ibewrR47XJgBBAy_vQX_hot5igZn5Ga8UEnNs1OVtLrSdQWMufkUtma9iT_Wmh0XJurnFQXbU7UVr-5eFz0lhSxK7sUBPOjqn58ZpqW5ImztDCUF_tCc4zNQ7G9o5Or2oOtRuNidLZbJaUjmzzXpLRDNnioE606vq3YVHXzQFKfOeQUA64tV5q7b4XyUG_DDNPbqpIZFzAuHFpppPHgo9MRN2NNjnajcGs1_rF6nXtwKXpRVSGPhM-pURGufSse46D7DaSUKEjPXH6_Pt5xE3fx1cWPcIGU3zrIqirstRzhF9QUXBuJFQ9h-xraw6qsckaiGGiyvd6lD-pIczpaRfP9OqTeDV3DUPbTqTgWpJ5LaGHVjYrrDeG7_cbInhyRYnLdOp3ZwpVzeY66c4Sse8DrBKUEErp00daeosFOEGmYnu-TMRJ5_pUrqVsEewc5s6rFTOzl7wjWDqYzqQ5mqJbRw1Rae_EoRV1q0r3kwHVDKkyamZ6RvHc2eMFz340RKBRCJSpypjtIO7_NGTFNWlHwyUf3CQeCsPXrEuW-H3adOdnNBMlezJ9gbK_pOW6fXm6mZwLpbNPwbhoPshYmUHnnzU6ejtpWJ2340fWvM-8s2KXQlDBccoSYqXqfwa5JeKwjQw9dDyZkLdJzUGg8Vw&cid=CAASJORoXfYKD13JD6Rz8es3m0kxye2CGesZWVSGOZwHveCYStdF7g&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b2cfa93390b24fd81f2c0ed95548f44db2c650e34e8f86cca40436e8f8eecec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35557
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 02A5 42 B
63 B 88ms
87ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CKjnTWOYSQagsR-b1XcmzNJsoA7Wt8MNjyVwYN0ym3ZZQz34r_lADDwb27E7ApqB8j9yMeqDMeWaunhLuM2-CmqZ8zPFkRoutWxwVIrbkDJttov_8

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame 02A5 3 KB
1 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/window_focus_fy2019.js

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 07:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3420
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 07:25:38 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame 02A5 17 KB
7 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92cc22507e69f2baa9a37f4dd7767bad45f4531a1667fd8cfb0665dd7bfd52d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:16:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 346
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7350
x-xss-protection: 0
server: cafe
etag: 4581267900612465077
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 08:16:52 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 02A5 0
0 166ms
66ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSydB0ZShaB_SCkSWAeI45DEnw6fMziWvXfsK1eSF5naKgWtD1fkPEozj4x_L5th4sMm95ZSshhJAUsuIufD00DCCuMuw
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 02A5 138 KB
42 KB 117ms
116ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 08:22:38 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 628F 624 B
297 B 173ms
79ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz43OxQEwAQ&v=APEucNUQv-WcyAsof9frfaxhuXQ-H_rUcGKm1kwLDJWnk7hMuZvQpYrvCnArOxvGnQ8mrH8k0a4_CD8DOGu31b2K0RyEfZOnzgfIc0b0Zk11h3wdoV95q4GGVx9mHherMfOJRs9sxtYjhNM3vFmOyv1QiU1NI695cPe4hfIXqAIlr2HtiBGoiAM

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 08:22:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 14C2 89 KB
35 KB 188ms
95ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0LW7OdMLL27_uJRZR62b60NKWm0n3bymYNsy8UNdjbYmYg7UhLY_t_uRqSJzEeL5irLCX8R0Ll6m_5Eyubwrlt7h1WhllPDuv7B2LuBfH8nwFcDJak9TCdadrpFXFEf5C8li1XZ3daDQEFwhl49Wk_C2SSg&dbm_d=AKAmf-AHYxubhu-C0Cm4Zwv9qbAlz1FVOuPBX1ZJW98fxC8VPcdXtIWeqA1nIa9auiC5eWQCHtxss0uMPw8_I045wT2fT-VtEns1K7hlmXLS4iEfQ2ofX0OM6LuBJhxPy9WimxA94DZOJe2EAFCk9xaDlSH7yekaiQVudf8Jl-KD6WUSk3y0vgmvxeoyJk28DGaEnnrDaex6tNIsVrVSPp2o6cPQ7xoZjcCWAWHcJo_ALLVOT7G7fs5VKmDSBF7hBWBbHmJACYqvgXIaiYQzhbQjSixcxum_9jui9xxhk9BV604gzHpVdEMo220CBhWD-mGqVJwoSolw-SIAHT4fd2wrb5JZgy8BH_qD3tn5rRqpNlgw9l8-b5VchAPairpf2jWHrQ3MVzZffb1Jv8n37YgStm9scPEdaGkexwPJJfiFoHl5G7nQjJVdoUz6pFA4F3mEDFs9nBknLLmMEsjmZofvqn2jp_lvsKWWIdZnc7-uW1WkWVrr0Djno0-k1u1UwpBVvYo7IiRQwbwMPuWXDZF7BIBre4kjFMIms7E8Oh4ywMgqVjvxoGZI5NFECZemAl_Ay3WXAk8Ag9o4UnKzCfXGrvgzsq_GvzawJ0gzVdU5Wix6ehRMNJZs0lWYKWObgAHeVq88nhAvrliyMbY_cUziD0FkciFcSq2wUrD-Vc0V6rMIC3GCh-ypSYqU7gDVpBVBjFrfk358HXVuAZKLfj7uQb0IgimiHxNKtHqRJ75A0ksmuk-U45JwEoXMc6oiAQTwVyg1tX5L77LX2gwFoKURkcbBT01OsJ0r2zZlYRxeZahCZ2vM-I7fdHusDZbrRPxvYHVIIMG7SxwA9jgE27T6eYzpzSUwuyQLtC6STJ9HYtPUTA0ONerTOP6s7rt9Hnrdte2BPwoRvQ4DR7ZO4otn0YdkGLIgrMjWcMC-EwWSRzwJVHXIYfa3de5J7magzc1EQZ13JB1MiNXDoAZDMKXsNNT14gkw1nJrGg7e2c8-vvJJDuFMigyFJ0bhlx2MLHQszPMXG7sS9oWrrxHtKOfwjFxZHbNxmk-o2ucknQSMFQg_zLA4TSeua2ZknVUz6L0AGOm16wCnpLmdYq1c8Wv9_QdqICQzVHpsvzQ1zb3CxtzF-ZiYBbkhXzvbT67g2h4kDC5Gm-pXpkLubNmCZuCKiROd71Va2BjXQThY7sOk-xYGI_zi6Tx_K8CjOJ96xI7Ax3bLLy4bCOcGglzVyhdMhJRRF2wuBhAX1ipHsvlaBEMBLBRhtl7foS_pQakNmKvZSwstJAgA1FQL46hgd4CpIY1HNHSq-rNBbRPWroSCkkcg_lSivRRE7rzvjWgEicoFp6Tfj9HrCEuOhvE1sbFu9AH21CVHTlmgx79H2l_wP_SWoDO5N6Y11MoPS0g1zDTJup9Gx7HN1twPPs3Ws1gzzF_T5Yfs1cPnqGyKDNaeoHtk6Wcyd4mvlWEZiEJ-wz1bmdd-Wdbllj9g9xYhEHzUNQI3JIsmx5TReyFq4rjrWu6TAbepGlXmnTDAO9mHqDa4GA9rqQqJpPsVZd-6Qht_twUiDZQ8_JwNtr2cwfS2xI0HtcedV1M0skHDBrl5A5Mbd5IcN4tOjCA1wwmvNO7WRiGUQSbRM7Yv6Z76F6Xnq8Sjk0AH1TonFX6pxLPbVqtU7BQS_ucvdg_YOApnAYFq49vRoE-DMH_2o4qgVahFkqhWXUfi7ag1akmDFr3CzVjni9_9XgSYsqN-4svOk7G25TAUe9cza2zOrllf0459s5Me-0UzI4vSAA-cf83UQ_KNpn4a5zagnyiR7ermGXMTqLH8l6BBpHkfMBEEtTeo4g-zuE_Dnz8x_e9uDW8eeTvItR_DBvhH_9y40jyyBmDND4TN-TNotPPou0qTt4ZSrtEM9YeHy8e1soxwrLm-zrmusl16hLAqBGVcycot_hoA1gi-35Qc2n01KkZ9tOjFPtVMg90Hy0ToaWr_0JHR3aXHB-6GCjSM-QmA1WRJxP3qeBBtmE2yZyLZrwhuMjKCNe6hms1u0fF6qN2jPJ5hj7T6H9-klIB1-RL2kHb-J-JaJpyNIw8qfRahDdmVqe8vsbmGigLgGgV9P51EotGwBTSlfPB6byg8vtiX87FxG911theIcaZsIyMKBkFtcjBRSd-vlIs6UTknT-t6SNb-Jm-8xJL7ApMjbC9varDNenNbHjaxEaB8Av91jf_29lxv13ER6OyJ0u2_CpS1PpQSPduAiwGNlQhl3aq999k988j8Z876djLjDsNyj7Y35nSWxmhmplUy3gupwGh7Uj7Zd3BQ738zsV2OYxVit3MNFQokwwe86CofR8dQXCxgeTxiuwXxW6dAisrexjb8W40000e4Ou41oAw563NIlhBVbgfgwE-3E87DvuVi-FWMb8fNPdp8MrkvcMIDiA2gGifMuN9EjmhDTXSqs2AEygXqwUbhjZ-UC5hsBtvvfo_AZw5k2BdkDFlDSHaDLL05gLHPgIjxho3ReCByXbTQygkX0cmgcdQRd5bFkHO-oPXrck52ukagsnTVP5OWSHyXPlAJaMLbmFdIIKnmqU1jUAHh8taSjPAOagUUfnKgr6N6_TSBWoJywUH0dlvHWtwdFJBPCaWwStIZGDdy8eAs8MCECR8CDpDsV0ZJMSX2I9xNgtCrURf6KoZdk9q4VYnkywxCbbFAC-afdmhMZLV4efrl1m81CsgJCYmVC0aVxpLcVpX4dVEykGc0C6lGvOHxHdECcsXA2f4biA1npIsYiyl_m_VwbWh5PMMfnzYFwR1oFv-vyNLtOi5VBs84Sq1HMK4s8QwimCsohkQNFpcl7iISIDg-uUzbb0W1DhUzqbzKEX989TE_Cs_Opf7ciqnapyDY9If5xALRBWWQsX2Woh99bnJDe_OXpu0Dm06-WWW40mDYYF5EdFNsYosrIBmsYMYx2W441jR2uBejuA_I9KgEowNvb4j4F3Lk-l2f0x7UcaarIa2IijW5Z6glY2Ey1q3gQOE0i4ScMBbtSJL3DqTeTQO4fLDkKsQsG7GC4cRAqjc-xuFfxR3G8L6uAMmtvqKK5STXulSbpydTczlVjwc7CRK5f6APWvf4aNA9WJd2SyVJUYzpEXXny4fVug_V9dGrEi0qPo-WJLb-aMwXIm0gK_6WJvEwaUgO4idGqK3MgqfnG884GKl3oRYMhCZOs-4gmZmMFHoGSGK0epqeW2M_S6ZiG5CN2XJtuohhUdCw68p9nrcXpnZ1e3dhlg4oOxW71uUV6Zf-ML_155MENTdesvOzdLfnECwUeRE1dHuM_nC990Racc5aG6ltraNGCN7qLybOat4DJbJcPAhJti7sXCaJWas6ABfvsw&cid=CAASJORocLQ_OdJDtXx9B9yohEzsJEukVr9IHYsFzFEkjuubEqzprw&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e24b651e84b6282726e291f999b8f476b638bc321e9add1013cb1f21fa7ba657

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35584
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 14C2 42 B
63 B 88ms
86ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B0zjt343vm8VFC_0XuGikIR7P6LS_72Jt6dxKZUDNKSIwXycHtZhJgfghGEgPHQ-AT2Ld2qQCjFTXRa36EqUDZYnRcDSq8qVTXE4SolC-Fwcc-cyY

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame 14C2 3 KB
1 KB 67ms
65ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/window_focus_fy2019.js

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 07:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3420
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 07:25:38 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame 14C2 17 KB
7 KB 59ms
57ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92cc22507e69f2baa9a37f4dd7767bad45f4531a1667fd8cfb0665dd7bfd52d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:16:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 346
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7350
x-xss-protection: 0
server: cafe
etag: 4581267900612465077
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 08:16:52 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 14C2 0
0 163ms
69ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS-NrSNEXcbpB5rLHF5dV8FnsM7Ay_kQ15pEFPFYixVpCgWq6FwlDEX2n9zkctpfhPeTlyqXv-625IklkkZdR7T3mO0rg
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 14C2 138 KB
42 KB 92ms
90ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 08:22:38 GMT

GET
H3 200 Brush03.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 2 KB
2 KB 54ms
54ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/Brush03.jpg

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84dce02db0d21f11aa5ed7434db9e9846a34976fbf2dab81eb414f423e42845d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:19:44 GMT
x-content-type-options: nosniff
age: 262974
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2149
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:19:44 GMT

GET
H3 200 Debrisfield.png
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 3 KB
3 KB 54ms
54ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/Debrisfield.png

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

67a539307feececaa1d9e7c3c64309775fba011c2f6f11040f8ec73d53b1c086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:19:54 GMT
x-content-type-options: nosniff
age: 262964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2764
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:19:54 GMT

GET
H3 200 Dust03.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 5 KB
5 KB 62ms
62ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/Dust03.jpg

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f744b349a8dfe361caf1bae49437361d028b7c2b918b164283adf3e9dde51b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:19:54 GMT
x-content-type-options: nosniff
age: 262964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5210
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:19:54 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 842F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

43 B
908 B

88ms
87ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz43OxQEwAQ&v=APEucNVgAZvGB2OdqdzOahbT-vqtXQ4bycBy9_dLhtKhIhOXaI9FpJoBUCvJhlMWJtAizPOeFPcn6v6VTndRFDfKhmK4Mk0ec51q64K3H58WikOSUNvxU5ezZb5KtarMAuuEc_HBrBeC1Bhk4CGpKXCTGYa3ixPfJp5_nKRGcfPq7HnZ3Wn7Bv0
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 72357eca99847509-LHR
pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U2k%2F73U1rGjNOb4weImEYKRzg9wg0cDeM%2FuZqPqa5X80VTsHZmPzsr9e1to92PgRzR2haQLkZmHQPInHvY3XswRy4FJhFEoDvUiU6jcJv0csALdPrg3UpvJGheAOA%2BgF5NobFnbq%2Fbbw8w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 842F
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

43 B
909 B

73ms
73ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz43OxQEwAQ&v=APEucNVgAZvGB2OdqdzOahbT-vqtXQ4bycBy9_dLhtKhIhOXaI9FpJoBUCvJhlMWJtAizPOeFPcn6v6VTndRFDfKhmK4Mk0ec51q64K3H58WikOSUNvxU5ezZb5KtarMAuuEc_HBrBeC1Bhk4CGpKXCTGYa3ixPfJp5_nKRGcfPq7HnZ3Wn7Bv0
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 72357ecb9ae57509-LHR
pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pwzCYtL01UMhK2N6aW3TRf5O3%2FAt%2FM9QdmPutf%2F9aQt8GODvWkoXgVUmCsLawNUtRKwnzmqqVHPEsf1NFD9AqMUoR3cL%2BFLi4eFxfYYhQdc71Ol0H2FkB8OLIQOyf7ZwMYuFow3NOzB7pg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 842F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1

43 B
1015 B

100ms
56ms

Image
image/gif

37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz43OxQEwAQ&v=APEucNVgAZvGB2OdqdzOahbT-vqtXQ4bycBy9_dLhtKhIhOXaI9FpJoBUCvJhlMWJtAizPOeFPcn6v6VTndRFDfKhmK4Mk0ec51q64K3H58WikOSUNvxU5ezZb5KtarMAuuEc_HBrBeC1Bhk4CGpKXCTGYa3ixPfJp5_nKRGcfPq7HnZ3Wn7Bv0

Protocol

HTTP/1.1

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jun 2022 08:22:38 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0d53d354-056a-4ebd-a5ca-bd375065cd04
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 842F
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1

170 B
188 B

74ms
74ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Jun 2022 08:22:38 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 70ac9cd5-8993-4d78-b476-1345d6430561
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Dust04.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 23 KB
23 KB 54ms
54ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/Dust04.jpg

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfe627cdc131b0123585e4232c1bbc3c04b968627237b96d310a9ee437488215

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 08:45:55 GMT
x-content-type-options: nosniff
age: 85003
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23181
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 08:45:55 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 628F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

43 B
912 B

86ms
85ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz43OxQEwAQ&v=APEucNUQv-WcyAsof9frfaxhuXQ-H_rUcGKm1kwLDJWnk7hMuZvQpYrvCnArOxvGnQ8mrH8k0a4_CD8DOGu31b2K0RyEfZOnzgfIc0b0Zk11h3wdoV95q4GGVx9mHherMfOJRs9sxtYjhNM3vFmOyv1QiU1NI695cPe4hfIXqAIlr2HtiBGoiAM
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 72357eca99857509-LHR
pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BZpvNzV9VYr1CQxganHw8sFvstlqmAwNjaB7oDTYwWBhEJVtHTk9zvOjvE7AMwXYBb3SUVDpuBnHh3JJaNGTxpHbZvMANZ%2ByW39TczrOqjXX4vchTjbZ3yM6Z%2BmB67yzgx%2BR64le4jd%2FBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 628F
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

43 B
908 B

74ms
74ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz43OxQEwAQ&v=APEucNUQv-WcyAsof9frfaxhuXQ-H_rUcGKm1kwLDJWnk7hMuZvQpYrvCnArOxvGnQ8mrH8k0a4_CD8DOGu31b2K0RyEfZOnzgfIc0b0Zk11h3wdoV95q4GGVx9mHherMfOJRs9sxtYjhNM3vFmOyv1QiU1NI695cPe4hfIXqAIlr2HtiBGoiAM
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 72357ecb9ae27509-LHR
pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CdpqIx08iIXa4bOK1sN9Zfk%2FBzJOIxrnj5U2HsEOaqH4ODsy9QpcWFcarZc2xX5WkPvjgSvOw8zSu6XkrMJJeslkvAAzVpvy8%2BrQe%2Bv3BZAy5vk7BTJi5KwBspJqNa81lof4E76kKdD7lA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 628F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1

43 B
1015 B

103ms
63ms

Image
image/gif

37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz43OxQEwAQ&v=APEucNUQv-WcyAsof9frfaxhuXQ-H_rUcGKm1kwLDJWnk7hMuZvQpYrvCnArOxvGnQ8mrH8k0a4_CD8DOGu31b2K0RyEfZOnzgfIc0b0Zk11h3wdoV95q4GGVx9mHherMfOJRs9sxtYjhNM3vFmOyv1QiU1NI695cPe4hfIXqAIlr2HtiBGoiAM

Protocol

HTTP/1.1

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jun 2022 08:22:38 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: ad4d9145-1fc4-480a-92f6-2e61606f80e0
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 628F
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1

170 B
188 B

67ms
66ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Jun 2022 08:22:38 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 4a887d73-4a33-415f-8d2d-6a0a26412d74
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2862
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

43 B
908 B

76ms
76ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN3Y4tMCEIis7NsCGNmu6s0BMAE&v=APEucNXwL5p_AClWvBTiGqViluKQhOybvAUx75gGoqVytcHqU5Ig3lLZEZeT2nawuT3E3hjxFJXwj31oyC7SaPVMGF7VUfi7SeYgFWLXFWcE3pUbHOxHgqYIF1lVKBXmwJHz1vUdt29kheiTDY2KRBv7BPEsyU5-Zv6DCK-D1FNncXkmai-8cpM
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 72357eca99867509-LHR
pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SduzYNA87sqbw%2BUj8czXsuTmvWWaXFNFGSnyIsqCG2JICLDPcsLB7y1dGRf%2BDh1ngiiwaKwBrQ0LSwkRoL798bLM5V4ccg831vd29ncBzUcxUDWBS6emp4Q8p%2BaJzF33vMF2fzjnaKkv%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2862
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1

43 B
907 B

86ms
85ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN3Y4tMCEIis7NsCGNmu6s0BMAE&v=APEucNXwL5p_AClWvBTiGqViluKQhOybvAUx75gGoqVytcHqU5Ig3lLZEZeT2nawuT3E3hjxFJXwj31oyC7SaPVMGF7VUfi7SeYgFWLXFWcE3pUbHOxHgqYIF1lVKBXmwJHz1vUdt29kheiTDY2KRBv7BPEsyU5-Zv6DCK-D1FNncXkmai-8cpM
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 72357ecb9ae47509-LHR
pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u4ompeECmoX4LAw5ecrVfqRv9BFrk%2B7R5VDDBNvd5nSTFdn7UbiYTJmq3PBO0oxX90dhclBarMD8n9ImTaPtIolBUtglqY9d0RR%2B4Wpm1siGrQdD1qKA8V9u29QRXSSMYVG%2FZttqgUX6lA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAjOGO54fQ0awSj-D5w64Rc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 2862
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1

43 B
1015 B

103ms
89ms

Image
image/gif

37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN3Y4tMCEIis7NsCGNmu6s0BMAE&v=APEucNXwL5p_AClWvBTiGqViluKQhOybvAUx75gGoqVytcHqU5Ig3lLZEZeT2nawuT3E3hjxFJXwj31oyC7SaPVMGF7VUfi7SeYgFWLXFWcE3pUbHOxHgqYIF1lVKBXmwJHz1vUdt29kheiTDY2KRBv7BPEsyU5-Zv6DCK-D1FNncXkmai-8cpM

Protocol

HTTP/1.1

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jun 2022 08:22:38 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 9f452952-5b05-4097-8545-5c6ce2f9d47e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJHuYajGr5k6s9YNRhWkS9k&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2862
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1

170 B
188 B

66ms
66ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Jun 2022 08:22:38 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: eddc2863-0fc6-4fe5-ad3c-71e4c3c5374c
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MTc0MTkxMjY1OTY2NzA1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/ Frame 75BF 27 KB
10 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BTGR0VUmAMKoIOVB1EkqRAKuLXt2yRTvBMx2DqghwkQenyDy36GRVCh5sSctGRBS1q4tQmOQUqikWc2UfYm3D-DOMPIgNszTijFQxh2Ggoj42_3F30i1PF0ObF7oDYKNqRUNxPKdpJIBFiTgUA4L1ZQX-1kA&cry=1&dbm_d=AKAmf-AmazAItOwVgc3WKSXAWE5jgzjFYKQKB2EgMed6TXjHXwTR-dpexaC0R60h3mfVphQe7KFbACWnFsAHW-1wkSvVVyHQUjnB8NDqAQMaVs1OGjaUmH3BiHAst9l_xWJypARLlhaaBp0YxBr9vgwHvPXSz88TtXtNfWlV0xk4F6EHLTqdupXgTbwFPrGRWVUzpOGhiplRfLfIv8PHABQLywmlKSALgp2RQmQuDfDgHlS0o-CoHff92BUPJcLCeVgmTASb91OXpwCTHlsL4qsaH_Ermfazcd6N8K6_8xv8LQH_HTfg6X-HM2lBJ4XwVZbSK3pKZ8cTVr9ugwHpfEgvYs3X-Ev--aRT1taUWuSuSMHUud7-YalY33K4Rt6AOhPyAxXXsTtdtdF37Q5RA64xlLR5Yid5oyGCxYTfIwcWosc9j1nZ9i1HE3LB1plv_0nxzRlZpLCULDcDeHuUfZ_qfhRweqjkZF2x-hmt1EXqrr__I_-rTnHztOz19O6bIRrdU4OiX9L_LpT81lwX7vRca_b0P9NFRfpjR0gY_w0YrsoaECPoTwJD852uCx9otvQiKTsXlH7_MGUZ1_uGoz3rr1hx3C1wI-sEUpCoLOrSx-qBpSnM84X2ueyz57XhknoafoVg5vwsWHV5Ev7r3bMpFSZcKcStRM6LOqfeqXn5QKBEfnoxbczSD4MZVpBw6-4pvPM0Mzex5iJSEyccEHOFh6cADc2E0exhRmSGkkaFdJ8ZSyopEoN7SwiNe19FZ5wI47Cn_buF0Dl1T17hdx_8UfIeFO8Pj4DVNw88Ze6TKVUqOp5-3SXaJEO16VmoeaHiqR0IwFtRoq8gXScQahuKq7adN8fu4qTN1Z_aPN8jil8IOa3k1jD7TLnZatZ6MlO9LidKjKAVazUgamaKKuLRKtpxY8Q3S16EZQX2Yp_QrDGAAlaklVWFq6pY4wlWX3HLjMd-bZAYvtsUeRe0z2PA2cSptgvPuZPlKjF4miAh6tHwm1EfFRlwWdOQ25fQo8ROtPC6RBlNb8TNIPeiZ5crcw1UWTz4n_qYzUNSVrHvjL36S05QEljLXhsaJ5ytsj9W00O9J97dEMBkWBMuvVEzkqVTUO4DnsDK5VA_HappQX336x1fJarHyJ_bCVmx1LMrnDbdxodfaKkR8yeGnb3lgliiout7cnV1qoEP5R4xzH9oqgO0zTITpNYmWPp5W1Ttu2NwyxQnUoDRPw2Rbzj2gqmRRbyRmEROWSEcw6pdA1X7JU-RRKr6NgecM9FTADZlZUpV_8T6-7Ccy7dEUFwdz4QEh5vfn5jXMZ1dL-49UGTFjPfRArfz5kQOGlnpsjH4tNdJMzl2nwcRkAo3wyQftmh9Tim6rHYfkyrxe7id8xbLykpS0OpwrBikYr9NZxEpGLt3UR3Uti6VRz5y_gJ37-z_XrglIeMORUVWNe7eTghyp-qQqy_qynsIjWRT520zFPD1nBoJf9X5ZgLf_9wC7K3rBv0IdpxX72v2EGldBiblOm5HyTnaOA6uACTonAmdZihP9qp9ycqofvP2WX8EiPFuzAUXZBFo3fWbrjJ9j2xCvU2ddJBCzclf0hXyTwmxcLxB0NUu2tgAUfll6ilOrmaAun97H7zhQehScm-Jh6afsZv_ysQ5lgzwFzNygpxqY7w8AhEeV-ZGyfwdgIuiMfUQLipzQyWPyo0qhnCfrK390MDJ-ZMYpcW9zvgKWi5-BCZtaN1ObIz_FpgAMCfMDrEtdc9jbPBjts6jkfpHGHWUvWy99bW3dMkkXCApJ4s_5XQujRgDgRjxf3gj6ojfS1f8kNn2wP5iDv3Sfbfb33WhpOQdnLkZOcp79B6LqGGkIYz5lZjtfmesvHusz3EnTwYoQAiNJHz5eITUiz09wntRAecAiA_d3y-Sm1t7CknVvTe2LGSG2YHTNdC7Ju8DKdOZ-yqukoYGvhdANbay83mOwHFcbJ2itX0tK8j1UZI7Lt_TXUtgbRyHWCTEjbI8oBBUs7Q_xHSzelKOvb1z75ec-PFiaXwq4yEuAq-Ta_sF2iPmZHN7SL8fKvBqvH9NCXAtKH0labZ_88J0W-g99-0HKtSfBNGZDbGpEtL7DZ5LfP9jR_iB8eUN-cezEI_8rQ4JBdcBTJrHHGJ0gSupKu3uImwwsgwfteASNcnOGh8H0uyLJyol9ByzVQ_MxIp2PnvLzcAtXHn8-zrHvAm42Yvqa-7aqVNT8d5zmvNpF6-HhOnDS-m7b8RlUYj5mO9453roK6hdGyStBicmQJje4GomCTryWg0akY4tf_Az4E1Ii0myZazlSSVZHaR8Zq5Vl5VJJmHHe8rM432tMn897zkTsnCZ-Lu9qMgMROi6uPZ27Uu7GPzLsQ8VsZVjJo-ogaPuZ00TRCb6G1gwqvp0zBpb9nzGEN5zqr297ZP7XH10ODy5oLx7FiK_94bxBTok1G42MdRv92gdj-7cqF1ERsYW5PvCr5X940OAfJREdR60lLyf3_A0ky_9JX1KGWtQ3kZ1NFFs9SAWRpUVz1UjlUE2XKsOcvZeiDqM7Z8IgoNtZklHMexxIjkAhrRbf1KV51AijE5sJijo4RpO9_OT3gK4iXTLHt7uU4Ers8Sta1Clva6PceM56Bc1CFC4oLPseR9_EzZtw9DH-i3hwYqvcf7o-gIxrrHzlbC7A-wZU-eCwDIrmF-hHj0pZzVRo-iMUoAluN8C5T7N5qYbDmYuWC94t60E-1diKfdyOdXswOxUSKODeNgWtTAV1Fk4PxE23DQl4PCEJPDGnPJje2sHCxs-PEQdJSr7htv91vlDOe8a6R6dqNQiQQEm_7JrDZdTTPUMOiLRKcGjGkenl7vpunZpmv8O0wTv_7YErYZuxkxP-RYeIMufDySMH9-r_GrRoeI3g4sUyontGLbmi-Jzk1UA3CuW_pm7iR43cJyRpIrwgW3bko4GIFYxl8LchxJ8CvSN7VzD9YuwMcbRelFLdtqhaDeXwYfQVXh7SgxJh4mNhb5et3hyGs11AoinoPty40NHPZx2sT2oVEhaBQGRPRn0cd3CF4GmORTrZqDDqtDJtN0PY7AeGNM4J0XRI5NlxKN5vPqiW3yXeBaNHJm7Ofw6RVwiQLDrppqJp2Y6IgsqodSOBdJBwSyrHNfK9sRmu-PwVeWjc3TnaPfZGspBQ8SX8SnXiVhWqXWpmx2qBkJ0fq6rGKlr&cid=CAASJORonPtbbb7L84ex10P36sQjklK5AIua_-ZRp5ZfeT34-YAJfQ&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:21:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10545
x-xss-protection: 0
server: cafe
etag: 4672069523611413616
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 08:21:13 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 75BF 41 KB
15 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 06:00:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94945
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Jun 2023 06:00:13 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/990511/61634097/ Frame 14C2 235 KB
71 KB 57ms
56ms Script
application/javascript 52.213.113.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/990511/61634097/skeleton.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.113.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-113-49.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2a788b617b03d1e88e81970b03b44033cf1051952b2595f66411e59595d05ce9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 14C2 106 KB
37 KB 164ms
55ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Origin: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 10:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77802
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 10:45:56 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/elements/html/ Frame 14C2 8 KB
3 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0LW7OdMLL27_uJRZR62b60NKWm0n3bymYNsy8UNdjbYmYg7UhLY_t_uRqSJzEeL5irLCX8R0Ll6m_5Eyubwrlt7h1WhllPDuv7B2LuBfH8nwFcDJak9TCdadrpFXFEf5C8li1XZ3daDQEFwhl49Wk_C2SSg&dbm_d=AKAmf-AHYxubhu-C0Cm4Zwv9qbAlz1FVOuPBX1ZJW98fxC8VPcdXtIWeqA1nIa9auiC5eWQCHtxss0uMPw8_I045wT2fT-VtEns1K7hlmXLS4iEfQ2ofX0OM6LuBJhxPy9WimxA94DZOJe2EAFCk9xaDlSH7yekaiQVudf8Jl-KD6WUSk3y0vgmvxeoyJk28DGaEnnrDaex6tNIsVrVSPp2o6cPQ7xoZjcCWAWHcJo_ALLVOT7G7fs5VKmDSBF7hBWBbHmJACYqvgXIaiYQzhbQjSixcxum_9jui9xxhk9BV604gzHpVdEMo220CBhWD-mGqVJwoSolw-SIAHT4fd2wrb5JZgy8BH_qD3tn5rRqpNlgw9l8-b5VchAPairpf2jWHrQ3MVzZffb1Jv8n37YgStm9scPEdaGkexwPJJfiFoHl5G7nQjJVdoUz6pFA4F3mEDFs9nBknLLmMEsjmZofvqn2jp_lvsKWWIdZnc7-uW1WkWVrr0Djno0-k1u1UwpBVvYo7IiRQwbwMPuWXDZF7BIBre4kjFMIms7E8Oh4ywMgqVjvxoGZI5NFECZemAl_Ay3WXAk8Ag9o4UnKzCfXGrvgzsq_GvzawJ0gzVdU5Wix6ehRMNJZs0lWYKWObgAHeVq88nhAvrliyMbY_cUziD0FkciFcSq2wUrD-Vc0V6rMIC3GCh-ypSYqU7gDVpBVBjFrfk358HXVuAZKLfj7uQb0IgimiHxNKtHqRJ75A0ksmuk-U45JwEoXMc6oiAQTwVyg1tX5L77LX2gwFoKURkcbBT01OsJ0r2zZlYRxeZahCZ2vM-I7fdHusDZbrRPxvYHVIIMG7SxwA9jgE27T6eYzpzSUwuyQLtC6STJ9HYtPUTA0ONerTOP6s7rt9Hnrdte2BPwoRvQ4DR7ZO4otn0YdkGLIgrMjWcMC-EwWSRzwJVHXIYfa3de5J7magzc1EQZ13JB1MiNXDoAZDMKXsNNT14gkw1nJrGg7e2c8-vvJJDuFMigyFJ0bhlx2MLHQszPMXG7sS9oWrrxHtKOfwjFxZHbNxmk-o2ucknQSMFQg_zLA4TSeua2ZknVUz6L0AGOm16wCnpLmdYq1c8Wv9_QdqICQzVHpsvzQ1zb3CxtzF-ZiYBbkhXzvbT67g2h4kDC5Gm-pXpkLubNmCZuCKiROd71Va2BjXQThY7sOk-xYGI_zi6Tx_K8CjOJ96xI7Ax3bLLy4bCOcGglzVyhdMhJRRF2wuBhAX1ipHsvlaBEMBLBRhtl7foS_pQakNmKvZSwstJAgA1FQL46hgd4CpIY1HNHSq-rNBbRPWroSCkkcg_lSivRRE7rzvjWgEicoFp6Tfj9HrCEuOhvE1sbFu9AH21CVHTlmgx79H2l_wP_SWoDO5N6Y11MoPS0g1zDTJup9Gx7HN1twPPs3Ws1gzzF_T5Yfs1cPnqGyKDNaeoHtk6Wcyd4mvlWEZiEJ-wz1bmdd-Wdbllj9g9xYhEHzUNQI3JIsmx5TReyFq4rjrWu6TAbepGlXmnTDAO9mHqDa4GA9rqQqJpPsVZd-6Qht_twUiDZQ8_JwNtr2cwfS2xI0HtcedV1M0skHDBrl5A5Mbd5IcN4tOjCA1wwmvNO7WRiGUQSbRM7Yv6Z76F6Xnq8Sjk0AH1TonFX6pxLPbVqtU7BQS_ucvdg_YOApnAYFq49vRoE-DMH_2o4qgVahFkqhWXUfi7ag1akmDFr3CzVjni9_9XgSYsqN-4svOk7G25TAUe9cza2zOrllf0459s5Me-0UzI4vSAA-cf83UQ_KNpn4a5zagnyiR7ermGXMTqLH8l6BBpHkfMBEEtTeo4g-zuE_Dnz8x_e9uDW8eeTvItR_DBvhH_9y40jyyBmDND4TN-TNotPPou0qTt4ZSrtEM9YeHy8e1soxwrLm-zrmusl16hLAqBGVcycot_hoA1gi-35Qc2n01KkZ9tOjFPtVMg90Hy0ToaWr_0JHR3aXHB-6GCjSM-QmA1WRJxP3qeBBtmE2yZyLZrwhuMjKCNe6hms1u0fF6qN2jPJ5hj7T6H9-klIB1-RL2kHb-J-JaJpyNIw8qfRahDdmVqe8vsbmGigLgGgV9P51EotGwBTSlfPB6byg8vtiX87FxG911theIcaZsIyMKBkFtcjBRSd-vlIs6UTknT-t6SNb-Jm-8xJL7ApMjbC9varDNenNbHjaxEaB8Av91jf_29lxv13ER6OyJ0u2_CpS1PpQSPduAiwGNlQhl3aq999k988j8Z876djLjDsNyj7Y35nSWxmhmplUy3gupwGh7Uj7Zd3BQ738zsV2OYxVit3MNFQokwwe86CofR8dQXCxgeTxiuwXxW6dAisrexjb8W40000e4Ou41oAw563NIlhBVbgfgwE-3E87DvuVi-FWMb8fNPdp8MrkvcMIDiA2gGifMuN9EjmhDTXSqs2AEygXqwUbhjZ-UC5hsBtvvfo_AZw5k2BdkDFlDSHaDLL05gLHPgIjxho3ReCByXbTQygkX0cmgcdQRd5bFkHO-oPXrck52ukagsnTVP5OWSHyXPlAJaMLbmFdIIKnmqU1jUAHh8taSjPAOagUUfnKgr6N6_TSBWoJywUH0dlvHWtwdFJBPCaWwStIZGDdy8eAs8MCECR8CDpDsV0ZJMSX2I9xNgtCrURf6KoZdk9q4VYnkywxCbbFAC-afdmhMZLV4efrl1m81CsgJCYmVC0aVxpLcVpX4dVEykGc0C6lGvOHxHdECcsXA2f4biA1npIsYiyl_m_VwbWh5PMMfnzYFwR1oFv-vyNLtOi5VBs84Sq1HMK4s8QwimCsohkQNFpcl7iISIDg-uUzbb0W1DhUzqbzKEX989TE_Cs_Opf7ciqnapyDY9If5xALRBWWQsX2Woh99bnJDe_OXpu0Dm06-WWW40mDYYF5EdFNsYosrIBmsYMYx2W441jR2uBejuA_I9KgEowNvb4j4F3Lk-l2f0x7UcaarIa2IijW5Z6glY2Ey1q3gQOE0i4ScMBbtSJL3DqTeTQO4fLDkKsQsG7GC4cRAqjc-xuFfxR3G8L6uAMmtvqKK5STXulSbpydTczlVjwc7CRK5f6APWvf4aNA9WJd2SyVJUYzpEXXny4fVug_V9dGrEi0qPo-WJLb-aMwXIm0gK_6WJvEwaUgO4idGqK3MgqfnG884GKl3oRYMhCZOs-4gmZmMFHoGSGK0epqeW2M_S6ZiG5CN2XJtuohhUdCw68p9nrcXpnZ1e3dhlg4oOxW71uUV6Zf-ML_155MENTdesvOzdLfnECwUeRE1dHuM_nC990Racc5aG6ltraNGCN7qLybOat4DJbJcPAhJti7sXCaJWas6ABfvsw&cid=CAASJORocLQ_OdJDtXx9B9yohEzsJEukVr9IHYsFzFEkjuubEqzprw&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:17:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 323
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 08:17:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/ Frame 14C2 27 KB
10 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:21:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10545
x-xss-protection: 0
server: cafe
etag: 4672069523611413616
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 08:21:13 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/990511/61634097/ Frame 02A5 235 KB
71 KB 56ms
56ms Script
application/javascript 52.213.113.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/990511/61634097/skeleton.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.113.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-113-49.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: df0821266360b01bfc90782fc5c99b69ec2f41845676919ba53c30c246ac12ec

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 02A5 106 KB
37 KB 152ms
53ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Origin: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 10:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77802
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 10:45:56 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/elements/html/ Frame 02A5 8 KB
3 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D7WEIjoyhRgca8ptlEtQdTz5kEtUO4K0bTWkhtK-rcWBWK0Di8TZpcmV-IjzxYKGI9lGo6enP8OAN5afnZy-04NioAREIFUpUBdkE8c8bEz7rlLXYsdvqTZMzVAIMYocyy_zGqNqA9rSAxes9TxmavmgG3lw&dbm_d=AKAmf-BqtvyWqFnvJ0nUtR0SvyG6TRuefcpOE_dAcQVSX6jkhJAmjIp32z5IuU2BNRvSye2Slm_Gfs-o2OlyZbUK5avtlG7MYf8_Q7ZaHGr2avaxx6c2K5xPYHNF6P1Lm4uUAjENO2kELsSbLdbhQ9mHmX6Ykn5YX-SE2o4YkeN-QJvV0VAOIfQUZfE9cH7X9U-SCivwUmmi9wp8VfS8u5gsT_d2KYOD5dZXQJ28HLqoImwxacoOJMcDao3QFknktCtmMd91Kzy_K7yRkyEg68szqT7lWcotJ39lllPZYSl3OwAuu3YsCB3SZfJK9KJef2QUUApJomdsK-Q8R_Ov5XmYOCdOZFCTuGNxdkq2YfqoEE1AnHsZfG1WfAgq8XTrWJctBp7Tn6HT_BJV7Idfeveh9k2q6O7nJOowU5a8ZWhZAYVcMqXpxBKdggQgryt4cNFwQh4EsadpGaQRBCyOr7CSRFJWyTTr7yYkfIKcrGhscB0SWebDpg8_T9ySll6gfvVsaL0Cyhd-s2FNRKRT1h6XEWC6C3LMuVeHRFDYSlIPmhIxA1vJIUBpgCRp1Ynak5OrBhTBWWa4b8reW79FO0sx4MviWFTHjZV6nQsM6pDf_rBD75qZT1kXz0toDbWLYo5_UYAMNL5LvUqetc05Yy6aQpGkEvTsWnDe55ffaA-B_n7phfrkxh_FDudv-_czYrgsz6zZ5jKgIpUy0lXQZEWdBq8SNVu5Ns4A6FhOs5VupqJXSIyui8RNF9uQdSODUnVVDVvK4etC5DuBY5wsQ1Zv2uro7K1OchUBDGQaJnML2OF5YJZhw5n2YvFV-mwlkywkAHsUbJ6GBq0MfFkAI5rr3UXhWoka7DLNufWHVmyQwxzGwHDBFFlCU2ZRLzkOvqoZXuXjXF4PhNuDfru-DqoX-LJJB_yRnDRW9BjmIj-w7cAh9GXwsue5NboNRRyXsrswQNsqPgqyZbZSGXfDILe2M_F8hsSx2AFH7InYU2GzLxc0-HLQMKGMqO9J48eOb4_B2TyJ7OxSm2LaUCPfkNFOZ3zbghnbR-m0ujlFGYEFLs1XV-laRLPED3eYKVZ6QhZ4avz6cPu5w24sVX8r_7-90hsXbMFiaI-SZPeSnK7lRv-nXYxmP9IjtWlo5GwA6zw4DVrkwuwCix6Q1-50u-lU7mS9ce72Jg5YgreR2e5Mf2oyjxIhzIndqnLeOXZjmL23v_E0DPkS2gLWMirpIlkRrFIabNQzi49MtimjHxH2ts9vK3vW6o0xaOOeWIe8guXuxr6WP_fciZh9MMRdZHN_b2MHJQ9kGnTZX1EQnOaoDTPhHdb0xwHX1jy07xWoqeiQOMKpmPxaFC_cxGQaFZj3OJTBzNlRqNTfhyfQx85K8CSVajEuzNW56nqvU_huZqu0klfcyM8usZAarWTLBGutyIKKqlZLst2AcniDUdbM1GcN8aHrs7qYTS0bFpS4mhglGfYqbf_p_AXSlSF_Ib99n1hDQo49Wlk6EfcPAuVyYf0rNwharpvVFaW1yzocbvz165rCkz3LgQSypnqe_JbZK7rb_1AnDKN7PyoGFzJippSNWz0byLFI3WS_iW9bCZ5nSVLKdOkl2VC45cMqtSxu3vn1XaEvXdRPp92wzBCVXRu8TDMdw-mrruevkIzyoK3yhL8czRYLqRRe4bU0QrXKAmqwSo1fdyvoM2OTxTlK1uXi6QgqdfgyPlO_wcK7M17LI2MhAzqjcjCUwTOGnJy7hP4HEK26awAO6TvSQmWq_R_xpJ-9LCfyzyCjKSiH1W1jf9ToRlzSoHks7XJCzEHnvC5lZXR7Js-Md5AIFQU4kVU7g8d_MvnmTHzeLIVjeMOiLNx5bt7X8jeaVsS1mwZkWupjmgJxQnMSdN-LURnhbm03NOBIETLV0iuhw0N2piW-XCmHSrLN5Hl2-1AniqZC8ANBaw8CMTEx58XhrhhI9IBzEMg7EqfZiMbOJcTuXDpr3HeG8qfHTKIGT8mhH8ic5O-_fCQNPuU-1XViInWOWhO0CsNkfw7bOBVXPcJk3M1afNlTnTl5z1uVoS5p9096GodHL-hfqu5-AQ7swi3c4LPAXc7nMMo4TO64qwI5i46APfozJYfospyZPA5cLMYe6kn1oh8P8huajxNBpNgTbr8h08aB9FOVXkvCc6jXx2M8I3LymjmyIoMavkWHeB-JqWCi6koDYM6EERTyUokpR9b52eeNTPyyPbvVDcz-DZfpRIOM4NhPOw--dTuOmjilkSleiWnV1-QD6erxLBkSaggQlofPfbUR6iYsFPYTrOXp_nRDFdmUHZ5-D6zyTwOH0YEZ1dYtUkZLJxcKlB0ARkqpFTbszXKL5b2okzqwstGPKJDIxxsIMHlsCGW0rVRG8oIXpzQgeWcGTCFSb1yjx07loU3rji384NA134QwWL5qbHyI11wQ8UJ5qfB56SoDenfzmlhPEUDWGdIyI04RZ1n1O6A_BUKx1XaxMAxrqIzEpRnwA70WZZyjM5cz-0DB8tHqOiXYvQZJSq9yi8duaxfJ7msUZOOSP8sqFBrEqQngKAJLnLEGESrWJHKlSjCQlIjsE9l6w5HXQIUSWeuEPbate0rlvRDuJNw0ku-2xp-tMGXZKUQhVmeIV40O1e0VGxJwv3iapefh7RfdgRKUMn-C-wmh9JYXPtE5rdrjQSOQF_55KvGf0ibewrR47XJgBBAy_vQX_hot5igZn5Ga8UEnNs1OVtLrSdQWMufkUtma9iT_Wmh0XJurnFQXbU7UVr-5eFz0lhSxK7sUBPOjqn58ZpqW5ImztDCUF_tCc4zNQ7G9o5Or2oOtRuNidLZbJaUjmzzXpLRDNnioE606vq3YVHXzQFKfOeQUA64tV5q7b4XyUG_DDNPbqpIZFzAuHFpppPHgo9MRN2NNjnajcGs1_rF6nXtwKXpRVSGPhM-pURGufSse46D7DaSUKEjPXH6_Pt5xE3fx1cWPcIGU3zrIqirstRzhF9QUXBuJFQ9h-xraw6qsckaiGGiyvd6lD-pIczpaRfP9OqTeDV3DUPbTqTgWpJ5LaGHVjYrrDeG7_cbInhyRYnLdOp3ZwpVzeY66c4Sse8DrBKUEErp00daeosFOEGmYnu-TMRJ5_pUrqVsEewc5s6rFTOzl7wjWDqYzqQ5mqJbRw1Rae_EoRV1q0r3kwHVDKkyamZ6RvHc2eMFz340RKBRCJSpypjtIO7_NGTFNWlHwyUf3CQeCsPXrEuW-H3adOdnNBMlezJ9gbK_pOW6fXm6mZwLpbNPwbhoPshYmUHnnzU6ejtpWJ2340fWvM-8s2KXQlDBccoSYqXqfwa5JeKwjQw9dDyZkLdJzUGg8Vw&cid=CAASJORoXfYKD13JD6Rz8es3m0kxye2CGesZWVSGOZwHveCYStdF7g&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:17:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 323
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 08:17:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/ Frame 02A5 27 KB
10 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:21:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10545
x-xss-protection: 0
server: cafe
etag: 4672069523611413616
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 08:21:13 GMT

GET
H3 200 Dust05.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 33 KB
33 KB 55ms
55ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/Dust05.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b779a14bb71a7d52a740420015e1d19f22eaa4acd27eff4bfc4b0e81d69d41f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:19:54 GMT
x-content-type-options: nosniff
age: 262964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33987
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:19:54 GMT

GET
H2

200

adServer.bs Show response
bs.serving-sys.com/Serving/ Frame 75BF
Redirect Chain

https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/733337/64001342/Serving/adServer.bs?ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCM_-3TV29YsPXF6ys9u8PtpyU4AvPlc_SavmbnJqT...
https://bs.serving-sys.com/Serving/adServer.bs?ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCM_-3TV29YsPXF6ys9u8PtpyU4AvPlc_SavmbnJqTEPAuEAEgtb3JIWCVAsgBCagDAaoE3AFP0NF4TcuNRi5...

11 KB
5 KB

318ms
61ms

Script
text/html

18.184.224.159
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCM_-3TV29YsPXF6ys9u8PtpyU4AvPlc_SavmbnJqTEPAuEAEgtb3JIWCVAsgBCagDAaoE3AFP0NF4TcuNRi5W91zCV6knhDI7doMlO5Aiv4OTf2-7zF8Jk7cSo2-dEptVH7j32UWdjYzJRunJkERuQI2GZne9nlb4VzoDtHWyZZJ5Zn1lSJU2M6Zac9NerdyiQLbKzxuq1H6KqtsX7GjHw_-Kv7vka88GDk6ET16xCrml5PC-NwLHge3W5twqaOwmkm6BykcJ6AYzgsy68oLPfndmJcSd72i7mV3lAh3jn6LVY6VtiKDLexzgHEtGHPX_gNgzJsTjlmOt33rfHh2yNw23Ew9_4Eol3QO7mBeKrp9fwATzjM_f_wPgBAOQBgGgBk2AB7zu-toCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoBmAsByAsBgAwBsBPJ5dMP0BMA2BMK2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORonPtbbb7L84ex10P36sQjklK5AIua_-ZRp5ZfeT34-YAJfQ%26sig%3DAOD64_0rz3Mgwr3_AdCOM13fei-EWXHwwg%26client%3Dca-pub-9161109566094614%26dbm_c%3DAKAmf-BlqSFonfyTyInjdoNnObcN76HeJgBbJ04pXeeXKNfgHnyt3wp_ccek-yqA5Vf_LrfTO228mroFSoex2nNRqv1CZgar8-o9rrIXEV0iof933amefU6zOeDojFdW_Zu__fVMFz4wQPhwATe70EQ9RffgbPZS8A%26cry%3D1%26dbm_d%3DAKAmf-DiSjZB_LRKSrOOq3AK4KGpK4YyUmAkEmKrYuOnQEs6LUyB9oV6f5XteJU0drBnziuYKnUoGgpc0GZ0skC-JzoCOFlZBL-I6cMGRzTy0axgSA1xsM5P2nC4eFyS9M-HhgVipjaPcNETrQV8XW8aCQwRSZ27s6ePh02NEX1pwTlseixbZtvS5UCGDWg9iHdZSm5x-URMUiegOBrJqug30jI7kaKFkTzNfwpO2W6zKMF47tgRNF5sDaqOvY7Bf2n3gWEWaEFo2n09U_O85shYyKJ75FQqnZP03p2vaWDSNMDHBgisrXfegT_GWMZycr7vcgI5L84D3Fxlw2JUvSlTsE5RUZXITQHmvvVcG82xUgG7jvHmQFIsUNRN3b1fCfeIb453crtu_lk0DMosC2cFNtCZvPGfZcIbLLzlYgEEsALPcZ0Hhr1SshzW6549Vsf55clfajOw%26adurl%3D$$&c=28&cn=display&pli=1078114055&gdpr=&gdpr_consent=&w=970&h=250&ord=[timestamp]&ifrm=-1&pcp=$$ABAjH0gYEy-wnS-P4qaOg1bWcRS2$$&z=10000
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 18.184.224.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-224-159.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: bd38b27229b816922942c700643d9098b4d4895441f293e46ada0d7393ca5894

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: text/html; charset=UTF-8
content-length: 5003
expires: Sun, 05-Jun-2005 22:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: app06.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bs.serving-sys.com/Serving/adServer.bs?ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCM_-3TV29YsPXF6ys9u8PtpyU4AvPlc_SavmbnJqTEPAuEAEgtb3JIWCVAsgBCagDAaoE3AFP0NF4TcuNRi5W91zCV6knhDI7doMlO5Aiv4OTf2-7zF8Jk7cSo2-dEptVH7j32UWdjYzJRunJkERuQI2GZne9nlb4VzoDtHWyZZJ5Zn1lSJU2M6Zac9NerdyiQLbKzxuq1H6KqtsX7GjHw_-Kv7vka88GDk6ET16xCrml5PC-NwLHge3W5twqaOwmkm6BykcJ6AYzgsy68oLPfndmJcSd72i7mV3lAh3jn6LVY6VtiKDLexzgHEtGHPX_gNgzJsTjlmOt33rfHh2yNw23Ew9_4Eol3QO7mBeKrp9fwATzjM_f_wPgBAOQBgGgBk2AB7zu-toCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoBmAsByAsBgAwBsBPJ5dMP0BMA2BMK2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORonPtbbb7L84ex10P36sQjklK5AIua_-ZRp5ZfeT34-YAJfQ%26sig%3DAOD64_0rz3Mgwr3_AdCOM13fei-EWXHwwg%26client%3Dca-pub-9161109566094614%26dbm_c%3DAKAmf-BlqSFonfyTyInjdoNnObcN76HeJgBbJ04pXeeXKNfgHnyt3wp_ccek-yqA5Vf_LrfTO228mroFSoex2nNRqv1CZgar8-o9rrIXEV0iof933amefU6zOeDojFdW_Zu__fVMFz4wQPhwATe70EQ9RffgbPZS8A%26cry%3D1%26dbm_d%3DAKAmf-DiSjZB_LRKSrOOq3AK4KGpK4YyUmAkEmKrYuOnQEs6LUyB9oV6f5XteJU0drBnziuYKnUoGgpc0GZ0skC-JzoCOFlZBL-I6cMGRzTy0axgSA1xsM5P2nC4eFyS9M-HhgVipjaPcNETrQV8XW8aCQwRSZ27s6ePh02NEX1pwTlseixbZtvS5UCGDWg9iHdZSm5x-URMUiegOBrJqug30jI7kaKFkTzNfwpO2W6zKMF47tgRNF5sDaqOvY7Bf2n3gWEWaEFo2n09U_O85shYyKJ75FQqnZP03p2vaWDSNMDHBgisrXfegT_GWMZycr7vcgI5L84D3Fxlw2JUvSlTsE5RUZXITQHmvvVcG82xUgG7jvHmQFIsUNRN3b1fCfeIb453crtu_lk0DMosC2cFNtCZvPGfZcIbLLzlYgEEsALPcZ0Hhr1SshzW6549Vsf55clfajOw%26adurl%3D$$&c=28&cn=display&pli=1078114055&gdpr=&gdpr_consent=&w=970&h=250&ord=[timestamp]&ifrm=-1&pcp=$$ABAjH0gYEy-wnS-P4qaOg1bWcRS2$$&z=10000
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame A53A 80 KB
21 KB 62ms
62ms Script
application/javascript 2600:9000:206f:2400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:2400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 16 May 2022 08:34:34 GMT
content-encoding: gzip
age: 3887285
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-C1
content-type: application/javascript
x-amz-cf-id: 8znTekcPMGM0p8PB6ihI_0OLeHKdQzRgAY-iKam0EqdBApwzg-SRsA==

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame AA77 22 KB
8 KB 54ms
53ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 236688
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 14:37:50 GMT
expires: Tue, 27 Jun 2023 14:37:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 75BF 43 B
215 B 207ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=733337&asId=2eeaa10f-5e52-5c68-bd2f-44f6c4109cbb&tv=%7Bc:h0x9fx,pingTime:-3,time:47,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:1192,h:250,t:17%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:47,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.1192.250,am:i,cc:NaN.NaN.1192.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B41~0%5D,as:%5B41~1192.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tae9M0U+11%7C12%7C13%7C141%7C142%7C143%7C144%7C15*.733337-64001342%7C151%7C161%7C171,idMap:15*,rmeas:1,rend:0,renddet:svg.us%7D&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 75BF 43 B
215 B 207ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=733337&asId=2eeaa10f-5e52-5c68-bd2f-44f6c4109cbb&tv=%7Bc:h0x9fy,pingTime:-6,time:48,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:48,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.1192.250,am:i,cc:NaN.NaN.1192.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B42~0%5D,as:%5B42~1192.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tae9M0U+11%7C12%7C13%7C141%7C142%7C143%7C144%7C15*.733337-64001342%7C151%7C161%7C171,idMap:15*,rmeas:1,rend:0,renddet:svg.us%7D&tpiLookup=ao:vsim.ua*&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 75BF 43 B
215 B 208ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=733337&asId=2eeaa10f-5e52-5c68-bd2f-44f6c4109cbb&tv=%7Bc:h0x9fF,pingTime:-2,time:55,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:388,beZ:389,mfA:390,cmA:392,inA:392,inZ:395,prA:395,prZ:399,si:405,poA:406,poZ:426,cmZ:426,mfZ:426,loA:435,loZ:438,ltA:442,ltZ:442%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:100.100,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:1192,h:250,t:17%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:55,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.1192.250,am:i,cc:NaN.NaN.1192.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B49~0%5D,as:%5B49~1192.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tae9LLI+11%7C12%7C13%7C14.1005482-61968045%7C141%7C142%7C143%7C144%7C15*.733337-64001342%7C151%7C161%7C171,idMap:15*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:svg.us,sinceFw:36,readyFired:false%7D&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 14C2 41 KB
15 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 06:00:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94945
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Jun 2023 06:00:13 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EEDA 1 KB
749 B 54ms
53ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 68186
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 13:26:12 GMT
etag: 48472445140208031
expires: Thu, 30 Jun 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 14C2 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b291b8ad5548dab985d0214e67d53de9caea911599a0f5e03534b6127501050

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 14C2
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/990511/61634097/4.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=&adContainerId=brand_safety_Tl29Yv...
https://static.adsafeprotected.com/4.js

1 KB
1 KB

63ms
63ms

Script
application/javascript

2600:9000:206f:2400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2600:9000:206f:2400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 460ff0b1da5bacd95df6905ad1c8df05bdda30aa4189e2fef38b53b6318e42ff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 22:10:32 GMT
content-encoding: gzip
age: 123127
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 28 Jun 2022 22:10:30 GMT
server: AmazonS3
etag: W/"96e16e7453ae2e6952bc6d2a20ea29f7"
vary: Accept-Encoding
x-amz-version-id: v_I9zSEZlgGfvJRy1EW2EMh2.n1jYzhH
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA56-C1
content-type: application/javascript
x-amz-cf-id: pbPgdxNKuGAfp_-DgGftEs0Af4jNwLYhn9rQi89Pm9B6oVuZ24pjAA==

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: app13.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 8733 80 KB
21 KB 62ms
62ms Script
application/javascript 2600:9000:206f:2400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:2400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 16 May 2022 08:34:34 GMT
content-encoding: gzip
age: 3887285
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-C1
content-type: application/javascript
x-amz-cf-id: U69aKURr2_Cs6IA51gUNrIgG6Ekd7Clv0v7aM7bCQDB0Bu4GIW2m2g==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 14C2 43 B
215 B 207ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=e41cc051-22de-4b25-6939-68b1ba4b8062&tv=%7Bc:h0x9hm,pingTime:-3,time:75,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:24%7D%5D,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:75,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B68~0%5D,as:%5B68~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tae9M2h+11%7C12%7C13%7C141%7C142%7C143%7C144%7C151%7C152%7C153%7C161%7C17*.990511-61634097%7C171%7C172,idMap:17*,rmeas:1,rend:0,renddet:svg.us%7D&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 14C2 43 B
215 B 207ms
206ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=e41cc051-22de-4b25-6939-68b1ba4b8062&tv=%7Bc:h0x9hn,pingTime:-6,time:76,type:i,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:76,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B69~0%5D,as:%5B69~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tae9M2h+11%7C12%7C13%7C141%7C142%7C143%7C144%7C151%7C152%7C153%7C161%7C17*.990511-61634097%7C171%7C172,idMap:17*,rmeas:1,rend:0,renddet:svg.us%7D&tpiLookup=ao:vsim.ua*&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt03.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 02A5 41 KB
15 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 06:00:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94945
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Jun 2023 06:00:13 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1B4D 1 KB
749 B 54ms
53ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 68186
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 13:26:12 GMT
etag: 48472445140208031
expires: Thu, 30 Jun 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 02A5 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0a5ed0da29a2e91d39d2b8b5de2e4e2c1b9caeab3036e7b9e8cad649dece382e

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 End_Image.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 10 KB
10 KB 55ms
55ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/End_Image.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af5a3629d96ac19a7877ce66b2a5a9401faa2bc9a98fbc3dcca8b1d7454f40e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:19:54 GMT
x-content-type-options: nosniff
age: 262964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10210
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:19:54 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 02A5
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/990511/61634097/4.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=&adContainerId=brand_safety_Tl29Yp...
https://static.adsafeprotected.com/4.js

1 KB
1 KB

54ms
53ms

Script
application/javascript

2600:9000:206f:2400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2600:9000:206f:2400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 460ff0b1da5bacd95df6905ad1c8df05bdda30aa4189e2fef38b53b6318e42ff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 22:10:32 GMT
content-encoding: gzip
age: 123127
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 28 Jun 2022 22:10:30 GMT
server: AmazonS3
etag: W/"96e16e7453ae2e6952bc6d2a20ea29f7"
vary: Accept-Encoding
x-amz-version-id: v_I9zSEZlgGfvJRy1EW2EMh2.n1jYzhH
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA56-C1
content-type: application/javascript
x-amz-cf-id: McAoCrHsS9DSqU2_gtbcXKfiL3BKzOmBoJ72KebxawDCFfviWVXWCA==

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: app14.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 5F86 80 KB
21 KB 62ms
61ms Script
application/javascript 2600:9000:206f:2400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:2400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 16 May 2022 08:34:34 GMT
content-encoding: gzip
age: 3887285
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-C1
content-type: application/javascript
x-amz-cf-id: g4p9HlJ-2lhU-h2HeKgaSOahJmG6998uaYylZyQQ5vIblSWZPBbPsQ==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 14C2 43 B
215 B 207ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=e41cc051-22de-4b25-6939-68b1ba4b8062&tv=%7Bc:h0x9iy,pingTime:-2,time:149,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:463,beZ:465,mfA:466,cmA:468,inA:468,inZ:473,prA:473,prZ:482,si:488,poA:489,poZ:512,cmZ:512,mfZ:512,loA:540,loZ:542,ltA:613,ltZ:613%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:100.100,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:24%7D%5D,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:149,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B143~0%5D,as:%5B143~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tae9LLI+11%7C12%7C13%7C14.1005482-61968045%7C141%7C142%7C143%7C144%7C15.733337-64001342%7C151%7C152%7C153%7C161%7C17*.990511-61634097%7C171%7C172,idMap:17*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:svg.us,sinceFw:123,readyFired:true%7D&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 02A5 43 B
215 B 207ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=65ec09dd-0c01-7e87-d883-6031e1372e12&tv=%7Bc:h0x9iO,pingTime:-3,time:60,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:19%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:60,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B54~0%5D,as:%5B54~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tae9M3Y+11%7C12%7C13%7C141%7C142%7C143%7C144%7C151%7C152%7C153%7C16*.990511-61634097%7C161%7C162%7C171%7C172%7C173,idMap:16*,rmeas:1,rend:0,renddet:svg.us%7D&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 02A5 43 B
215 B 208ms
208ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=65ec09dd-0c01-7e87-d883-6031e1372e12&tv=%7Bc:h0x9iP,pingTime:-6,time:61,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:61,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B55~0%5D,as:%5B55~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tae9M3Y+11%7C12%7C13%7C141%7C142%7C143%7C144%7C151%7C152%7C153%7C16*.990511-61634097%7C161%7C162%7C171%7C172%7C173,idMap:16*,rmeas:1,rend:0,renddet:svg.us%7D&tpiLookup=ao:vsim.ua*&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8E9D 22 KB
8 KB 54ms
53ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 236688
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 14:37:50 GMT
expires: Tue, 27 Jun 2023 14:37:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11054544220910830971/ Frame 33FD 143 KB
22 KB 54ms
54ms Document
text/html 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11054544220910830971/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97a7980a664c89f5b5d3b500b6632a8c4ba82eafaeaa7747e4c0e8dda9311220

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 42939
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22944
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 20:26:59 GMT
expires: Thu, 29 Jun 2023 20:26:59 GMT
last-modified: Thu, 24 Feb 2022 12:30:49 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 14C2 0
27 B 100ms
100ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv-ymgtXsKc2FiaulsAGalqwRDR7K1kMBIANTblK6L4eetbcaClnFgI-S_eSe-Hja4nM2K5agxFzGUxjC4sjLybHOJrSA6Th9xt3qePZpvkn32w0JWaWYmUAimt8wmqu2QSVFKp82EQPX-WMLbVlaEWfIMkPJhPWe1Z8Twmy0HZnPtgJFK-7ZPaFrn9C6osbwJtOEeocQpl7eElljhZZFPnfNI-Mer1AtyQg7HpI5HeHkbIwQwfNI0AqQpRMtX4mgRZQtBaQMCJP7JHpXbR7tXKN8F7U4NtO6sl2ff7EK_v7-9X9sVIb4vETRFmNVXHs3FaiBK_SKDRSvUpKUmGWTrhoArSEs-vnFEylwm0pkjmtrvfvtrfNkrp4Hi2esc7YG9xIw8ABDl0BocQ_cjOj1MOoI5siSNrSbXLQnvlJxX1onvvRwu3gCp5uKTQR-eDET1BJObGNbBr4bAhtmMKRmn7Mx8HUKfgxvxJdcClltaM8KHqo_3Eop9Ug6CjreDECSs5DiRh9e265Nn3ETiEZ6MKZl2eSLahYR9GHLhpxN28UTyMWB57ONQZND1iaKPGV3j4zlkrvk2paEsxtjUhJ6zHuzlla0vI2BqPcmOtksy90o5HuC2-vifanFR-oJRrrVV7IRxrZcCG1nmWnrgdNkpN-YF623q7FeHB3-FVEVbGl1E1pFydAsYjC5sGGsIVbJ4IGIg1IzVR5Sy5dS8wEglD7UD1K8D7eUhtJK27xbVgNRxOE4EIzJUXg7BUDjpllXhftVyF5CVmjDI-UnjHWt5cXneTJHs61Oucx20rgEDe6en0-IbBDn3jQ3y0CFbgtiNbDBYXlOCGtwkY5b6j4ltOqYxYcwQ0I2FyghDjwHWw2VLVpIvAuBU1u4XaXF5W3wfYWu15DXfKywi6oTicShKi5HVyqYDozroyaDsUTd52eSGm0O-WHxMd9O_5Xxr2YCy77z4Ga5vVOL1fxS_QITzp8ga92kJpBQDMsO21dZC5ICfhtHkDYGF6nY8VUDfz_j0Pc_2qZkk6RagZVRxICOmdVNCQMQJt4H_RWkArLi5zJk8l7hmgzH087hCkH_Jn_fTENUcNe-ZnCVhHBaUo2WlJBwRL3BzA5D7WolxpkuVIgL9DfcGjiaTAcEKCZ1O07GQyXFnScsS8Ot6e8jaWnxQWH0OIVpwjXopt0ycGlzcV5W_R_YjELHkLCKP2ycKBqg&sai=AMfl-YTHho86NR69Y4hR8Vgm_OxWgzcUu9tXB4XhDFOQ_CSfhn-eu1ZrzJ9H8--2ND8BR7Qtpe6BTjN0lysrZ05yEGpYisG84RK0-IHx_nbC4J4YKJ63titzkGnJ_m4AVOHYSgwratNUG5A1BPHJCmVOQJ05QAoHVEHWZX_BN7aaMPP8q8Q1EW2a2AzrENrpqMvhd0PU309x71rat1qSR966SA&sig=Cg0ArKJSzOGQPy3Wr6ZVEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=288&cbvp=1&cstd=287&cisv=r20220628.48954&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Thu, 30 Jun 2022 08:22:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11054544220910830971/ Frame 781C 143 KB
22 KB 60ms
60ms Document
text/html 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11054544220910830971/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97a7980a664c89f5b5d3b500b6632a8c4ba82eafaeaa7747e4c0e8dda9311220

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 42939
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22944
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 20:26:59 GMT
expires: Thu, 29 Jun 2023 20:26:59 GMT
last-modified: Thu, 24 Feb 2022 12:30:49 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 02A5 0
27 B 97ms
97ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstMfAeqAYxDjzDFF9DHpSdx1bRlBDO_189fiBz5S_aTlFlU_auT_Q0pIZcHod0IvO_8x_l5Ot09azCzY1cSgvN1VGZsqa6iSFqLh6-SV7miLJHU7TC9-hGnZg0uXKObni7xJWHFEfi6cRT0Rx_6BAWAh5rUtepzSK0TL-4Tzp9ewdx0Vieoh76iZtqrXUtwkqn9Fat96KSuDz0tHIhiIBnxPZzqYQe4z_1umNWU0IPBTr2LxlyR78qL13W6vnNX55Xu9Xhd67r3PqI_rCOAXXOkKawztzOup0l32jWi0to9lxpdhlaJl_qgRCJBqa4ZhM9ac3kxg2kgnN49OWCKlLABMij21YPY_A1L1QHHCYU489ObBDBFjaKOnwoJa3XSYSx4wRJj6DtHSp_H2si6wYVaCyPv-lI6vQ2pIRpHJyFoBXR5iTPkVe4LW159D4x6V2sS0sBqB1MwcKfV2jS7UeenDxawf4NUImsFy2obio7bWSA0-B7_Zy4RUMOFbPz_9XMOmghsrRghDCJ0v5NliDP7RO9eqy9GgIixahzCh92ArqxW-9aIbpFetsMqwf5pckFfr4JnxT_QJ8AgyXfCG0t8WpGr_OrBS_TrgdGFkJBx5vrCoFYlQVItEGWfo1KvKbkxs7qApF9UfSwDDXMDCCVELtc4GMJHOc3b3C-lgwSNeHC8ShMjNThbKGZ5gRKRDDinriJIvjprNIMLF0bhCT9ehR_phJXJ61-kinQ1i-xl97_tTNlpjrRMtK0ybSuugqGjeyeYizJHIWLagntoim9CUr26EApG_-Y6GWFoR_Z4DjtKUt38pgNL6BTSlXzDYMSztMCjeHS_liqBqL1etnYHGFY5LbXPmP3B5C2qZsyHa9KWcaOFTNFYcMht0zqxYbIEUN6x8XZuO9TvU1-xHf7zUZj0kVSCHAb0fjxur6Gxc_eH61eN6GUPLPw6pvLhzKg3x4ugwVRLWuGQsW0B0eKiQS9l9Zwne6kl8gw5-UokKNbLLF71u6fPmEYhVKJoJWk-R-YaXVC9sQ6Vj3B0iWAQz0838mk8wkKsEJyLVmae6M6fSfWX30esS5avKFANAVNbpZ0sJshu6Byq9ShlJ-JjCWRwIMWQlTs-l2bMffIanuX_6FfKrjyFFEvsCZRcjXzR6YFU-BtXAZVHzaO--1Pb9dhZtL6E_0pUHhjtH9Rhj94XWWBZJsgXDp3QHQC9kA&sai=AMfl-YTg7-U58oP7z5WTBjVA-ElNNzN4e6ybpx7ymXjs_zVauzLpwDuyMkHHZcoUGgvi2I9iLTVSB-S4OXiWkJpZdME__ez1vNorjIL7KPyw9xgqBxqAyFgkURoyZTcsmSgN3SkO_R4Uhzovitwts6YEmF15gnkq_GL77OccVIV1pJ6sYyPjmaIwO8HB90oJUApn6W3dcq4stjYRxDijb_PTFg&sig=Cg0ArKJSzH-CB86TIJo-EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=283&cbvp=1&cstd=282&cisv=r20220628.23855&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Thu, 30 Jun 2022 08:22:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 02A5 43 B
215 B 208ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=65ec09dd-0c01-7e87-d883-6031e1372e12&tv=%7Bc:h0x9jb,pingTime:-2,time:83,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:573,beZ:574,mfA:575,cmA:576,inA:576,inZ:581,prA:581,prZ:587,si:592,poA:592,poZ:612,cmZ:612,mfZ:612,loA:633,loZ:635,ltA:655,ltZ:655%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:100.100,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:19%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:83,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B78~0%5D,as:%5B78~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tae9LLI+11%7C12%7C13%7C14.1005482-61968045%7C141%7C142%7C143%7C144%7C15.733337-64001342%7C151%7C152%7C153%7C16*.990511-61634097%7C161%7C162%7C17.990511-61634097%7C171%7C172%7C173,idMap:16*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:svg.us,sinceFw:63,readyFired:true%7D&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dpixel
cms.quantserve.com/ Frame EEDA 35 B
464 B 188ms
61ms Image
image/gif 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESED11mdEJzW3h-ZTFEfA8gPw&google_cver=1&google_push=ARnp8GBJuvMlT3N-OQxBLNkoOxE7uRWc3N-BOE78YQBuZG0uXYB6ZMZHNOkwZlrQ7Sq8-zpr8dn-dbeII9RqdRFAJHCGX_mhGg

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame EEDA 43 B
356 B 186ms
66ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEPKan8kiWwjpDMmBuib7-to&google_push=ARnp8GDgMQj6bKZJVJa4ze3vBDEccI2Dm4cmQff7GlBIhYpzogcQggzsftSO2cq8nN1l276NciFECONfy4JKpTI5pEe6gU5iAZ0&google_cver=1
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame EEDA 43 B
134 B 185ms
69ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEF2RuUaaFkMKp1T74Siezec&google_cver=1&google_push=ARnp8GCBG_BntJxi0VkRUFnulHToercIGHO8MRn_dtPhBDgFDOVl4QGJhWW1Qubr_eKpTYEUHXff2Hzldd0Mzvwr7ptRJBqR3jc
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 6mc3pgae3nhead424nsr00nl3blojgkg

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EEDA
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=MwGSXkblSOmJOcReqx6u0Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

65ms
64ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=MwGSXkblSOmJOcReqx6u0Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDS31rGTHV78rgATo6-w0cHaphaY6D4R9LOZjaxnjz3NfZfM4U6WhdDS_VPuDREv6_tO0gyPvgiyfYRDwrwP9m5rMOj5ro

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=MwGSXkblSOmJOcReqx6u0Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDS31rGTHV78rgATo6-w0cHaphaY6D4R9LOZjaxnjz3NfZfM4U6WhdDS_VPuDREv6_tO0gyPvgiyfYRDwrwP9m5rMOj5ro
date: Thu, 30 Jun 2022 08:22:39 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EEDA
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEZxWhLlUkpUptzK4y7SF8U&google_cver=1&google_push=ARnp8GAgZk6qNd-CXHcK5bh2MMCl9bJUwcbwTCpgAVcrnKrpwAK9KHlIHcjlybVAI8DIE3uvH7P...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUwUkRZVEItRS0xMkJV&google_push=ARnp8GAgZk6qNd-CXHcK5bh2MMCl9bJUwcbwTCpgAVcrnKrpwAK9KHlIHcjlybVAI8DIE3uvH7PMl3vsgQPmJk8HrKzdvaHuYw

170 B
188 B

66ms
65ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUwUkRZVEItRS0xMkJV&google_push=ARnp8GAgZk6qNd-CXHcK5bh2MMCl9bJUwcbwTCpgAVcrnKrpwAK9KHlIHcjlybVAI8DIE3uvH7PMl3vsgQPmJk8HrKzdvaHuYw

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUwUkRZVEItRS0xMkJV&google_push=ARnp8GAgZk6qNd-CXHcK5bh2MMCl9bJUwcbwTCpgAVcrnKrpwAK9KHlIHcjlybVAI8DIE3uvH7PMl3vsgQPmJk8HrKzdvaHuYw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EEDA
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAAAU0AAAIB&google_nid=index&google_push=ARnp8GBs5rNLGLLqy7IE2ycg8tbvLviZ0GOGt...

170 B
188 B

65ms
65ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAAAU0AAAIB&google_nid=index&google_push=ARnp8GBs5rNLGLLqy7IE2ycg8tbvLviZ0GOGtVsGGAplDsoekJNT1x9UXQpzrfgqLSmlLW6MtSzQvCAwWkPyiwu9o1v8khZ8rUE

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=18VLJ3%2FA4awh6Yw62OLch%2FM2PviA%2FOr3is%2FDK3cs2qB6emxJFElIw2%2FpP%2BwZ931Os8tgsh9NlVHl8D07U8dGJrQmPlZXq%2B4REmhiWF7XjkduaBXOCpzqPQXHEHfcf3tFW%2BlebeBsz2scBg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAAAU0AAAIB&google_nid=index&google_push=ARnp8GBs5rNLGLLqy7IE2ycg8tbvLviZ0GOGtVsGGAplDsoekJNT1x9UXQpzrfgqLSmlLW6MtSzQvCAwWkPyiwu9o1v8khZ8rUE
cache-control: no-cache
cf-ray: 72357ecd0ffa71e1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 200 trk
ag.innovid.com/ Frame EEDA 43 B
297 B 232ms
45ms Image
image/gif 2a05:d01c:1d8:8101:7677:5b33:71a6:2d38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEPzJ79UeH5spr4qtgu036fk&google_cver=1&google_push=ARnp8GC7AkEbsSv7n3sBIw0cJW55HZZQ22C9kgapR0MU3chBQLkR8eEDEX7mCd2UogK42GGUgOKJ5IsA_JHOfaQDL5lR5qJEYA
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8101:7677:5b33:71a6:2d38 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame EEDA 0
12 B 63ms
63ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ln5gQG_ort_cmZHxk54aqW6Xb1LJMoLmnNkX4XJIkG_xvS8Ay0xExbt8IM-OAX_zK_BXL0

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 laser.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 3 KB
3 KB 69ms
69ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/laser.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55bab0aa112d20d4fdeea05d9d87cbc80400449ec1205c2e4495127b363d95e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:19:54 GMT
x-content-type-options: nosniff
age: 262964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2783
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:19:54 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0327 22 KB
8 KB 54ms
53ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 236688
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 14:37:50 GMT
expires: Tue, 27 Jun 2023 14:37:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js Show response
pagead2.googlesyndication.com/bg/ Frame AA77 36 KB
14 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79db9ed714dce58ba264e8498b854803f736d027ad66de53f72ed0ddc367ad30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 07:41:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2465
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13936
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 07:41:33 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 1B4D 35 B
463 B 174ms
62ms Image
image/gif 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESED11mdEJzW3h-ZTFEfA8gPw&google_cver=1&google_push=ARnp8GCSWv53c5n87D2Dm53IE49l0zrcOS5zfJc1D2N0hPeGmidWeqRTSYk0ZOpUiPSDhGQytW4WQO_IdbanSJJBk0vD92sgvVAmfw

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1B4D
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GCSEOU-...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GCSEOU-...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MzAwODIyMzkwMDAxNDM5MzY1OTg5MQ%3D%3D&google_push=ARnp8GCSEOU-JklibDz9wPau_wONsw5STlk7xV3rk3WZYeTlPElx-OwejeyHd4jx0zYV2a...

170 B
188 B

65ms
65ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MzAwODIyMzkwMDAxNDM5MzY1OTg5MQ%3D%3D&google_push=ARnp8GCSEOU-JklibDz9wPau_wONsw5STlk7xV3rk3WZYeTlPElx-OwejeyHd4jx0zYV2aidBgtQYNstOeDl5uM37Gowjr4YhTOmUQ

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MzAwODIyMzkwMDAxNDM5MzY1OTg5MQ%3D%3D&google_push=ARnp8GCSEOU-JklibDz9wPau_wONsw5STlk7xV3rk3WZYeTlPElx-OwejeyHd4jx0zYV2aidBgtQYNstOeDl5uM37Gowjr4YhTOmUQ
pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Thu, 30 Jun 2022 08:22:39 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 1B4D 43 B
350 B 169ms
69ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEF2RuUaaFkMKp1T74Siezec&google_cver=1&google_push=ARnp8GAfC9FQuKaOMzPXmP2Rxr25gwxB9VmCDQ6PJAVnOhz61bUvThtlZ1L6TOSFfrBNCgrF2fGnMkMyzJ2N5XBi-nvoQ-GSwo0CqQ
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 9ai40tjmtub13v901espttujgr8k2v37

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1B4D
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=xPe18xiySymDOzOzIyQr2Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

76ms
75ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=xPe18xiySymDOzOzIyQr2Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDuqL-i5FnvzVJL4Jxyj3hZblwoGFe4ONafRARjjpQF5hzjlSny7nyIsByHS3Ew7XzS-sLGMj85niJfUfLy50qwA5HXfL7wHQ

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=xPe18xiySymDOzOzIyQr2Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDuqL-i5FnvzVJL4Jxyj3hZblwoGFe4ONafRARjjpQF5hzjlSny7nyIsByHS3Ew7XzS-sLGMj85niJfUfLy50qwA5HXfL7wHQ
date: Thu, 30 Jun 2022 08:22:39 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1B4D
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEZxWhLlUkpUptzK4y7SF8U&google_cver=1&google_push=ARnp8GBMb9Aq0bymUo5T3d9hF2PlqHgfAMpsI4cxccwmHn0L6zo08dml6Lx1aHC70lv_MvJsYMO...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUwUkRZVEMtVC02MzdG&google_push=ARnp8GBMb9Aq0bymUo5T3d9hF2PlqHgfAMpsI4cxccwmHn0L6zo08dml6Lx1aHC70lv_MvJsYMOFtPSNBk6k3Mew6jJmoQ7Yp54P-Q

170 B
188 B

65ms
64ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUwUkRZVEMtVC02MzdG&google_push=ARnp8GBMb9Aq0bymUo5T3d9hF2PlqHgfAMpsI4cxccwmHn0L6zo08dml6Lx1aHC70lv_MvJsYMOFtPSNBk6k3Mew6jJmoQ7Yp54P-Q

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUwUkRZVEMtVC02MzdG&google_push=ARnp8GBMb9Aq0bymUo5T3d9hF2PlqHgfAMpsI4cxccwmHn0L6zo08dml6Lx1aHC70lv_MvJsYMOFtPSNBk6k3Mew6jJmoQ7Yp54P-Q
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1B4D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAAAU0AAAIB&google_nid=index&google_push=ARnp8GCqRhTk3Nk_3bPHsh5rh3EE1sUEzjsKr...

170 B
188 B

66ms
64ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAAAU0AAAIB&google_nid=index&google_push=ARnp8GCqRhTk3Nk_3bPHsh5rh3EE1sUEzjsKr1Sn8pi7w7nnJrdjF0jQLkfcH1GMsWI-uPpfc6AMxWZtHyuMZ9JY6qHfx8jXDc_oRA

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=an%2B97C6%2By6StoYTdYdfSWqL9QNW0cChU9Gf%2B9sixVU%2BOzv%2FZzpX5uUk1ZPhgUwdp%2F7KXU7XLQdKQxEGFiE0qOv0lUJIewbFXrCKNTzkeczRiiAm0wOAirTROh8ufsjF1FXDykgD1OVWSdg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAAAU0AAAIB&google_nid=index&google_push=ARnp8GCqRhTk3Nk_3bPHsh5rh3EE1sUEzjsKr1Sn8pi7w7nnJrdjF0jQLkfcH1GMsWI-uPpfc6AMxWZtHyuMZ9JY6qHfx8jXDc_oRA
cache-control: no-cache
cf-ray: 72357ecd0ffc71e1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 200 trk
ag.innovid.com/ Frame 1B4D 43 B
295 B 217ms
46ms Image
image/gif 2a05:d01c:1d8:8101:7677:5b33:71a6:2d38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEPzJ79UeH5spr4qtgu036fk&google_cver=1&google_push=ARnp8GB-uaYYE7TEMcAgtljl2mU117Q2MUOGL8toRZ03NpPDK-WGkDThU2_WLrXToNS0V2JM7HZ7Eq9498kb0W49BdfeVN6r64tNrQ
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8101:7677:5b33:71a6:2d38 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 1B4D 0
12 B 62ms
61ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Imvl7Ayohc3EX94xbFl4PamKUG6Lmf_LkpOZDV8lar7iE1RObOl1SHRQEorEj19LncXacG

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:38 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js Show response
pagead2.googlesyndication.com/bg/ Frame 8E9D 36 KB
14 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79db9ed714dce58ba264e8498b854803f736d027ad66de53f72ed0ddc367ad30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 07:41:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2465
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13936
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 07:41:33 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 33FD 29 KB
10 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 07:55:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1656
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Jul 2022 07:55:02 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 781C 29 KB
10 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 07:55:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1656
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Jul 2022 07:55:02 GMT

GET
H3 200 Nasty1.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 2 KB
2 KB 54ms
54ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/Nasty1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7a204ebc565cba44972bbebf23b06165a5e2fd57d16d0772b7b01151dc50a27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:19:46 GMT
x-content-type-options: nosniff
age: 262972
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2306
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:19:46 GMT

GET
H3 200 edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js Show response
pagead2.googlesyndication.com/bg/ Frame 0327 36 KB
14 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79db9ed714dce58ba264e8498b854803f736d027ad66de53f72ed0ddc367ad30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 07:41:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2465
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13936
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 07:41:33 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 14C2 0
26 B 91ms
90ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv-ymgtXsKc2FiaulsAGalqwRDR7K1kMBIANTblK6L4eetbcaClnFgI-S_eSe-Hja4nM2K5agxFzGUxjC4sjLybHOJrSA6Th9xt3qePZpvkn32w0JWaWYmUAimt8wmqu2QSVFKp82EQPX-WMLbVlaEWfIMkPJhPWe1Z8Twmy0HZnPtgJFK-7ZPaFrn9C6osbwJtOEeocQpl7eElljhZZFPnfNI-Mer1AtyQg7HpI5HeHkbIwQwfNI0AqQpRMtX4mgRZQtBaQMCJP7JHpXbR7tXKN8F7U4NtO6sl2ff7EK_v7-9X9sVIb4vETRFmNVXHs3FaiBK_SKDRSvUpKUmGWTrhoArSEs-vnFEylwm0pkjmtrvfvtrfNkrp4Hi2esc7YG9xIw8ABDl0BocQ_cjOj1MOoI5siSNrSbXLQnvlJxX1onvvRwu3gCp5uKTQR-eDET1BJObGNbBr4bAhtmMKRmn7Mx8HUKfgxvxJdcClltaM8KHqo_3Eop9Ug6CjreDECSs5DiRh9e265Nn3ETiEZ6MKZl2eSLahYR9GHLhpxN28UTyMWB57ONQZND1iaKPGV3j4zlkrvk2paEsxtjUhJ6zHuzlla0vI2BqPcmOtksy90o5HuC2-vifanFR-oJRrrVV7IRxrZcCG1nmWnrgdNkpN-YF623q7FeHB3-FVEVbGl1E1pFydAsYjC5sGGsIVbJ4IGIg1IzVR5Sy5dS8wEglD7UD1K8D7eUhtJK27xbVgNRxOE4EIzJUXg7BUDjpllXhftVyF5CVmjDI-UnjHWt5cXneTJHs61Oucx20rgEDe6en0-IbBDn3jQ3y0CFbgtiNbDBYXlOCGtwkY5b6j4ltOqYxYcwQ0I2FyghDjwHWw2VLVpIvAuBU1u4XaXF5W3wfYWu15DXfKywi6oTicShKi5HVyqYDozroyaDsUTd52eSGm0O-WHxMd9O_5Xxr2YCy77z4Ga5vVOL1fxS_QITzp8ga92kJpBQDMsO21dZC5ICfhtHkDYGF6nY8VUDfz_j0Pc_2qZkk6RagZVRxICOmdVNCQMQJt4H_RWkArLi5zJk8l7hmgzH087hCkH_Jn_fTENUcNe-ZnCVhHBaUo2WlJBwRL3BzA5D7WolxpkuVIgL9DfcGjiaTAcEKCZ1O07GQyXFnScsS8Ot6e8jaWnxQWH0OIVpwjXopt0ycGlzcV5W_R_YjELHkLCKP2ycKBqg&sai=AMfl-YTHho86NR69Y4hR8Vgm_OxWgzcUu9tXB4XhDFOQ_CSfhn-eu1ZrzJ9H8--2ND8BR7Qtpe6BTjN0lysrZ05yEGpYisG84RK0-IHx_nbC4J4YKJ63titzkGnJ_m4AVOHYSgwratNUG5A1BPHJCmVOQJ05QAoHVEHWZX_BN7aaMPP8q8Q1EW2a2AzrENrpqMvhd0PU309x71rat1qSR966SA&sig=Cg0ArKJSzOGQPy3Wr6ZVEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=455&vt=11&dtpt=167&dett=3&cstd=287&cisv=r20220628.48954&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 08:22:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 Nasty2.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 2 KB
2 KB 54ms
54ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/Nasty2.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecd8db3874142ac40ea4d77a8db2cf76a57b390b1d15532beeb5eb3139b10d0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:19:46 GMT
x-content-type-options: nosniff
age: 262972
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2230
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:19:46 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F332 42 B
64 B 198ms
89ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss1cUpHFNgbqQ5fVA2XFnVUvGFrxVm-TPhzJuYhITuD66HHgPTxuonGyohhl47qa4OVZ6YE1KB6oVbOjId4tTVhM9aNZV95G4UEHG-poHkfOSbDEe5hblrDHxstRvsxQ0DE0y7UfPk&sai=AMfl-YQ0oqhHDcRgLRF0k_w7bYrZASJOJxQ4BIYE8xe4jWrOuhQJVWJd7RQON0yh-mHJ5DoJPOTXWdJzYxQfxMrfpNC2-3a13iVVg35dgGohvarr1-q6m5rU-_ovKqMi7Hg&sig=Cg0ArKJSzDWY7CcW2DbdEAE&cid=CAASJ-RoxqBrbGuaZUssMvQyiWkE7mxZcHYnRIJ55ElTe5jaciRbXzBk2g&id=lidar2&mcvt=1017&p=228,1092,478,1392&mtos=1017,1017,1017,1017,1017&tos=1017,0,0,0,0&v=20220627&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=978356717&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1656577356866&rpt=1033&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 02A5 0
26 B 93ms
92ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstMfAeqAYxDjzDFF9DHpSdx1bRlBDO_189fiBz5S_aTlFlU_auT_Q0pIZcHod0IvO_8x_l5Ot09azCzY1cSgvN1VGZsqa6iSFqLh6-SV7miLJHU7TC9-hGnZg0uXKObni7xJWHFEfi6cRT0Rx_6BAWAh5rUtepzSK0TL-4Tzp9ewdx0Vieoh76iZtqrXUtwkqn9Fat96KSuDz0tHIhiIBnxPZzqYQe4z_1umNWU0IPBTr2LxlyR78qL13W6vnNX55Xu9Xhd67r3PqI_rCOAXXOkKawztzOup0l32jWi0to9lxpdhlaJl_qgRCJBqa4ZhM9ac3kxg2kgnN49OWCKlLABMij21YPY_A1L1QHHCYU489ObBDBFjaKOnwoJa3XSYSx4wRJj6DtHSp_H2si6wYVaCyPv-lI6vQ2pIRpHJyFoBXR5iTPkVe4LW159D4x6V2sS0sBqB1MwcKfV2jS7UeenDxawf4NUImsFy2obio7bWSA0-B7_Zy4RUMOFbPz_9XMOmghsrRghDCJ0v5NliDP7RO9eqy9GgIixahzCh92ArqxW-9aIbpFetsMqwf5pckFfr4JnxT_QJ8AgyXfCG0t8WpGr_OrBS_TrgdGFkJBx5vrCoFYlQVItEGWfo1KvKbkxs7qApF9UfSwDDXMDCCVELtc4GMJHOc3b3C-lgwSNeHC8ShMjNThbKGZ5gRKRDDinriJIvjprNIMLF0bhCT9ehR_phJXJ61-kinQ1i-xl97_tTNlpjrRMtK0ybSuugqGjeyeYizJHIWLagntoim9CUr26EApG_-Y6GWFoR_Z4DjtKUt38pgNL6BTSlXzDYMSztMCjeHS_liqBqL1etnYHGFY5LbXPmP3B5C2qZsyHa9KWcaOFTNFYcMht0zqxYbIEUN6x8XZuO9TvU1-xHf7zUZj0kVSCHAb0fjxur6Gxc_eH61eN6GUPLPw6pvLhzKg3x4ugwVRLWuGQsW0B0eKiQS9l9Zwne6kl8gw5-UokKNbLLF71u6fPmEYhVKJoJWk-R-YaXVC9sQ6Vj3B0iWAQz0838mk8wkKsEJyLVmae6M6fSfWX30esS5avKFANAVNbpZ0sJshu6Byq9ShlJ-JjCWRwIMWQlTs-l2bMffIanuX_6FfKrjyFFEvsCZRcjXzR6YFU-BtXAZVHzaO--1Pb9dhZtL6E_0pUHhjtH9Rhj94XWWBZJsgXDp3QHQC9kA&sai=AMfl-YTg7-U58oP7z5WTBjVA-ElNNzN4e6ybpx7ymXjs_zVauzLpwDuyMkHHZcoUGgvi2I9iLTVSB-S4OXiWkJpZdME__ez1vNorjIL7KPyw9xgqBxqAyFgkURoyZTcsmSgN3SkO_R4Uhzovitwts6YEmF15gnkq_GL77OccVIV1pJ6sYyPjmaIwO8HB90oJUApn6W3dcq4stjYRxDijb_PTFg&sig=Cg0ArKJSzH-CB86TIJo-EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=458&vt=11&dtpt=175&dett=3&cstd=282&cisv=r20220628.23855&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 08:22:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 cta_jetzt_buchen.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 33FD 2 KB
1 KB 55ms
54ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/cta_jetzt_buchen.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:08:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 819
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1056
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 09:19:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 08:23:59 GMT

GET
H3 200 logo_flextarif.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 33FD 3 KB
1 KB 56ms
54ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/logo_flextarif.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:10:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 747
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1288
x-xss-protection: 0
last-modified: Thu, 21 Oct 2021 13:24:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 08:25:11 GMT

GET
H3 200 tui_logo_live_happy.svg
s0.2mdn.net/creatives/assets/4364511/ Frame 33FD 6 KB
2 KB 60ms
58ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4364511/tui_logo_live_happy.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:17:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 286
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2072
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 07:44:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 08:32:52 GMT

GET
H3 200 head2_2line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 33FD 12 KB
3 KB 58ms
56ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head2_2line_paare.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9711c16a64e8b4086724485013257f3ba812d103630ddd609e3bcc677a07a0bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3441
x-xss-protection: 0
last-modified: Wed, 09 Feb 2022 08:21:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 08:36:54 GMT

GET
H3 200 head1_1line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 33FD 4 KB
2 KB 57ms
55ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head1_1line_paare.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f859c54c2abc8c5257845d36ebb1152e3eb5c555b9b78420cca3a626ecabc9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 730
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1610
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 09:12:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 08:25:28 GMT

GET
H3 200 970x250_kv_paar.jpg
s0.2mdn.net/creatives/assets/4453672/ Frame 33FD 34 KB
34 KB 61ms
59ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/970x250_kv_paar.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

490a0a636b6524b952dc10a3968522b48f663b70f0ae12aad99bc22bb9330cdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:09:18 GMT
x-content-type-options: nosniff
age: 800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34678
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 10:48:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 08:24:18 GMT

GET
H2 200 ebStdBanner.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_221_3_0/ Frame 75BF 217 KB
63 KB 189ms
55ms Script
application/javascript 2.16.186.35
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_221_3_0/ebStdBanner.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/733337/64001342/Serving/adServer.bs?ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCM_-3TV29YsPXF6ys9u8PtpyU4AvPlc_SavmbnJqTEPAuEAEgtb3JIWCVAsgBCagDAaoE3AFP0NF4TcuNRi5W91zCV6knhDI7doMlO5Aiv4OTf2-7zF8Jk7cSo2-dEptVH7j32UWdjYzJRunJkERuQI2GZne9nlb4VzoDtHWyZZJ5Zn1lSJU2M6Zac9NerdyiQLbKzxuq1H6KqtsX7GjHw_-Kv7vka88GDk6ET16xCrml5PC-NwLHge3W5twqaOwmkm6BykcJ6AYzgsy68oLPfndmJcSd72i7mV3lAh3jn6LVY6VtiKDLexzgHEtGHPX_gNgzJsTjlmOt33rfHh2yNw23Ew9_4Eol3QO7mBeKrp9fwATzjM_f_wPgBAOQBgGgBk2AB7zu-toCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoBmAsByAsBgAwBsBPJ5dMP0BMA2BMK2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORonPtbbb7L84ex10P36sQjklK5AIua_-ZRp5ZfeT34-YAJfQ%26sig%3DAOD64_0rz3Mgwr3_AdCOM13fei-EWXHwwg%26client%3Dca-pub-9161109566094614%26dbm_c%3DAKAmf-BlqSFonfyTyInjdoNnObcN76HeJgBbJ04pXeeXKNfgHnyt3wp_ccek-yqA5Vf_LrfTO228mroFSoex2nNRqv1CZgar8-o9rrIXEV0iof933amefU6zOeDojFdW_Zu__fVMFz4wQPhwATe70EQ9RffgbPZS8A%26cry%3D1%26dbm_d%3DAKAmf-DiSjZB_LRKSrOOq3AK4KGpK4YyUmAkEmKrYuOnQEs6LUyB9oV6f5XteJU0drBnziuYKnUoGgpc0GZ0skC-JzoCOFlZBL-I6cMGRzTy0axgSA1xsM5P2nC4eFyS9M-HhgVipjaPcNETrQV8XW8aCQwRSZ27s6ePh02NEX1pwTlseixbZtvS5UCGDWg9iHdZSm5x-URMUiegOBrJqug30jI7kaKFkTzNfwpO2W6zKMF47tgRNF5sDaqOvY7Bf2n3gWEWaEFo2n09U_O85shYyKJ75FQqnZP03p2vaWDSNMDHBgisrXfegT_GWMZycr7vcgI5L84D3Fxlw2JUvSlTsE5RUZXITQHmvvVcG82xUgG7jvHmQFIsUNRN3b1fCfeIb453crtu_lk0DMosC2cFNtCZvPGfZcIbLLzlYgEEsALPcZ0Hhr1SshzW6549Vsf55clfajOw%26adurl%3D$$&c=28&cn=display&pli=1078114055&gdpr=&gdpr_consent=&w=970&h=250&ord=[timestamp]&ifrm=-1&pcp=$$ABAjH0gYEy-wnS-P4qaOg1bWcRS2$$&z=10000&ias_dspID=3&ias_campId=1007662875&ias_pubId=pub-9161109566094614&ias_chanId=1&ias_placementId=17497334822&bidurl=https://vsim.ua/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0gYEy-wnS-P4qaOg1bWcRS2&adsafe_url=https%3A%2F%2Fvsim.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:2eeaa10f-5e52-5c68-bd2f-44f6c4109cbb,c:h0x9f3,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-86c8d9dc9d-k54m7,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.1192.250,am:i,cc:NaN.NaN.1192.250,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:3,fm:tae9M0U+11%7C12%7C13%7C141%7C142%7C143%7C144%7C15*.733337-64001342%7C151%7C161%7C171,idMap:15*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:18,oid:cd495cc8-f84d-11ec-86c6-6a2e036ba311,v:19.8.319,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.35 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-35.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5d3f3bb842439897dd79aaa9307b84dd8afc860c505d0b24d2a7a06d6f87474b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:39 GMT
content-encoding: gzip
last-modified: Tue, 21 Jun 2022 13:00:33 GMT
server: AmazonS3
x-amz-cf-pop: EWR52-C1
etag: W/"2c3edcca4e26a4477c37fcd6d75c5cad"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1834170
accept-ranges: bytes
content-length: 63887
x-amz-cf-id: wE4DH40jiWFRPCtmoe9UCKfpq1yIPw6RWHjdJkNWtVYlt8nESdElHw==

GET
H3 200 cta_jetzt_buchen.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 781C 2 KB
1 KB 61ms
60ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/cta_jetzt_buchen.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:08:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 820
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1056
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 09:19:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 08:23:59 GMT

GET
H3 200 logo_flextarif.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 781C 3 KB
1 KB 62ms
60ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/logo_flextarif.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:10:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 748
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1288
x-xss-protection: 0
last-modified: Thu, 21 Oct 2021 13:24:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 08:25:11 GMT

GET
H3 200 tui_logo_live_happy.svg
s0.2mdn.net/creatives/assets/4364511/ Frame 781C 6 KB
2 KB 62ms
61ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4364511/tui_logo_live_happy.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:17:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2072
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 07:44:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 08:32:52 GMT

GET
H3 200 head2_2line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 781C 12 KB
3 KB 62ms
62ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head2_2line_paare.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9711c16a64e8b4086724485013257f3ba812d103630ddd609e3bcc677a07a0bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3441
x-xss-protection: 0
last-modified: Wed, 09 Feb 2022 08:21:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 08:36:54 GMT

GET
H3 200 head1_1line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 781C 4 KB
2 KB 65ms
64ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head1_1line_paare.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f859c54c2abc8c5257845d36ebb1152e3eb5c555b9b78420cca3a626ecabc9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 731
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1610
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 09:12:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 08:25:28 GMT

GET
H3 200 970x250_kv_paar.jpg
s0.2mdn.net/creatives/assets/4453672/ Frame 781C 34 KB
34 KB 65ms
64ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/970x250_kv_paar.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

490a0a636b6524b952dc10a3968522b48f663b70f0ae12aad99bc22bb9330cdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11054544220910830971/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:09:18 GMT
x-content-type-options: nosniff
age: 801
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34678
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 10:48:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Jun 2022 08:24:18 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3BB8 1 KB
749 B 54ms
53ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 68187
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 13:26:12 GMT
etag: 48472445140208031
expires: Thu, 30 Jun 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 75BF 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a9d6d8bbbdc940b6818a983756ffc157d2b2d3f6a755d2966e09329a3f025bc

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Nasty3.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 2 KB
2 KB 54ms
54ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/Nasty3.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe22788c984fe7f3de48c7f9bf807f6c74ad466c3ab21e5202e69d2723cd0b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:19:54 GMT
x-content-type-options: nosniff
age: 262965
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2156
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:19:54 GMT

GET
H3 200 Nasty4.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 3 KB
3 KB 54ms
54ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/Nasty4.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34d1bd7b120cda27d7dda3ebc28d68e8311b9e7d150ea2039f64344d848dfd92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:19:54 GMT
x-content-type-options: nosniff
age: 262965
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2743
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:19:54 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AA77 0
20 B 91ms
90ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BCegpTl29YvCSE_a07_UP8ICrgAQAAAAAOAHgBAI&bg=!7O-l76vNAAaLlKKnq5Q7ACkAdvg8Wh9IWMKGNVRhOi0w6w3zTZPa-u3Wzppmlsu4g9fXHcZs8Ua9LgIAAADiUgAAAAFoAQeZAuw5gIR3uFUyuKlnPopMax8T2NX0JC4fVzv0CU85-X9eZv1SPS57TR9woFA8z-vlqPvQ6bh-dYOkHuA9OzSqNcJ93TuTyMEtRH1cwS5iTbU1HqeIVKdmHzAT1PJY-ha6I0TgYSL-SnbuRzwGFleoN4SAYUrfpNvT1AK8tadDTPsXjoSa7VNoTXRRiEZ_Wj_J1P7SGbPgms1xdmbBgKB37Hpbqpf5hTEdH2pPTbSOP2Dl-A7BniGF9F1oRLCi_Ef0u27GZS1UNADsCFfr9hHs98ieH2oEAjqTvds_F2JcIlWVtbHxFW4tggPnCT-ozZ6je7c2TKUMZb98a1W2aHLpmU-r5BGRzprq9aWvInFQ8f0gerc5r6_6MtXCJNKX8EWsiuGLE6X18uWKqSOgVueFmZCZyBk66SAZzwNCuRpYCUoB7t-RxIKdUWonWXpCSgv_rfX0vU3Yi3m1QDkss5TdD8biYohsXC7yBO8B-Xt9u45XTQa-DuxcPJgCGAmWWvztRZRP6els9zq6mnEEh756Ei4_2KPWZIpiN0wpkXfYXCHViaSAbqQM_Yvkv_ztJOZBtQ98THaY-K9jvNXVrSOjEPOkbUq19uqT4iDfMKBIbLMqC5Y0gxWquFXF12iYVDV9ste3-0vEW1aGkObBkwvNQsegIZttAZXstKC-yQW6N-SUKsji6L5CC8r8LdHZ8SIr2vDa6zDvRZDIdxRVtBhvaiFH33utdKToyVtXnZWS5-ccHNQfilNHZhZbLEM4ORdSl5c_P6nX0czXl7T0UxPLlFKsyJ6huydTXzeXyVyJy0G8HgKyJ9vKf-8PLRqJ9a9u8PbepW5qP6UUvBpquPp5Ovc6GqM1yos7ysZmhBiljZsghPmGVBm1O1gWM20V4B8qSwoVIswsOeBuMk4N9FeR-4rG2W-pXlcp4lMUUSPoGa3BJgeX1dKpGuCkl1iXKZ53r8ZiB4k7jXS8uwXsdpvZpv7a4oEEjWiDMbLfwFo_

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3BB8
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESED11mdEJzW3h-ZTFEfA8gPw&google_cver=1&google_push=ARnp8GAXMdG-mGAvQ2JDK0-z4UndO4oMjIBjwxokE2rEuNzSVqBfrbIzmk...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ARnp8GAXMdG-mGAvQ2JDK0-z4UndO4oMjIBjwxokE2rEuNzSVqBfrbIzmklQLGsHbdCjcl8UNRj7QRFYPxq2xbTHFJ1lfnFcqg5j&google_hm=fIp17tdbzcEQ...

170 B
188 B

64ms
64ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ARnp8GAXMdG-mGAvQ2JDK0-z4UndO4oMjIBjwxokE2rEuNzSVqBfrbIzmklQLGsHbdCjcl8UNRj7QRFYPxq2xbTHFJ1lfnFcqg5j&google_hm=fIp17tdbzcEQkpSjMpxgUg

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ARnp8GAXMdG-mGAvQ2JDK0-z4UndO4oMjIBjwxokE2rEuNzSVqBfrbIzmklQLGsHbdCjcl8UNRj7QRFYPxq2xbTHFJ1lfnFcqg5j&google_hm=fIp17tdbzcEQkpSjMpxgUg
pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3BB8
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DARnp8GDD75cAhGGenKVLs6f8yEKclGVfUvGt_FK_ffh...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXIxZFR3QUFCTkViQUU0bw&google_push=ARnp8GDD75cAhGGenKVLs6f8yEKclGVfUvGt_FK_ffhshR1907DBrXF7JVAengdGnuBXvU_R2RJW6upW6I_FyWI5L_16tkVlFB...

170 B
188 B

64ms
63ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXIxZFR3QUFCTkViQUU0bw&google_push=ARnp8GDD75cAhGGenKVLs6f8yEKclGVfUvGt_FK_ffhshR1907DBrXF7JVAengdGnuBXvU_R2RJW6upW6I_FyWI5L_16tkVlFBJ5lA

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXIxZFR3QUFCTkViQUU0bw&google_push=ARnp8GDD75cAhGGenKVLs6f8yEKclGVfUvGt_FK_ffhshR1907DBrXF7JVAengdGnuBXvU_R2RJW6upW6I_FyWI5L_16tkVlFBJ5lA
Date: Thu, 30 Jun 2022 08:22:39 GMT
Server: Apache
Connection: keep-alive
Content-Length: 393
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3BB8
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEKQabAP-dFYvJMoUQBXDHFo&google_cver=1&google_push=ARnp8GDBmmYiTn0iYC-yJr-THPjgSTZmShQIS1jnMYt1pUr5Uo9k3th3xqWJJBHiPxV6FR1Ey-vUMkA32n-8_GgNH0YEmUkFv13lBg
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ARnp8GDBmmYiTn0iYC-yJr-THPjgSTZmShQIS1jnMYt1pUr5Uo9k3th3xqWJJBHiPxV6FR1Ey-vUMkA32n-8_GgNH0YEmUkFv13lBg&google_hm=Q0FFU0VLUWFiQVAtZEZ...

170 B
188 B

65ms
65ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ARnp8GDBmmYiTn0iYC-yJr-THPjgSTZmShQIS1jnMYt1pUr5Uo9k3th3xqWJJBHiPxV6FR1Ey-vUMkA32n-8_GgNH0YEmUkFv13lBg&google_hm=Q0FFU0VLUWFiQVAtZEZZdkpNb1VRQlhESEZv

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Jun 2022 08:22:38 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ARnp8GDBmmYiTn0iYC-yJr-THPjgSTZmShQIS1jnMYt1pUr5Uo9k3th3xqWJJBHiPxV6FR1Ey-vUMkA32n-8_GgNH0YEmUkFv13lBg&google_hm=Q0FFU0VLUWFiQVAtZEZZdkpNb1VRQlhESEZv
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame 3BB8 43 B
64 B 126ms
69ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEF2RuUaaFkMKp1T74Siezec&google_cver=1&google_push=ARnp8GAnaa152QLFkktPb5at8pOcCjt0ZcUGU1ECTgoAJr96kzzMkq2Ja8mdRiC4OckDD_SO25_9rr3WxG2DyyGmSQiR0Uw_QPzB5Q
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:38 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 5ukn95sh2ru5umoqh7p83hsbd1i852h4

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3BB8
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=l5rpzArKQOGi8lqQ28JyAA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

68ms
66ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=l5rpzArKQOGi8lqQ28JyAA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDOOvltaWwqgCaOrV8OEIvFCWUrcW5h9IvaKy3GKGm2otBstpYUZR9A8EHlPpCJnDt-EQCVbryg8U1o2P4tbYd7BV4sR5Ti

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=l5rpzArKQOGi8lqQ28JyAA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ARnp8GDOOvltaWwqgCaOrV8OEIvFCWUrcW5h9IvaKy3GKGm2otBstpYUZR9A8EHlPpCJnDt-EQCVbryg8U1o2P4tbYd7BV4sR5Ti
date: Thu, 30 Jun 2022 08:22:39 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3BB8
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEZxWhLlUkpUptzK4y7SF8U&google_cver=1&google_push=ARnp8GD9WkooZ4HdL4mSKTBtuwXXfbq3mPfbuqGIOmT5UTChQ6ua10UAqAbmp90pQdsicHrJ64J...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUwUkRZWTQtMUYtOElCVQ==&google_push=ARnp8GD9WkooZ4HdL4mSKTBtuwXXfbq3mPfbuqGIOmT5UTChQ6ua10UAqAbmp90pQdsicHrJ64Je1-S6kWsECOWMy7jlsTMmhlbLFw

170 B
188 B

65ms
65ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUwUkRZWTQtMUYtOElCVQ==&google_push=ARnp8GD9WkooZ4HdL4mSKTBtuwXXfbq3mPfbuqGIOmT5UTChQ6ua10UAqAbmp90pQdsicHrJ64Je1-S6kWsECOWMy7jlsTMmhlbLFw

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUwUkRZWTQtMUYtOElCVQ==&google_push=ARnp8GD9WkooZ4HdL4mSKTBtuwXXfbq3mPfbuqGIOmT5UTChQ6ua10UAqAbmp90pQdsicHrJ64Je1-S6kWsECOWMy7jlsTMmhlbLFw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3BB8
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAAAU0AAAIB&google_nid=index&google_push=ARnp8GD7WxndULabJzdQr_6WLzrNIsYXwAT2e...

170 B
188 B

64ms
64ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAAAU0AAAIB&google_nid=index&google_push=ARnp8GD7WxndULabJzdQr_6WLzrNIsYXwAT2efSl3ITcALKC0p5Du8ZVNww2gXWEfccGrc5nMqUG5TKUOrKLmIfdXWyTAhTsp0vzkQ

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eYceGaMeHFmd9STSLstKLEJqv5Mtue7TykFerZdSAVezSuccPTXaNnP7Yy54pCANPG8EWdiQpdhE0L54FRRENH7iUU%2BJQyaJfpJUAeiUTBPogIz0KHT5QzfxRS4%2B%2FW0Zt33zamjmC4aQ%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEC6fVJQ17EO28cQeX9ojisY&google_hm=Yr1dTZbmbvk8oCJTmsyEDgAAAU0AAAIB&google_nid=index&google_push=ARnp8GD7WxndULabJzdQr_6WLzrNIsYXwAT2efSl3ITcALKC0p5Du8ZVNww2gXWEfccGrc5nMqUG5TKUOrKLmIfdXWyTAhTsp0vzkQ
cache-control: no-cache
cf-ray: 72357eceec327505-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3BB8 0
12 B 63ms
61ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ICJTFJ64MIbMLApMR2gmLmGGl1uOj-Jv1MIZHOoFwuAgb5YFsj_bBwn6XlNzADnx3cGb-k

Requested by

Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:39 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8E9D 0
20 B 89ms
89ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BQE4VTl29Yv-NE5LO7_UP996YqAIAAAAAOAHgBAI&bg=!4-Cl4KTNAAaLlKKnq5Q7ACkAdvg8WibbQqWmc_EzrBO9kbN3wYHohtnTjRJypmaYjNUTBvim5kknqQIAAADKUgAAAAJoAQeZAuf6He9vtP1KD0SfdMsNlQAPtZJnnK-Rlg6B2GVsL5h-liWh2wAC7Qdx6SXE9JkbmJ5SE5qlLsFe4Mea0Eq-l_NO6jHVee3X02sceHeA4kLy7PwM_69i8oO9uBA0OuYuBimCd-AfIiNdbc5vMfzuOoYxCkn0iOHI1BhW0gGnNp7I1nfb2RYjUK2YUFMRnOfEVD0IJbXQ7PIa2WH63W79wInXDoGz1W5cwRlFeD6DEcK3EMLfKzSNXNb721Xm9lKC32cjSeR8ykARJOQ9Yw6-GL2CAWgs8GYQg9TWAFcpcJOzIxjWWh7aj4iUMuG8tqQVB8ynkqpftYf5zBIy4xN58MSYI4tcrDaA1JS7y4JKBk8yAFMKB_S5wwt1GCvSdYwy2TH6P5VeCPTzBuX4nEZOUTuSYFs3fXdTueKbppP1CSj5e59emLNsAaZFHdJ6sg1ErfOzRsImJIyGIyKRB2AQLWU7tMp-AbJmTETm8ecqodtsZ7OSJybCr0fV3e-5KSH3dzA9FWCunrgBl6Cw0Xro0q1FfSCW2Ro61oipP2b3qK6Kq4h6wnG6JedqOJwzZa5dpachlX0tcxspGq33vjv2DOZ6QEpKUH_IPbZSTsy_5l46BVmok1RT29zCx8T3_K1lKGWp6TJRgmNM4ELhP4I7zkv1VxfHMucGQLaxXzMBAlMCjOwF89mHCVCg6l2JHswGEYwobfhwGTzHKL5vbMlQ7tkqBw4evblYFYUIAS4w9AMherIIhPjpuykeCbrTeKvycg4wBnQtZzCdT3NgXt5e-DAYHFEphOnTLuZ7SMJ2Z8eqLE7iG-eXY5iO_LoHm03yh58FWtZ8BrF11OwKV-11Ns__vGcdy5TFm8pCtz7wdT7P9FwQTNc-4xhF09T_GJAdtjBWOgt8xIVMVbZuJPg_lGD5UA53uVear7ESIpjrVRbDwNgp4ZmVeGq-XCtMU8MlTBXUFS3Q1vcfuQsxtpvfazW9GN7EwDc2Zg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0327 0
20 B 92ms
92ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BOSBUTl29Yp2fE4jJ7_UP-524iAUAAAAAOAHgBAI&bg=!AwClAETNAAaLlKKnq5Q7ACkAdvg8WlH_Q8BuvbBIpkkaMsLA1FKjM6MbRLne_6nCuCayVchKXuQBzQIAAAC9UgAAAAFoAQeZAuYkbS-VoI_rKzMp2OJUrLo26wfxBYOp1bCghWeGaIDYaB-RaZjxBGK_cPRhLn39fSyK9TVTO2FmrKfp2tZ-pFMP6mTWj5_8S7MFUueAJgkX4lMnFFFQ1JRRLceUpbW5sTqVRrO4MiKrjqDUnFbcbK8KO9yvH-sezKQoRv8ykjrtr6HVTCP-t5Nwnkv1W3A89o3GW33HhEVvI_nwRh2Nr3weoasmgXjl1lf4hU_peMYgoc0GXQT4jEWY0wa2GbkwOoJrZGTk0ABuuALp6B2ndMvmPCUtkRhXoC9m76XUCjMtCURcYLI3kktbvFPmOuNaKNzagmOroRklxlqBNC-UfcMpDewcEHBj21Faz7VPgNlKmSC220XYPhHiFHKkw_z_7M0osaNNsN09mtpA5fY17JLVogU1qw2WAo_eyzJdM65m2FloMLWeF8ggY1re5MZjlgSRChiupXo41ZLdxF51kIJ6eNCE9QmPb6Y7r1hZS9ufUFSyDz-ELL9_E0N_xxmH_Yj8b9FTXhiUHijYj4exjA7-YMuRqv6mSAl3EduvLGuY-N89rFxZBuYAfKI5JhVw9trqDRnFn0LdJRtnHmO-rGB7Le5CblohcHrja18xNOKjXo3cAXWCSHxEu07zjXnMkduTpl-pWA2vz_Ipib6h3EfwBvdi4j674punG3MGY-qmEW8OgqxUHqsS73RnqpLkq9lcN5o90oGjZSCVc-r0BOf9ngwe-mBik90JCuqV2IwzRot4Ev27TnS1_-2JfRNJ0Gv-oUz0PeLuntHLmBABQJJndYhTSL0C4DPdiM7FnYsLO8Lbso2JnpoxHmynCabGvGhYryxVoo7E50TVOvMGoCYnTANYofuyGsHSUwvnMNHylUDTnUHyGuSs_P6ObFTwNox7cgBKqyGN5D3EcwM-YhXlSmw5DaQme939gRrBXgLoy9P8fMq_Rp8Aax6uinQeB7nGCRszVJiQwnHM2WkBSHUT7WV4wFlu

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 75BF 43 B
215 B 207ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=733337&asId=2eeaa10f-5e52-5c68-bd2f-44f6c4109cbb&tv=%7Bc:h0x9pA,time:670,type:e,im:%7Bpci:%7Btdr:539%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:12,o:658,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.1192.250,am:i,cc:NaN.NaN.1192.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B652~0%5D,as:%5B652~1192.250%5D%7D%7D,%7Bsl:i,t:658,wc:0.0.1600.1200,ac:NaN.NaN.1192.250,am:i,cc:NaN.NaN.1192.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B12~100%5D,as:%5B12~1192.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:237,fm:tae9LLI+11%7C12%7C13%7C14.1005482-61968045%7C141%7C142%7C143%7C144%7C15*.733337-64001342%7C151%7C16.990511-61634097%7C161%7C17.990511-61634097%7C171,idMap:15*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 Product.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 5 KB
5 KB 55ms
54ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/Product.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9af819deb3a2e5e45bb5f776f55e3a95c0a221ce81b9eba3b949c270e8bdaddc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 08:45:42 GMT
x-content-type-options: nosniff
age: 85017
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5352
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 08:45:42 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 14C2 43 B
215 B 207ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=e41cc051-22de-4b25-6939-68b1ba4b8062&tv=%7Bc:h0x9pM,time:597,type:e,im:%7Bpci:%7Btdr:517%7D%7D,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:598,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B591~0%5D,as:%5B591~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:228,fm:tae9LLI+11%7C12%7C13%7C14.1005482-61968045%7C141%7C142%7C143%7C144%7C15.733337-64001342%7C151%7C152%7C153%7C16.990511-61634097%7C161%7C17*.990511-61634097%7C171%7C172,idMap:17*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
x-server-name: dt03.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 URLUtil.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_88_0_0/ Frame 75BF 7 KB
2 KB 54ms
54ms Script
application/javascript 2.16.186.35
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_88_0_0/URLUtil.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_221_3_0/ebStdBanner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.35 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-35.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 269bd69d6c1d25e848132ecfb48ec214040e49fd45e444760c3e226ca5fd7962

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:39 GMT
content-encoding: gzip
last-modified: Tue, 21 Jun 2022 13:00:33 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-C3
etag: W/"5ac70b83663a79f3a383c3a53f62eafd"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1834132
accept-ranges: bytes
content-length: 1947
x-amz-cf-id: aKwgjxtteGTxc1Zgz0crzdNb9lLTTsiFyihM7ycvqoC6ODI0NKHOvg==

GET
H2 200 970x250_71605565140266957.jpg
secure-ds.serving-sys.com/resources/PROD/asset/119359/IMAGE/20220615/ Frame 75BF 114 KB
115 KB 65ms
64ms Image
image/jpeg 2.16.186.35
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/asset/119359/IMAGE/20220615/970x250_71605565140266957.jpg
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.35 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-35.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: 0bd36baa2bba9d01fdb120b73c741fef6efaa2e9e1a8d3e2a67576a2c965dc25

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: gLgH7D4G6GliW2cqcA_iiQl40h0fJIJR
last-modified: Wed, 15 Jun 2022 09:38:38 GMT
server: ATS/7.1.0
x-amz-request-id: T18TC00MXFKBWNEV
etag: "380b9278b4d646f39264241a4071dc3b"
content-type: image/jpeg
access-control-allow-origin: *
date: Thu, 30 Jun 2022 08:22:39 GMT
accept-ranges: bytes
content-length: 117018
x-amz-id-2: 30wZN2Gf0C+FW84PQpkY1XSZTX4G/7IV3f9LySdCOrLtwLORwXnrNCECm808Y8inVIRvg+fCvIU=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 OBA.png
secure-ds.serving-sys.com/BurstingCachedScripts/Res/Images_2_6_4_0//AdChoice/TopRight/ Frame 75BF 1 KB
2 KB 58ms
57ms Image
image/png 2.16.186.35
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/Res/Images_2_6_4_0//AdChoice/TopRight/OBA.png
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.35 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-35.deploy.static.akamaitechnologies.com
Software: / ARR/3.0
Resource Hash: 6ef81d1a436e54449d094e62ad44dc82221a1c752069947e0a2c071b49a9c701

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:39 GMT
last-modified: Sun, 05 Jan 2020 08:33:11 GMT
server
x-powered-by: ARR/3.0
etag: "984fa9c3a2c3d51:0"
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 1411
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 OBA_DEFAULT.png
secure-ds.serving-sys.com/BurstingCachedScripts/Res/Images_2_6_4_0//AdChoice/TopRight/ Frame 75BF 2 KB
2 KB 61ms
60ms Image
image/png 2.16.186.35
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/Res/Images_2_6_4_0//AdChoice/TopRight/OBA_DEFAULT.png
Requested by: Host: 9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
URL: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.35 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-35.deploy.static.akamaitechnologies.com
Software: / ARR/2.5
Resource Hash: dc05187f20059fb91e255cbd76de4a7e0481e2f02d15ae5c45eeed42d59e2a09

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:39 GMT
last-modified: Sun, 15 May 2016 06:53:22 GMT
server
x-powered-by: ARR/2.5
etag: "05d697876aed11:0"
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 2198
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H3 200 Product_Head.jpg
s0.2mdn.net/sadbundle/8983349693034261550/images/ Frame 030B 10 KB
10 KB 55ms
54ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8983349693034261550/images/Product_Head.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4bb1fd7097e41eaf1bc03a1aa81b614b685915a4dd7ad01a073c4d76c3225ef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8983349693034261550/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:19:54 GMT
x-content-type-options: nosniff
age: 262965
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10489
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 01:18:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Jun 2023 07:19:54 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 02A5 43 B
215 B 210ms
209ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=65ec09dd-0c01-7e87-d883-6031e1372e12&tv=%7Bc:h0x9qZ,time:567,type:e,im:%7Bpci:%7Btdr:505%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:567,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B561~0%5D,as:%5B561~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:264,fm:tae9LLI+11%7C12%7C13%7C14.1005482-61968045%7C141%7C142%7C143%7C144%7C15.733337-64001342%7C151%7C152%7C153%7C16*.990511-61634097%7C161%7C162%7C17.990511-61634097%7C171%7C172%7C173,idMap:16*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

POST
H/1.1 200
OK evt Show response
lm.serving-sys.com/lm/ Frame 75BF 0
230 B 498ms
59ms XHR
text/plain 18.157.110.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/evt
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_221_3_0/ebStdBanner.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.157.110.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-157-110-183.eu-central-1.compute.amazonaws.com
Software: LogModule 0.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
Access-Control-Allow-Credentials: true
Server: LogModule 0.4
Content-Length: 0
Content-Type: text/plain

GET
H2 200 Serving Show response
bs.serving-sys.com/ Frame 75BF 24 B
630 B 58ms
58ms XHR
text/html 18.184.224.159
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving?cn=display&c=40&sessionid=9220315443107943379&ai=1087520058&usercookie=u2=b588b669-a02e-4347-bc39-731a66d3c02e&oo=0&clsrc=2&clbv=_2_221_3_0&gdprpurposes=1023&dg=1077080877&sdg=1077959477&ctick=135&ord=0.9789207518753626
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_221_3_0/ebStdBanner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.224.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-224-159.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 2e7778c6ed3c31a131da378d6e573a1b3b6723037cdeea4c4832da83e60c9399

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
access-control-allow-origin: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
cache-control: private
access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
content-length: 24
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2 200 adServer.bs Show response
bs.serving-sys.com/Serving/ Frame 75BF 0
505 B 58ms
58ms XHR
text/html 18.184.224.159
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=int&iv=2&interactionsStr=$$1087520058~~0~~1077080877~~9220315443107943379%5EActualSize~970x250x0x1x0000x0x0x970x250~0~01020~144$$&usercookie=u2=b588b669-a02e-4347-bc39-731a66d3c02e&rnd=0.03472545705131713&flv=0&res=32
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_221_3_0/ebStdBanner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.224.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-224-159.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
access-control-allow-origin: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
content-length: 0
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 02A5 43 B
215 B 209ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=65ec09dd-0c01-7e87-d883-6031e1372e12&tv=%7Bc:h0x9yl,pingTime:-10,time:1023,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1656577358121%7C%7Cc4f480335765861ae63d44178f748fb8%7C%7C6b9a00393fb1607b0ada13520f814ab5%7C%7C9a79943f75b031136e4b997b30b728eb%7C%7C9508d9287f271fc97c6859d1ba1500dc%7C%7C5d4f978063f56be55102fced27199b4d%7C%7C41e27066c7e4e93cc012cebbd1a28307%7C%7C651e07fe13c612e1ab706c392155dbad%7C%7C1629390669,sca:%7Bspg:fa62f8d9-0a59-a562-b0b5-034369a1d333%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:39 GMT
x-server-name: dt09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 14C2 43 B
215 B 215ms
214ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=e41cc051-22de-4b25-6939-68b1ba4b8062&tv=%7Bc:h0x9Dg,pingTime:-10,time:1433,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1656577358121%7C%7Cc4f480335765861ae63d44178f748fb8%7C%7C6b9a00393fb1607b0ada13520f814ab5%7C%7C9a79943f75b031136e4b997b30b728eb%7C%7C9508d9287f271fc97c6859d1ba1500dc%7C%7C5d4f978063f56be55102fced27199b4d%7C%7C41e27066c7e4e93cc012cebbd1a28307%7C%7C651e07fe13c612e1ab706c392155dbad%7C%7C1629390669,sca:%7Bspg:fa62f8d9-0a59-a562-b0b5-034369a1d333%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:40 GMT
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 75BF 42 B
64 B 92ms
91ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuTtHXLHktim_Dm0-7vn4cAOlTpUHy-ONvD6u27YLMMMwVTeTyeMIYI9A5fVgtvvXyImwAOSmp1wdnnXRuXOG-3clB2Zn9LGF7kn537k1kWdwQW4bxtf_35H-4k&sai=AMfl-YQiRW6L9G7TPEL4zupESyU1QT4dF3Avr1ajgtij5aTMOE-72A7P43ZFT1d7xbp61hnKnulIoVpW94hqCV0c3uhPyVBA78EdgO5blStiHquiv_txHSVmMFPN7FI&sig=Cg0ArKJSzI4HUQ8y77KYEAE&cid=CAASJORonPtbbb7L84ex10P36sQjklK5AIua_-ZRp5ZfeT34-YAJfQ&id=lidar2&mcvt=1000&p=931,204,1181,1396&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220627&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2483578089&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1656577358093&rpt=918&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F332 43 B
215 B 211ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1005482&asId=fa62f8d9-0a59-a562-b0b5-034369a1d333&tv=%7Bc:h0x9DS,pingTime:1,time:2498,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:24%7D,%7Bpiv:100,vs:i,r:,t:1494%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1004,o:1494,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1483~0,0~100%5D,as:%5B1483~300.250%5D%7D%7D,%7Bsl:i,t:1494,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1005~100%5D,as:%5B1005~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:324,fm:tae9LLI+11%7C12%7C13%7C14*.1005482-61968045%7C141%7C15.733337-64001342%7C17.990511-61634097%7C16.990511-61634097,idMap:14*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:40 GMT
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F332 43 B
215 B 211ms
209ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1005482&asId=fa62f8d9-0a59-a562-b0b5-034369a1d333&tv=%7Bc:h0x9DT,pingTime:1,time:2499,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:24%7D,%7Bpiv:100,vs:i,r:,t:1494%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1005,o:1494,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1483~0,0~100%5D,as:%5B1483~300.250%5D%7D%7D,%7Bsl:i,t:1494,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1006~100%5D,as:%5B1006~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:324,fm:tae9LLI+11%7C12%7C13%7C14*.1005482-61968045%7C141%7C15.733337-64001342%7C17.990511-61634097%7C16.990511-61634097,idMap:14*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:40 GMT
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 75BF 43 B
215 B 210ms
208ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=733337&asId=2eeaa10f-5e52-5c68-bd2f-44f6c4109cbb&tv=%7Bc:h0x9Hv,pingTime:1,time:1781,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:1192,h:250,t:17%7D,%7Bpiv:100,vs:i,r:,t:658%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1123,o:658,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.1192.250,am:i,cc:NaN.NaN.1192.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B652~0%5D,as:%5B652~1192.250%5D%7D%7D,%7Bsl:i,t:658,wc:0.0.1600.1200,ac:NaN.NaN.1192.250,am:i,cc:NaN.NaN.1192.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1123~100%5D,as:%5B1123~1192.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:209,fm:tae9LLI+11%7C12%7C13%7C14.1005482-61968045%7C141%7C142%7C143%7C144%7C15*.733337-64001342%7C151%7C16.990511-61634097%7C161%7C17.990511-61634097%7C171,idMap:15*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:40 GMT
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 75BF 43 B
215 B 208ms
207ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=733337&asId=2eeaa10f-5e52-5c68-bd2f-44f6c4109cbb&tv=%7Bc:h0x9Hw,pingTime:1,time:1782,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:1192,h:250,t:17%7D,%7Bpiv:100,vs:i,r:,t:658%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1124,o:658,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.1192.250,am:i,cc:NaN.NaN.1192.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B652~0%5D,as:%5B652~1192.250%5D%7D%7D,%7Bsl:i,t:658,wc:0.0.1600.1200,ac:NaN.NaN.1192.250,am:i,cc:NaN.NaN.1192.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1124~100%5D,as:%5B1124~1192.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:209,fm:tae9LLI+11%7C12%7C13%7C14.1005482-61968045%7C141%7C142%7C143%7C144%7C15*.733337-64001342%7C151%7C16.990511-61634097%7C161%7C17.990511-61634097%7C171,idMap:15*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:40 GMT
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 75BF 43 B
215 B 209ms
208ms Image
image/gif 52.33.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=733337&asId=2eeaa10f-5e52-5c68-bd2f-44f6c4109cbb&tv=%7Bc:h0x9HB,pingTime:-10,time:1787,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1656577358121%7C%7Cc4f480335765861ae63d44178f748fb8%7C%7C6b9a00393fb1607b0ada13520f814ab5%7C%7C9a79943f75b031136e4b997b30b728eb%7C%7C9508d9287f271fc97c6859d1ba1500dc%7C%7C5d4f978063f56be55102fced27199b4d%7C%7C41e27066c7e4e93cc012cebbd1a28307%7C%7C651e07fe13c612e1ab706c392155dbad%7C%7C1629390669,sca:%7Bspg:fa62f8d9-0a59-a562-b0b5-034369a1d333%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.33.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-33-66-202.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:40 GMT
x-server-name: dt02.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fvsim.ua%2F&domain=vsim.ua&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=eO6j-XxIQzlRZmlDU00wVnd3ZkYrNDFxMUM4VHNsdzhXbC8xMTd5WjhSaGowblVDZEdybExldWNXRlBDdEM0czhLMGJZWFk0Vk0zcWNCemRZZ09HMzROQy96aTFmQjd5clAwQjB5K1E3SmFWdHFlUWVoUFQ5WlNSUi9iS3...

326 B
603 B

171ms
58ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=eO6j-XxIQzlRZmlDU00wVnd3ZkYrNDFxMUM4VHNsdzhXbC8xMTd5WjhSaGowblVDZEdybExldWNXRlBDdEM0czhLMGJZWFk0Vk0zcWNCemRZZ09HMzROQy96aTFmQjd5clAwQjB5K1E3SmFWdHFlUWVoUFQ5WlNSUi9iS3QwbEhRdGdaQVJpU1hlMHpGTHhHWENXM3IvWWpOV1plSUYxMmVNTXQ2YTF6dEIwRytUbmJCY3JOOVFjdzVLTFRJYzY2M0pnMEVWcDhtaXZpdy84d0c1d0ZCekhUbzRIZzlhc211OFBJQ0NEUVcrU3lPVVhFPXw&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

eb54df517bbba0fe88c6af34e8802319c2791475a7cf37ccd5f9f36bee3a7cd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:40 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2568
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:22:40 GMT
location: https://mug.criteo.com/sid?cpp=eO6j-XxIQzlRZmlDU00wVnd3ZkYrNDFxMUM4VHNsdzhXbC8xMTd5WjhSaGowblVDZEdybExldWNXRlBDdEM0czhLMGJZWFk0Vk0zcWNCemRZZ09HMzROQy96aTFmQjd5clAwQjB5K1E3SmFWdHFlUWVoUFQ5WlNSUi9iS3QwbEhRdGdaQVJpU1hlMHpGTHhHWENXM3IvWWpOV1plSUYxMmVNTXQ2YTF6dEIwRytUbmJCY3JOOVFjdzVLTFRJYzY2M0pnMEVWcDhtaXZpdy84d0c1d0ZCekhUbzRIZzlhc211OFBJQ0NEUVcrU3lPVVhFPXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1580
content-length: 482
expires: 0

POST
H/1.1 200 692.json Show response
id5-sync.com/g/v2/ 213 B
614 B 189ms
61ms XHR
application/json 141.95.98.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/692.json

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/460160/hb_306660_6693.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.70 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216620.ip-141-95-98.eu

Software

Resource Hash

0542e6ea11cf822e28af0922e052aee9b841e6c0afe5e4bdd34b14ea123c3523

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://vsim.ua
date: Thu, 30 Jun 2022 08:22:40 GMT
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=UTF-8

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 192ms
63ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fvsim.ua%2F&domain=vsim.ua&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://vsim.ua
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 30 Jun 2022 08:22:39 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1202
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 204ms
63ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 30 Jun 2022 08:22:40 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1138
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 bg-img--small.jpg
vsim.ua/bundles/twentyminutuamain/img/ 5 KB
6 KB 56ms
55ms Image
image/jpeg 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/bundles/twentyminutuamain/img/bg-img--small.jpg
Requested by: Host: vsim.ua
URL: https://vsim.ua/css/3831ad9.css?5ee17681
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc36c65f1dc213532add7eda26bfcf948894764eb17f1ef9c7ca14a296d3534c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/css/3831ad9.css?5ee17681
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1782303
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5504
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: cloudflare
etag: "5e4d36b1-1580"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LRtVfDSxkCD7SztUpZHS8%2FJ7cTD1fCA02CcjBkc%2F4yrZHRpb21LeNRmVnS3nmvHhzW5N4%2FFvbJRwzcHLuCoMtXWwDflscCgpfRM30i8CLJ7ZUscFC8qIlc2lRyxa1vA3b%2F%2BWNjQ0"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 72357ee5fcdc8883-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET check
vsim.ua/site_login/login/ 0
0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 69ms
68ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022062701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

740f1349b14289c4875b5dd6b49ab422dc0ab8660280ce4f6409f04fd0f188be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 08:22:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10682
x-xss-protection: 0

GET
H3 200 bg_img.jpg
vsim.ua/html/20min-page/web/img/ 285 B
854 B 56ms
56ms Image
image/jpeg 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/bg_img.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 976781a6b69b836769e66569658da0331231de13c91eeb66948cb035b91f8971

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1798792
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 285
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: cloudflare
etag: "5e4d36b2-11d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lZzqWClf9sEzgyA7AqeL%2FmqjLLJBOhmz8IHPQDXhtZZJSzH4QaBciRglHLlUXqTO0A0tXKy8cmfMKZ8H8RWjsj9bko6Wse4Wcx5guMv3ij2gGoaC6NYvkxcN68G2eKg9MU0BSnCY"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 72357ee69e358883-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 bg_img.jpg
vsim.ua/html/20min-page/web/img/ 285 B
858 B 62ms
62ms Image
image/jpeg 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/bg_img.jpg?5ee17681
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 976781a6b69b836769e66569658da0331231de13c91eeb66948cb035b91f8971

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 165765
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 285
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: cloudflare
etag: "5e4d36b2-11d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zrC9vidzdyrSQgIMklOxwkpYyer%2FxTxbfjfHTqharnqVdlzKD2FM%2BHLrD1gu8Ev%2FUbsWbZ0YIEpmD3KrLf%2Bbt6Thlkdw2RlZtwS3pbqTCt3eat1uqq2wTAxuCnVHXAznzNeGG8fN"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 72357ee69e378883-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET style
accounts.google.com/gsi/ 0
0

GET
H3 200 status Show response
accounts.google.com/gsi/ 40 B
94 B 213ms
106ms XHR
application/json 2a00:1450:4001:801::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/status?client_id=218226485810-uqk03eati6qp5glmb6e91f2u24152enh.apps.googleusercontent.com&as=etO1S%2FMMXVDUAGcw6A7Bpw

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/gsi/client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

97b16ecca6982da5a8aca685032dd63a1eac86903b2cc0b68014e0a9a9f87fbd

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-Eqch6FBYRt_dTPN3O5W5vw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-Eqch6FBYRt_dTPN3O5W5vw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sdk.js
connect.facebook.net/uk_UA/ 294 KB
84 KB 116ms
57ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/uk_UA/sdk.js?hash=1fc71a09f28bc343fa54966e77d4ed8e

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/uk_UA/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://vsim.ua/
Origin: https://vsim.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: rn/xhWBXDM8fWKt/xgYUJw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 86201
x-fb-rlafr: 0
x-fb-debug: 4On/EDsc3i3yiXmKKiXCpiziCYlb7wg6UA7e41WdOwf/zv5SDcYBWCENkeGH+0CjFubUSWK1aNWF/HTMEeAMBQ==
x-fb-content-md5: 3036bcacca4ec5a5ef404e04a17a3f37
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 30 Jun 2022 08:22:43 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "20eaba82b30ef61a8d2a1e38f539c308"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 30 Jun 2023 07:33:25 GMT

GET
H3 200 e07a56eaeb55266073b0dcc102335be8b3dca404.webp
vsim.ua/img/cache/news_rtp_small/news/0028/05/ 27 KB
27 KB 62ms
60ms Image
image/webp 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_small/news/0028/05/e07a56eaeb55266073b0dcc102335be8b3dca404.webp?hash=2022-06-29-12-20-59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ac11600b32f80a513d99a06edda7beedf440689b2b7a6dc20eaa9aed531a26e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5173
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27470
last-modified: Wed, 29 Jun 2022 17:54:19 GMT
server: cloudflare
etag: "62bc91cb-6b4e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I%2BsUiuqTj%2F0iRJdSQc8TwTKpA0sOjr%2BnFfPe5KjOBujNRq4ypAiOqdRdv23UWCqbZ5i8xEKrJ1y56%2BPaRpdJja5prNrtuD%2BnyBlKSkTO5%2BeD7FHfnldB4o8764NTDLL6dRENClLE"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 72357ee6decf8883-LHR

GET
H3 200 0f0b89760abb2b23d10e56e72be16abe79a77ab3.webp
vsim.ua/img/cache/news_rtp_small/news/0028/05/ 30 KB
31 KB 53ms
51ms Image
image/webp 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_small/news/0028/05/0f0b89760abb2b23d10e56e72be16abe79a77ab3.webp?hash=2022-06-29-13-01-30
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d3378b5639d37c64c59f88e57a15a3025e302175067ff364f44829f92d409ad

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5173
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 30956
last-modified: Wed, 29 Jun 2022 13:23:32 GMT
server: cloudflare
etag: "62bc5254-78ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oxpdLx6BMeVyFsXUbmGLGyAtEqHo%2FEVC3n6CMwlw1kCSKVzE%2FWSJnGgayngyB818ZSUQZQbVvqe%2BE%2FcpH3uDBC8M%2BhuA7wLdfKFksXRsVepNcJKdckDPn%2FBW13WWlldpCUw34BaT"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 72357ee6ded08883-LHR

GET
H3 200 27cbb51cf727e2f9d0d7f472b15f92a784ba5140.webp
vsim.ua/img/cache/news_rtp_small/news/0028/05/ 19 KB
19 KB 54ms
52ms Image
image/webp 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_small/news/0028/05/27cbb51cf727e2f9d0d7f472b15f92a784ba5140.webp?hash=2022-06-29-13-13-16
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 953d806633c114d63b15e97d76f501c359990beee8d4ad2515710291083c79f6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5173
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19396
last-modified: Wed, 29 Jun 2022 10:42:43 GMT
server: cloudflare
etag: "62bc2ca3-4bc4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9EsQNhH25EzJfUXoZKc31nILi8nF5VT9t9e3bDQyx%2FU1GmH8MrDnmKFYGlRuMH%2FcCSCrKbGFOiQjtfBUdWEmI95ETY0sHA%2BfPDW8FTR20gXwmtBj7sAb11KNf%2Fc79tF7lhf9Xd0b"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 72357ee6ded38883-LHR

GET
H3 200 9df3162601545734d7132b66240a4cd6f8c3143a.webp
vsim.ua/img/cache/news_rtp_small/news/0028/02/ 15 KB
15 KB 58ms
56ms Image
image/webp 2606:4700:3035::ac43:d201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_small/news/0028/02/9df3162601545734d7132b66240a4cd6f8c3143a.webp?hash=2022-06-28-16-11-57
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:d201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b42255c66bd287cc9b82ccf8b78c6d41c2de0f17a5526b848f918cfcecb6ac08

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5173
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15190
last-modified: Wed, 29 Jun 2022 10:42:43 GMT
server: cloudflare
etag: "62bc2ca3-3b56"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yVHlF3QZxEDoFaTd3R7hg3%2Fir9WDIQbXIiPceZ2Oo47ywyiAaR8gKZLKTPKLhvZu3YS4ag0r95fumnprFL0NUt7beae9iTdsFnXaLa94WGwEQQKKGCS9UpqjXFER40hePJ7Okjzj"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 72357ee6ded58883-LHR

GET 0b9b98ebc544b6d4412fa496a38be964c6e82bb2.webp
vsim.ua/img/cache/news_rtp_small/news/0028/05/ 0
0

GET 7b3ac47dc38240d8e90d18ceb4a279573f65003c.webp
vsim.ua/img/cache/news_rtp_small/news/0028/02/ 0
0

GET 80f862f6584031ce5c76732b0726169cc11a6a0f.webp
vsim.ua/img/cache/news_rtp_small/news/0028/05/ 0
0

GET cc293a4cc58ee8c8a65f7e9c216b43f6e404bd8d.webp
vsim.ua/img/cache/news_rtp_small/news/0028/05/ 0
0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 08:22:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 08:22:43 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E3FF 13 KB
5 KB 54ms
53ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 32237
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 23:25:26 GMT
expires: Thu, 29 Jun 2023 23:25:26 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 635A 783 B
535 B 63ms
63ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7a8082231b16340ffb3c17376660ea3c978a9d9e53f09443940ce73aa26c562a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wDvWjz-d55Q2lsySdQDv0Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-wDvWjz-d55Q2lsySdQDv0Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 08:22:43 GMT
expires: Thu, 30 Jun 2022 08:22:43 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js
pagead2.googlesyndication.com/bg/ Frame E3FF 0
0

GET sodar
pagead2.googlesyndication.com/pagead/ Frame 635A 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: vsim.ua
URL: https://vsim.ua/site_login/login/check

Domain: accounts.google.com
URL: https://accounts.google.com/gsi/style

Domain: vsim.ua
URL: https://vsim.ua/img/cache/news_rtp_small/news/0028/05/0b9b98ebc544b6d4412fa496a38be964c6e82bb2.webp?hash=2022-06-29-12-29-39

Domain: vsim.ua
URL: https://vsim.ua/img/cache/news_rtp_small/news/0028/02/7b3ac47dc38240d8e90d18ceb4a279573f65003c.webp?hash=2022-06-28-17-31-51

Domain: vsim.ua
URL: https://vsim.ua/img/cache/news_rtp_small/news/0028/05/80f862f6584031ce5c76732b0726169cc11a6a0f.webp?hash=2022-06-29-10-31-16

Domain: vsim.ua
URL: https://vsim.ua/img/cache/news_rtp_small/news/0028/05/cc293a4cc58ee8c8a65f7e9c216b43f6e404bd8d.webp?hash=2022-06-29-09-57-43

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022062701&jk=2290266153323570&rc=

Verdicts & Comments Add Verdict or Comment

107 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
vsim.ua/	1970-01-20 04:09:38	Name: Value: undefined
vsim.ua/	1970-01-20 04:09:38	Name: browser_id Value: a95bce2a-e693-4f62-a306-56dd9d188e5d
vsim.ua/	1970-01-20 04:09:38	Name: remp_session_id Value: cdd4ab38-b26b-4c7a-a96f-fcdad48ea66c
.vsim.ua/	1970-01-20 06:19:13	Name: _fbp Value: fb.1.1656577355941.130752814
vsim.ua/	1970-01-20 21:40:49	Name: GN_USER_ID_KEY Value: c3fae23c-f763-48b9-a0d6-cee4b3deea3f
vsim.ua/	1970-01-20 04:09:39	Name: GN_SESSION_ID_KEY Value: d17c8819-1a9e-442e-9556-6f4fd68f0ad1
.vsim.ua/	1970-01-20 21:40:49	Name: _ga_0CS1NTGGLB Value: GS1.1.1656577356.1.0.1656577356.60
.vsim.ua/	1970-01-20 04:09:40	Name: AMP_TOKEN Value: %24NOT_FOUND
.vsim.ua/	1970-01-20 21:40:49	Name: _ga Value: GA1.2.2141105347.1656577356
.vsim.ua/	1970-01-20 04:11:03	Name: _gid Value: GA1.2.7655132.1656577356
.vsim.ua/	1970-01-20 04:09:37	Name: _gat Value: 1
vsim.ua/	1970-01-20 04:52:49	Name: _pbjs_userid_consent_data Value: 3524755945110770
.vsim.ua/	1970-01-20 12:55:13	Name: _pubcid Value: 47988ff1-a3c5-44eb-bf03-ed210e0130ce
pbjs.e-planning.net/	1969-12-31 23:59:59	Name: CT Value: 1
.e-planning.net/	1970-01-22 17:28:49	Name: E Value: AK5gynEBAqGkqK5K
.adnxs.com/	1970-01-20 06:19:13	Name: icu Value: ChgI4axaEAoYASABKAEwzbr1lQY4AUABSAEQzbr1lQYYAA..
.adnxs.com/	1970-01-20 06:19:13	Name: uuid2 Value: 276174191265966705
.doubleclick.net/	1970-01-20 13:31:13	Name: IDE Value: AHWqTUll8m3aMkz__Y6-vsAsOzIbGppzDY_u_oyrePZ5toc8Ijbx92g16AAxagQdmkM
.casalemedia.com/	1970-01-20 12:55:13	Name: CMID Value: Yr1dTZbmbvk8oCJTmsyEDgAA
.casalemedia.com/	1970-01-20 06:19:13	Name: CMPS Value: 333
.casalemedia.com/	1970-01-20 06:19:13	Name: CMPRO Value: 333
.vsim.ua/	1970-01-20 13:31:13	Name: __gads Value: ID=61de8279f880d5bf:T=1656577356:S=ALNI_MYABAJ2uCEAq_lzE9I2TLqFZwx-bA
.adnxs.com/	1970-01-20 06:19:13	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C'$qe<Tz!]tbd8i_iqf!oN/@E'zz<Z0Q3=AU(e'>]/ivqD#gAOGDR>C4EgE?eRbAv%STD._PlZ[C[-kX-C8#.R
.quantserve.com/	1970-01-20 06:19:13	Name: d Value: EH4BCQHAJoEA
.quantserve.com/	1970-01-20 13:39:51	Name: mc Value: 62bd5d4e-dfa6d-fb2a3-33499
.innovid.com/	1970-01-20 06:19:13	Name: uuid Value: 54b7c664-6a0b-42f0-81b9-e23e31e2a8b1-20220630 04:22:38
.e.dlx.addthis.com/	1970-01-20 13:39:51	Name: na_tc Value: Y
.casalemedia.com/	1970-01-20 06:19:13	Name: CMTS Value: 4347
.addthis.com/	1970-01-20 13:39:51	Name: na_id Value: 2022063008223900014393659891
.addthis.com/	1970-01-20 13:39:51	Name: na_tc Value: Y
.addthis.com/	1970-01-20 13:39:51	Name: uid Value: 62bd5d4fb52d88c9
.addthis.com/	1970-01-20 13:39:51	Name: ouid Value: 62bd5d4f000147aba3ac7f439431fefc6a62e781031252d713c1
.dlx.addthis.com/	1970-01-20 04:52:49	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 04:52:49	Name: na_sr Value: 20220630
.dlx.addthis.com/	1970-01-20 04:09:37	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 04:52:49	Name: na_sc_e Value: 0
.agkn.com/	1970-01-20 12:55:13	Name: ab Value: 0001%3AHf1ouSmxumn%2B5YkmRIdgav%2B4PhVy6Gsg
.agkn.com/	1970-01-20 12:55:13	Name: u Value: C\|0CEAqUBnPKlAZzwAAAAAAAQ13AQCAAQpAAAAAAA
.serving-sys.com/	1970-01-20 06:19:13	Name: A6 Value: 10QzQWx5XS1005xi000010000
.serving-sys.com/	1970-01-20 06:19:13	Name: u2 Value: b588b669-a02e-4347-bc39-731a66d3c02e4HB06g
.serving-sys.com/	1970-01-20 06:19:13	Name: eyeblaster Value: FLV=0&RES=32
.pubmatic.com/	1970-01-20 04:11:03	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 06:19:13	Name: KADUSERCOOKIE Value: 3301925E-46E5-48E9-8939-C45EAB1EAED1
.vsim.ua/	1970-01-20 13:31:13	Name: cto_bundle Value: ciQ_5V9DOFBiOTJCdEZHTExsZEwwd3lheDZvajdRTjczTTZtYTROUEQ0cXZ4VkRKOXRLeW1oYzZWJTJCREpPWEVWS09FYXJJekt2Sm0lMkYxTkdScXlKWHZKNFp5U3FaTSUyQk4wSjkwU2xZRzFCYTRtNW43YyUzRA
.vsim.ua/	1970-01-20 13:31:13	Name: cto_bidid Value: zsDFXV94S3E0ZzRtTU0zcVFydkpNMXpPOUpqQ1pSRFYxT3hiQ3B3UEJBSFEybEp1VTkxOHhHYWglMkZrVWhTJTJCTkZoSWNhZW9BeG9SaTE0TWQ1bHAlMkJrS1NoRyUyRnlnJTNEJTNE

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://vsim.ua/ Message: The resource https://connect.facebook.net/uk_UA/sdk.js#xfbml=1&version=v12.0&appId=178301089580185&autoLogAppEvents=1 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://vsim.ua/ Message: The resource https://accounts.google.com/gsi/client was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
network	error	URL: https://leokross.com/vAW/aGeq.js Message: Failed to load resource: the server responded with a status of 504 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9699815f36e2a73a89770d21843c58a5.safeframe.googlesyndication.com
accounts.google.com
adservice.google.com
adservice.google.de
adtelligent-d.openx.net
ag.innovid.com
ampcid.google.com
ampcid.google.de
api.gravitec.media
bid.g.doubleclick.net
bs.serving-sys.com
cdn.gravitec.media
cdn.gravitec.net
cm.g.doubleclick.net
cms.quantserve.com
code.createjs.com
connect.facebook.net
d.agkn.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e.dlx.addthis.com
fw.adsafeprotected.com
ghb.adtelligent.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id.gravitec.net
id5-sync.com
image6.pubmatic.com
leokross.com
lm.serving-sys.com
mug.criteo.com
odr.mookie1.com
pagead2.googlesyndication.com
pbjs.e-planning.net
pixel.everesttech.net
pixel.rubiconproject.com
player.adtelligent.com
prebid-eu.creativecdn.com
region1.analytics.google.com
rtb.openx.net
s0.2mdn.net
secure-ds.serving-sys.com
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static.adsafeprotected.com
stats.g.doubleclick.net
tpc.googlesyndication.com
tracker_beam.20minut.ua
unpkg.com
vsim.ua
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.googletagservices.com
accounts.google.com
pagead2.googlesyndication.com
vsim.ua
104.111.215.191
104.18.18.126
141.95.98.70
142.250.185.194
142.250.186.66
142.250.186.98
178.250.0.157
18.157.110.183
18.184.224.159
18.195.144.156
185.184.8.90
185.239.173.66
185.64.189.112
2.16.186.35
2001:4860:4802:34::36
2600:9000:206f:2400:8:48e:53c0:93a1
2606:4700:3035::ac43:d201
2606:4700::6810:7aaf
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2a00:1450:4001:800::2008
2a00:1450:4001:801::2002
2a00:1450:4001:801::200d
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2001
2a00:1450:4001:812::2004
2a00:1450:4001:812::2006
2a00:1450:4001:813::2002
2a00:1450:4001:829::2002
2a00:1450:4001:829::200e
2a00:1450:4001:830::200e
2a00:1450:400c:c07::9d
2a02:2638::1c
2a02:26f0:3500:11::215:14dc
2a02:6ea0:c700::17
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a05:d01c:1d8:8101:7677:5b33:71a6:2d38
31.41.216.82
34.98.67.61
35.186.253.211
35.214.184.209
35.244.159.8
37.252.172.45
45.133.44.4
46.249.52.248
52.213.113.49
52.214.225.206
52.33.66.202
69.173.144.139
74.125.133.155
79.171.117.17
8.28.7.81
01fb24629611503ba4ea42ea9d94c1b82449d62985a6087c5e22e9e38b9b0ff6
0319711b3eb9c9323047ec73a7ab50cc3b8627acc117aa60719d9d5253d54fe2
0542e6ea11cf822e28af0922e052aee9b841e6c0afe5e4bdd34b14ea123c3523
0a5ed0da29a2e91d39d2b8b5de2e4e2c1b9caeab3036e7b9e8cad649dece382e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bd36baa2bba9d01fdb120b73c741fef6efaa2e9e1a8d3e2a67576a2c965dc25
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14e76607f32a4936efaffced3ce6d74d65bc710a880f62f291888d99596c0197
1b6bc1f7259d0a88f1bab81af28c29fe4a7fc7bd8e36dcaf78665d8706759c29
1f0c2b0a2c352645b53399aff7d600aef3a1d49377280b4dbe6d6d8cc291a935
2101e85d7c5d9f83207fa16727c99947736b6f582f43970c4f479c50b280aad5
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
269bd69d6c1d25e848132ecfb48ec214040e49fd45e444760c3e226ca5fd7962
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb
2a40641661b54c304ebe64ce944b1261fd061962a6f2b86558f3b3d98237ca0a
2a788b617b03d1e88e81970b03b44033cf1051952b2595f66411e59595d05ce9
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e7778c6ed3c31a131da378d6e573a1b3b6723037cdeea4c4832da83e60c9399
2f42c410eba2c4dc22b4c39f686000a1a7093a01b84551a19ffc30b26c72a86a
30015300955352764840758227634ade8cc98299ccadc46cf9f3f6681385a756
34b32035c62caeb6ba158476cdc55287421596f7db6cfc52ca84d7a7bede75aa
34d1bd7b120cda27d7dda3ebc28d68e8311b9e7d150ea2039f64344d848dfd92
359793ee46fbdf7a9782612719c4a08dbc83704fa3f2326e5b4d9eebb6fd9ba0
3f7395272e337bd77d47ff9ba8f42f01348f039527171842d0cd2f802e322721
3f744b349a8dfe361caf1bae49437361d028b7c2b918b164283adf3e9dde51b6
460ff0b1da5bacd95df6905ad1c8df05bdda30aa4189e2fef38b53b6318e42ff
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
490a0a636b6524b952dc10a3968522b48f663b70f0ae12aad99bc22bb9330cdf
49dbc49878db407981d251cbf98e4d2f71909b016f438358e3f3ad9ac717ddcc
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bb1fd7097e41eaf1bc03a1aa81b614b685915a4dd7ad01a073c4d76c3225ef1
4d6d0d015fbe03479ae37ff12b169c9ceebba72307aec79da7d6b8e19f8255e4
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f859c54c2abc8c5257845d36ebb1152e3eb5c555b9b78420cca3a626ecabc9d
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
52d0b82fec18a281a1ad672b59bb497db964b708f4df9be0e0d5903d1b8e1a52
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55bab0aa112d20d4fdeea05d9d87cbc80400449ec1205c2e4495127b363d95e2
57bb8ce4acf8f2b3c4e2c7d04c978c8e868eb5c43c6efadf04f547cc79e64ff4
57db35b5a7ecf550145de3105d175c51162ebad9a69b1851dd95f528cf39706e
5a9d6d8bbbdc940b6818a983756ffc157d2b2d3f6a755d2966e09329a3f025bc
5c9bf9d938c8efe278de4e619b9b00c480fef06bcc4b69743037e88c8232b868
5d3f3bb842439897dd79aaa9307b84dd8afc860c505d0b24d2a7a06d6f87474b
5ee58d63b466de0f67a216954ad930f8cfa99fcb23b97c3c27e9c714520d2fa6
5f303a0de1cfe53713218d7f8b6d58cb3a85e0946f81cf0e4b79d1ce76e3a97b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
67a539307feececaa1d9e7c3c64309775fba011c2f6f11040f8ec73d53b1c086
6b2cfa93390b24fd81f2c0ed95548f44db2c650e34e8f86cca40436e8f8eecec
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3
6c09765834b837729cdca7d9fb46cf11c6d86920927f8102cdc485c2c1aaf415
6d3378b5639d37c64c59f88e57a15a3025e302175067ff364f44829f92d409ad
6ef81d1a436e54449d094e62ad44dc82221a1c752069947e0a2c071b49a9c701
6f5737160f8a1f843e9d9e9f3fa4cf1e1b1484902ad0607b450031c4f83bcaaf
701533d78dfbdf328139088493ac508aec92314998813d6b0c90ebb46e73000a
740f1349b14289c4875b5dd6b49ab422dc0ab8660280ce4f6409f04fd0f188be
76bf43cf5597f7953241dfff75d915d0d6775d6a1ec8a0b5e5d65f464609bb61
775cbfc10227443b6a5b93e5f8e555532f6a71852c62a0d3c4e11a4b1054212a
79db9ed714dce58ba264e8498b854803f736d027ad66de53f72ed0ddc367ad30
7a8082231b16340ffb3c17376660ea3c978a9d9e53f09443940ce73aa26c562a
7ac11600b32f80a513d99a06edda7beedf440689b2b7a6dc20eaa9aed531a26e
7b4920c59b4c2cba7bb51a6ba3e1f62644c828fcc216aa4203be9ebfb9223315
7b779a14bb71a7d52a740420015e1d19f22eaa4acd27eff4bfc4b0e81d69d41f
7d55d36ab7029a3ac11096692671cdfc36fa8446e8cf7584fc23de06074b0f85
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7f0330c318d01e6600ee4f5bded3d51be18edd6a4a3dd198889c5e4c8941442f
82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
84dce02db0d21f11aa5ed7434db9e9846a34976fbf2dab81eb414f423e42845d
854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d
88b263a05e0fa2a8084852de8152c02ade2b1cb33a2d9bbb780a2d9561e48c63
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8af594bfbdd1efc543b1dfdfd771d97631d6a30f8d3ac0ca4d19888cbf4d0354
8b291b8ad5548dab985d0214e67d53de9caea911599a0f5e03534b6127501050
8d055f06176b7d175b33b0c86d749cb1c28072cb4f9aecd978c0581e3efd54c9
914ae1610f5786356faacfe310695912004ca4e60e378a0098739aa07926ab4a
91c51f424031f6d025726982227527bc60cdc06c4bbe948cda46c66c54c2a695
92cc22507e69f2baa9a37f4dd7767bad45f4531a1667fd8cfb0665dd7bfd52d1
94fd08276582ae667bee252f6e799d0297b13eb915a07faff47a08c1751191a9
953d806633c114d63b15e97d76f501c359990beee8d4ad2515710291083c79f6
962344e179f8dce97ce49f49a0d210431c4a9f5613b6c97298304f911db42acf
9711c16a64e8b4086724485013257f3ba812d103630ddd609e3bcc677a07a0bb
976781a6b69b836769e66569658da0331231de13c91eeb66948cb035b91f8971
97a7980a664c89f5b5d3b500b6632a8c4ba82eafaeaa7747e4c0e8dda9311220
97b16ecca6982da5a8aca685032dd63a1eac86903b2cc0b68014e0a9a9f87fbd
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9a62693b523955f6ddca2965c2e8be1a7bcb1d41e6e98f6834abf23f0090bed6
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9af819deb3a2e5e45bb5f776f55e3a95c0a221ce81b9eba3b949c270e8bdaddc
9d1cb86ec27e86dfdefab39206fb510070d00b81d91f11ddc6720e3c62629d32
9eb8562273908e7707ffd48842a4c945283c4fd660453c77ae6ea00d2a73da86
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a04bb9dca5b8df66fc2d7031e9e4745a9774a62954a04e500f464c0b9dc90703
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0da891591ee9710b569ff2317a4ddbd250af64cccf85eb8f040ddfc3fdf5833
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a753dd9ef7187a1d741acbacb04ba2b1cc84ceb5e93f16a8cc6533ad06ede89e
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726
a8fad7ea6d56c85bc473f0091aa9870e4a7db6609c037eac826ed00c68ea3fb3
aafbe63767b52106445fc908e63387cf0c3064c6f9b9545d70b77b123f626cc6
ab8411fdccc02261a660415d02521f02cf29fbe1bb84fcc6e8371103966970a6
ae45377af9d89238bdd28995edb79dc857c596ee256268874c5478e020807211
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aef231caad9876f19aba7e2abc99353c2a2f45b4fee982fd2ca7edc59978a8f4
af5a3629d96ac19a7877ce66b2a5a9401faa2bc9a98fbc3dcca8b1d7454f40e5
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2b6a099f2b0cc9a29e31a8232a6e53b8ed27154ffad84a83bcdd121ac01b601
b42255c66bd287cc9b82ccf8b78c6d41c2de0f17a5526b848f918cfcecb6ac08
b50736d5ec0097525d6ff80d1b680bbbec44ada253b9f2c8171d76ec1350c28e
b8b9e3e8e1276c694f2cb8c6957a36d9d8ec542a8fd8d2166ed58d6897aaaa30
bb81a3f6452967a392101c3127a76d8b5f22cafd70f8baa1046cc753aa5a0824
bc36c65f1dc213532add7eda26bfcf948894764eb17f1ef9c7ca14a296d3534c
bc9c2a692b2e51f7452889365de85134341d53f8d36539cdaef3a8277db2edd1
bd38b27229b816922942c700643d9098b4d4895441f293e46ada0d7393ca5894
bf3151eb02230f6f505658b2df91cb14159810f9e4a083ce21920b76297a7989
c0f3f63b8aa81276ab867ee8172db9e3f7a03df59f3c868670c35cd7c635c762
c1f39195106732008423844c281afd28e9cce777ce569465d593f03707829c5f
c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbf391c4d3dd8f61e7a802609296c8ef3955ac3adb146cbe3252944c8ea94360
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d44ff903ae2f7a30bf8d369ebcc45937a2e8159b4902b3d813a8afd2a644d9ce
dbd991c12551f95524a9ca44db10706d942e698b9ef56d6111fe568c5cf193ef
dc05187f20059fb91e255cbd76de4a7e0481e2f02d15ae5c45eeed42d59e2a09
dd6bfabd983e40a92cd350180c9a98cd9e3f282335f73b2c2537ba3d4c9332d8
ddcbbc32233cadfaeac8b2d5d74d3c1c8c72f802be95b4dc3ed949cf5bee4fee
df0821266360b01bfc90782fc5c99b69ec2f41845676919ba53c30c246ac12ec
dfe627cdc131b0123585e4232c1bbc3c04b968627237b96d310a9ee437488215
e22384019dd6a399f90078abb812e214fb07e676d5978b327b36d2f31c6b8f9b
e24b651e84b6282726e291f999b8f476b638bc321e9add1013cb1f21fa7ba657
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e51999eebc0b9e4ac7b5387bf86f7c05970eb7b77df960003955d399e232c5c1
e7a204ebc565cba44972bbebf23b06165a5e2fd57d16d0772b7b01151dc50a27
e81753a8f9689cc6359d1219ef65e37e7827db414e82711378357de5377c18a7
e98501745c1500c02ede59eb329ac24f220509633741250b371199ecc9020ea8
eaf2c9137e521e1f030246115b742374c4594cc7facea8f516f19f44ffe05571
eaf824b5fdf0375ecea296a774abb055e025b6818c0604db02ddc2b18a439408
eb54df517bbba0fe88c6af34e8802319c2791475a7cf37ccd5f9f36bee3a7cd6
eccd88565d076df2201301bafbec831407665672e90f547f4de6c0cf850be75a
ecd8db3874142ac40ea4d77a8db2cf76a57b390b1d15532beeb5eb3139b10d0d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f098a3595ec969f431455f68d7cd1ab6d291cee669501616a38fa2b5e221bbad
f5cb3973bbcfa74279cbdf1fed6cb8de5cf4188bd0380132d0db0d87326d5b85
f863515ed7acc35dfe991abf9e322b2ec65a6ada96009c8c1c59d5fd8d4783ca
f8bdb531d36caf4bb43071d1be58a2d1b153d3a403f4b8f4e6a919dd46213f47
fa058ce5fd598607573ff9194857267322682a83b3547840b211bce2ef4bd5c0
fe22788c984fe7f3de48c7f9bf807f6c74ad466c3ab21e5202e69d2723cd0b14

vsim.ua Open in urlscan Pro 2606:4700:3035::ac43:d201 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

303 Requests

85 %HTTPS

48 %IPv6

36 Domains

61 Subdomains

52 IPs

9 Countries

3584 kBTransfer

10049 kBSize

45 Cookies

14 Outgoing links

Page URL History

Redirected requests

303 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

vsim.ua Open in urlscan Pro
2606:4700:3035::ac43:d201 Public Scan

Screenshot
Live screenshot

Full Image

303
Requests

85 %
HTTPS

48 %
IPv6

36
Domains

61
Subdomains

52
IPs

9
Countries

3584 kB
Transfer

10049 kB
Size

45
Cookies

303 HTTP transactions
5 data transactions