ad.mail.ru Open in urlscan Pro
2a00:1148:db00::17 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ad.mail.ru/adi/3030?rnd=438487096
Submission: On July 22 via api (July 22nd 2021, 11:48:59 am UTC) from DE

Summary HTTP 110 Redirects Behaviour Indicators

Summary

This website contacted 30 IPs in 6 countries across 23 domains to perform 110 HTTP transactions. The main IP is 2a00:1148:db00::17, located in Russian Federation and belongs to MAILRU-AS Mail.Ru, RU. The main domain is ad.mail.ru.
TLS certificate: Issued by GeoTrust ECC CA 2018 on November 13th 2020. Valid for: a year.

This is the only time ad.mail.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	2a00:1148:db0... 2a00:1148:db00::17	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
17	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
8	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
2	2600:9000:218... 2600:9000:2182:7400:1c:77a1:eec0:21	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
3	147.135.11.103 147.135.11.103	16276 (OVH) (OVH)
1	2a04:4e42:3::485 2a04:4e42:3::485	54113 (FASTLY) (FASTLY)
1	34.250.23.129 34.250.23.129	16509 (AMAZON-02) (AMAZON-02)
1	172.217.31.163 172.217.31.163	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:5800:15:6f6c:b180:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
2 2	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1 7	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
3 4	185.33.221.87 185.33.221.87	29990 (ASN-APPNEX) (ASN-APPNEX)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2 2	18.158.226.176 18.158.226.176	16509 (AMAZON-02) (AMAZON-02)
1 1	169.50.137.190 169.50.137.190	36351 (SOFTLAYER) (SOFTLAYER)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
2 2	72.251.244.141 72.251.244.141	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	213.19.147.44 213.19.147.44	3356 (LEVEL3) (LEVEL3)
4	54.229.115.186 54.229.115.186	16509 (AMAZON-02) (AMAZON-02)
110	30

3 2a00:1148:db00::17 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)

ad.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rs.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2182:7400:1c:77a1:eec0:21 (United States)

ASN16509 (AMAZON-02, US)

d3f4nuq5dskrej.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 147.135.11.103 (United States)

ASN16276 (OVH, FR)
PTR: ns100638.ip-147-135-11.us

analytics.wmgroup.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vastb.adwmg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.23.129 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

vid.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.31.163 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

14901a31ba3631c2ae5e54a143a83467.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:5800:15:6f6c:b180:93a1 (United States)

ASN16509 (AMAZON-02, US)

vpaid.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.162 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.185.226 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.221.87 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.158.226.176 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.190 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: be.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.244.141 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.44 (United Kingdom) 1 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.229.115.186 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-115-186.eu-west-1.compute.amazonaws.com

vid-io-dub.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	googlesyndication.com pagead2.googlesyndication.com 14901a31ba3631c2ae5e54a143a83467.safeframe.googlesyndication.com tpc.googlesyndication.com d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com	124 KB
23	doubleclick.net 3 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	350 KB
17	2mdn.net s0.2mdn.net	1 MB
7	google.com 1 redirects adservice.google.com www.google.com	958 B
6	springserve.com vid.springserve.com vpaid.springserve.com vid-io-dub.springserve.com	89 KB
5	ampproject.org cdn.ampproject.org	101 KB
4	adnxs.com 3 redirects ib.adnxs.com	4 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com	4 KB
4	gstatic.com csi.gstatic.com fonts.gstatic.com	41 KB
4	googleapis.com imasdk.googleapis.com fonts.googleapis.com	210 KB
3	mail.ru ad.mail.ru rs.mail.ru	37 KB
2	m6r.eu 2 redirects tracking.m6r.eu	1 KB
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	googletagservices.com www.googletagservices.com	65 KB
2	adwmg.com vastb.adwmg.com	19 KB
2	google.nl adservice.google.nl	975 B
2	cloudfront.net d3f4nuq5dskrej.cloudfront.net	378 KB
1	1rx.io 1 redirects sync.1rx.io	304 B
1	blismedia.com tr.blismedia.com	136 B
1	simpli.fi 1 redirects um.simpli.fi	708 B
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	wmgroup.us analytics.wmgroup.us	373 B
0	impdesk.com Failed pix.impdesk.com Failed
110	23

	Domain	Requested by
17	s0.2mdn.net	ad.mail.ru s0.2mdn.net cdn.ampproject.org
13	pagead2.googlesyndication.com	srcdoc securepubads.g.doubleclick.net d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net ad.mail.ru www.googletagservices.com
10	tpc.googlesyndication.com	ad.mail.ru cdn.ampproject.org securepubads.g.doubleclick.net tpc.googlesyndication.com d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
9	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
8	securepubads.g.doubleclick.net	ad.mail.ru securepubads.g.doubleclick.net d3f4nuq5dskrej.cloudfront.net vastb.adwmg.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	vid-io-dub.springserve.com	vpaid.springserve.com
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	www.google.com	1 redirects ad.mail.ru tpc.googlesyndication.com d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
4	googleads.g.doubleclick.net	ad.mail.ru d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
3	fonts.gstatic.com	fonts.googleapis.com
3	adservice.google.com	s0.2mdn.net securepubads.g.doubleclick.net
2	tracking.m6r.eu	2 redirects
2	pm.w55c.net	2 redirects
2	googleads4.g.doubleclick.net	ad.mail.ru
2	www.googletagservices.com	securepubads.g.doubleclick.net d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
2	d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	fonts.googleapis.com	securepubads.g.doubleclick.net
2	vastb.adwmg.com	vpaid.springserve.com ad.mail.ru
2	adservice.google.nl	securepubads.g.doubleclick.net
2	imasdk.googleapis.com	s0.2mdn.net
2	d3f4nuq5dskrej.cloudfront.net	ad.mail.ru
2	ad.mail.ru	ad.mail.ru
1	sync.1rx.io	1 redirects
1	tr.blismedia.com	d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
1	um.simpli.fi	1 redirects
1	rs.mail.ru
1	vpaid.springserve.com	imasdk.googleapis.com
1	14901a31ba3631c2ae5e54a143a83467.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	csi.gstatic.com	imasdk.googleapis.com
1	vid.springserve.com	imasdk.googleapis.com
1	cdn.jsdelivr.net	d3f4nuq5dskrej.cloudfront.net
1	analytics.wmgroup.us	d3f4nuq5dskrej.cloudfront.net
0	pix.impdesk.com Failed	d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
110	35

This site contains no links.

Subject Issuer	Validity	Valid
*.mail.ru GeoTrust ECC CA 2018	`2020-11-13` - `2021-11-17`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
analytics.wmgroup.us R3	`2021-05-23` - `2021-08-21`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-30` - `2022-06-01`	a year	crt.sh
*.springserve.com Amazon	`2021-07-07` - `2022-08-05`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.google.nl GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
vastb.adwmg.com R3	`2021-05-28` - `2021-08-26`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2021-06-29` - `2021-09-27`	3 months	crt.sh

This page contains 16 frames:

Primary Page: https://ad.mail.ru/adi/3030?rnd=438487096
Frame ID: 67C5AA322CB536ABA9E04DA3A00A9683
Requests: 21 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.472.0_en.html
Frame ID: 32E46FD33DFE5CB0DC5E83129772D19C
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: D49DF3E0E4405F2A0CACF7178C19217A
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: ABD90862112CF67E0FAB0F39B6869692
Requests: 5 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/loader.js
Frame ID: DD7402C511111F0F663721D397DC1834
Requests: 6 HTTP requests in this frame

Frame: https://14901a31ba3631c2ae5e54a143a83467.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 42095B9CF4AFA438BF540A7264D257C8
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012107130206000/amp4ads-v0.mjs
Frame ID: 328A94C3C9F40F8279D2FBF54CC3A774
Requests: 24 HTTP requests in this frame

Frame: https://vastb.adwmg.com/vast
Frame ID: 560E2F8390514D98D946AF0ECDFD2996
Requests: 1 HTTP requests in this frame

Frame: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 095DB4AA38AF932A0BE002B1092568A8
Requests: 1 HTTP requests in this frame

Frame: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6FDF289E1ADF59989592E6461B82F632
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 84E1EE0BB7841031955F331AE1274D37
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BA8AD910EF3B0B4550E694A54961F2F1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ4aTvAhjw0sahATAB&v=APEucNWkvlmrunj4TPWknDmw_7FOpmMEkrpejKvc5dsyhbMOImXBHSIRMPHxh6K3ttXEx7Ih3BTUZDO3gcEXXRXk-A3j0pBBN0LNwxnSAOLsTtw9kbwZB0yDtZ4b7NeXbh77Rpk6KCnqUgk1lM9YFdqkX9XthPIUWuwZ9godYrcHh7QN_uM1fng
Frame ID: 094E3281A14CC5959A46FA16857B8A1B
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F308A64D25C19832E6DE1C1FA13F1E3D
Requests: 8 HTTP requests in this frame

Frame: https://s0.2mdn.net/9957158/1616512476367/index.html
Frame ID: 1DB590C0E543CC27B9BC58674318D3A1
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C2D6E7F8AABB4ACCDB87488AC3B3F5FA
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i
script /2mdn\.net/i

Page Statistics

110
Requests

95 %
HTTPS

56 %
IPv6

23
Domains

35
Subdomains

30
IPs

6
Countries

2575 kB
Transfer

4988 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 68

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG19K-ydH72sVGdrzqfaEqo&google_cver=1

Request Chain 69

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YPlbGrg61M7taSJitLzkfwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG19K-ydH72sVGdrzqfaEqo&google_cver=1

Request Chain 70

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECJMr-Z3UVjRluyYmeytx2I&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECJMr-Z3UVjRluyYmeytx2I%26google_cver%3D1

Request Chain 71

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ5NTk1MjIzOTA3NTkwNzk2OA%3D%3D

Request Chain 81

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFDwFLFj5xRSk1eavI1KEPs&google_cver=1&google_push=AYg5qPLJTh8xncUULoyhpe_18olDnESJ0QGtVwaq_BZwixUYcxPWYyr4V2O0JNnTESB9j6mPY8vibnOf9-YZeETymjvRWe4uPg HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFDwFLFj5xRSk1eavI1KEPs&google_cver=1&google_push=AYg5qPLJTh8xncUULoyhpe_18olDnESJ0QGtVwaq_BZwixUYcxPWYyr4V2O0JNnTESB9j6mPY8vibnOf9-YZeETymjvRWe4uPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=RGFTSDhwMm4xTTZ4Ylo1&google_gid=CAESEFDwFLFj5xRSk1eavI1KEPs&google_cver=1&google_push=AYg5qPLJTh8xncUULoyhpe_18olDnESJ0QGtVwaq_BZwixUYcxPWYyr4V2O0JNnTESB9j6mPY8vibnOf9-YZeETymjvRWe4uPg

Request Chain 82

https://um.simpli.fi/gp_match?google_gid=CAESEPHffg6-VrKeS_1bgIw4DWw&google_cver=1&google_push=AYg5qPInED-e14Sft06-dNItxKbVUMx9b24QhF_yFk22b0cusAnR0JnH6-XbgDvi7or1irnZ_MU1WvMHFgF5UI_zWa6xB7X5iPQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C049B4D16ADB42768331C2F1CDECC04A&google_push=AYg5qPInED-e14Sft06-dNItxKbVUMx9b24QhF_yFk22b0cusAnR0JnH6-XbgDvi7or1irnZ_MU1WvMHFgF5UI_zWa6xB7X5iPQ

Request Chain 84

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEB7CJ63jww7sParqsV1sdQg&google_cver=1&google_push=AYg5qPLlLezU3ESFBs8JxZU2YSK2PjCM-eIMcoBFAYPjTyO5ap3Tp-BgoKAkbJS1XVOkNayb3IeLokbZuVJBxv56dsMlTEqdkg HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEB7CJ63jww7sParqsV1sdQg&google_cver=1&google_push=AYg5qPLlLezU3ESFBs8JxZU2YSK2PjCM-eIMcoBFAYPjTyO5ap3Tp-BgoKAkbJS1XVOkNayb3IeLokbZuVJBxv56dsMlTEqdkg&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=BdsMl3qvDodaKz6AeZfWsQ&google_push=AYg5qPLlLezU3ESFBs8JxZU2YSK2PjCM-eIMcoBFAYPjTyO5ap3Tp-BgoKAkbJS1XVOkNayb3IeLokbZuVJBxv56dsMlTEqdkg

Request Chain 86

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEK4JYA4hRwwXk7ip1UD5U5Y&google_cver=1&google_push=AYg5qPLIZrNr_8kFU7zQCFR04Uuo_sdxm14r55hisU4Kwk_Tr-B1uFVGu0mCQmeZrXOVZI4SBwvTRi48U98mqVX4EREZgKPpdbw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPLIZrNr_8kFU7zQCFR04Uuo_sdxm14r55hisU4Kwk_Tr-B1uFVGu0mCQmeZrXOVZI4SBwvTRi48U98mqVX4EREZgKPpdbw&google_hm=

110 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set 3030 Show response
ad.mail.ru/adi/ 18 KB
18 KB 166ms
82ms Document
text/html 2a00:1148:db00::17
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mail.ru/adi/3030?rnd=438487096
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a00:1148:db00::17 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
Software: nginx /
Resource Hash: 79eb09d625582fc132812df31b30bd280305488c911849ecbe76e8eb53bfd8be

Request headers

Host: ad.mail.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Thu, 22 Jul 2021 11:48:40 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: p=5wcAAMDeiAAA; expires=Sat, 22-Jul-23 11:48:40 GMT; path=/; domain=.mail.ru; SameSite=None; Secure
Cache-Control: private, no-cache, no-store
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"
Timing-Allow-Origin: *

GET
H2 200 ima3.js Show response
s0.2mdn.net/instream/html5/ 340 KB
117 KB 37ms
16ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/html5/ima3.js

Requested by

Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b522f3020c155252273666edf2a0b9f8a48ac7b625846692c71a02fd5f0e92ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119631
x-xss-protection: 0
expires: Thu, 22 Jul 2021 11:48:41 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 69 KB
24 KB 36ms
35ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

49477b5f0f6309d3fcc379bc6454edc3623fb30908026cec6e67be42bd9c84e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "937 / 500 of 1000 / last-modified: 1626952271"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24154
x-xss-protection: 0
expires: Thu, 22 Jul 2021 11:48:41 GMT

GET
H2 200 adwmg_vpl.js Show response
d3f4nuq5dskrej.cloudfront.net/js/vpl/ 43 KB
44 KB 39ms
10ms Script
application/javascript 2600:9000:2182:7400:1c:77a1:eec0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3f4nuq5dskrej.cloudfront.net/js/vpl/adwmg_vpl.js
Requested by: Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:7400:1c:77a1:eec0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 087e9facfd9d1dddb0201c1d294f4b44f6cbdd3a02a698bb9acb9f85a46c41e5

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:47:29 GMT
via: 1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
last-modified: Wed, 07 Apr 2021 16:09:34 GMT
server: AmazonS3
age: 73
etag: "c912ea2351fd05ad099f4e21b3bcc6de"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 44543
x-amz-cf-id: 72pkNlEVeTWNn9fEQksanV_4tflQ5RZeX4KZXPI3dUMa7I_MW7TE0Q==

GET
H2 200 14b9e5_main_mail_ru_short_vb_300x250_18.06.2021.js Show response
d3f4nuq5dskrej.cloudfront.net/js/ 333 KB
334 KB 37ms
9ms Script
application/octet-stream 2600:9000:2182:7400:1c:77a1:eec0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3f4nuq5dskrej.cloudfront.net/js/14b9e5_main_mail_ru_short_vb_300x250_18.06.2021.js
Requested by: Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:7400:1c:77a1:eec0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cc310932652aeacf45230c766bfc8d81138b45d58812c7e52cea82a132de5154

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:21:22 GMT
via: 1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
last-modified: Wed, 07 Jul 2021 13:25:19 GMT
server: AmazonS3
age: 1640
etag: "63bf35f2e5c2ab23e981bea7ad109a04"
x-cache: Hit from cloudfront
content-type: application/octet-stream
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 341424
x-amz-cf-id: wzNVTtXxK8Z1HGRnd1_-n2Ff9HQKSyV3JLua-rfkej39XXuW8y13tw==

GET
H3-29 200 pubads_impl_2021071401.js Show response
securepubads.g.doubleclick.net/gpt/ 329 KB
115 KB 34ms
33ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

65506c87a4e71875a107df7ca37f45ccfd40688cf8e01f65c7e71792dbd6818c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 22 Jul 2021 11:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 14 Jul 2021 08:38:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117283
x-xss-protection: 0
expires: Thu, 22 Jul 2021 11:48:41 GMT

GET
H2 200 bridge3.472.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 32E4 578 KB
190 KB 26ms
6ms Document
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.472.0_en.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/instream/html5/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

130cd7fbc7a835ab8d1e683a108369534476bfc5c5b75cf93a3def2bce0f5812

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.472.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.mail.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.mail.ru/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 194367
date: Fri, 16 Jul 2021 07:35:00 GMT
expires: Sat, 16 Jul 2022 07:35:00 GMT
last-modified: Fri, 16 Jul 2021 07:29:35 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 533621
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
16 KB 29ms
15ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/instream/html5/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Thu, 22 Jul 2021 11:48:41 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ad.mail.ru

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/instream/html5/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 22 Jul 2021 11:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H/1.1 200
OK 3030
ad.mail.ru/adi/ 18 KB
18 KB 45ms
45ms Media
text/html 2a00:1148:db00::17
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mail.ru/adi/3030?rnd=438487096
Requested by: Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a00:1148:db00::17 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
Software: nginx /
Resource Hash: 79eb09d625582fc132812df31b30bd280305488c911849ecbe76e8eb53bfd8be

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: identity;q=1, *;q=0
Host: ad.mail.ru
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: video
Referer: https://ad.mail.ru/adi/3030?rnd=438487096
Cookie: p=5wcAAMDeiAAA
Connection: keep-alive
Range: bytes=0-
Referer: https://ad.mail.ru/adi/3030?rnd=438487096
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Date: Thu, 22 Jul 2021 11:48:41 GMT
Server: nginx
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Cache-Control: private, no-cache, no-store
Connection: keep-alive
Timing-Allow-Origin: *

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame D49D 36 KB
13 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:06:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2545
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 22 Jul 2021 12:06:16 GMT

POST
H/1.1 200
OK collection
analytics.wmgroup.us/analytic/ 0
373 B 320ms
105ms Ping
text/plain 147.135.11.103
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.wmgroup.us/analytic/collection
Requested by: Host: d3f4nuq5dskrej.cloudfront.net
URL: https://d3f4nuq5dskrej.cloudfront.net/js/14b9e5_main_mail_ru_short_vb_300x250_18.06.2021.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 147.135.11.103 , United States, ASN16276 (OVH, FR),
Reverse DNS: ns100638.ip-147-135-11.us
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 22 Jul 2021 11:48:41 GMT
Server: nginx/1.18.0
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: keep-alive
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length: 0

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 7ms
6ms XHR
application/json 2a04:4e42:3::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json

Requested by

Host: d3f4nuq5dskrej.cloudfront.net
URL: https://d3f4nuq5dskrej.cloudfront.net/js/14b9e5_main_mail_ru_short_vb_300x250_18.06.2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:3::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2180b81aeb53baf599c8fc869a9010abb25dd9bfdc8279dad28733374d2bf3d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 31234
x-jsd-version: 1.0.1045
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 944
etag: W/"6a0-llOzNJRbG/lcA1ZZxHrOT4k/dzw"
x-served-by: cache-fra19152-FRA
x-jsd-version-type: version
date: Thu, 22 Jul 2021 11:48:41 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 621808 Show response
vid.springserve.com/vast/ Frame 32E4 2 KB
2 KB 109ms
36ms XHR
application/xml 34.250.23.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/621808?w=300&h=250&cb=1626954521202&url=https%3A%2F%2Fmail.ru%2F
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.472.0_en.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.23.129 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 4f8671c0503a6238188a5fc116577e50a7a07a780a57921a4026ddcce7f9b0cc

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://imasdk.googleapis.com
date: Thu, 22 Jul 2021 11:48:41 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-encoding: gzip
content-type: application/xml;charset=UTF-8

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame ABD9 69 KB
24 KB 33ms
33ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: d3f4nuq5dskrej.cloudfront.net
URL: https://d3f4nuq5dskrej.cloudfront.net/js/14b9e5_main_mail_ru_short_vb_300x250_18.06.2021.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

49477b5f0f6309d3fcc379bc6454edc3623fb30908026cec6e67be42bd9c84e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "937 / 672 of 1000 / last-modified: 1626952271"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24154
x-xss-protection: 0
expires: Thu, 22 Jul 2021 11:48:41 GMT

GET
H3-29 200 pubads_impl_2021071401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame ABD9 329 KB
115 KB 33ms
33ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

65506c87a4e71875a107df7ca37f45ccfd40688cf8e01f65c7e71792dbd6818c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 14 Jul 2021 08:38:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117283
x-xss-protection: 0
expires: Thu, 22 Jul 2021 11:48:41 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 32E4 0
348 B 1115ms
284ms Ping
image/gif 172.217.31.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kreupqz7&c=8100788035953&slotId=4050394017976.5&fb=ima_html5-lima&sdkv=h.3.472.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vmfc=1&vhc=0&ghmsh_eids=420706098%2C44737475
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.472.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.31.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:42 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 loader.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame DD74 52 KB
19 KB 20ms
7ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/loader.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/instream/html5/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9b86fb3ddf4db048fcdb86ae7b80be5565a239669b67652a8ae1398e487edbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:38:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Jul 2021 20:33:09 GMT
server: sffe
age: 596
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18950
x-xss-protection: 0
expires: Thu, 22 Jul 2021 11:53:45 GMT

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ Frame ABD9 107 B
853 B 38ms
16ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=ad.mail.ru

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 22 Jul 2021 11:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame ABD9 107 B
122 B 32ms
16ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ad.mail.ru

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 22 Jul 2021 11:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame ABD9 59 KB
14 KB 377ms
377ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1840942917235678&correlator=4443054537017618&output=ldjh&impl=fif&eid=31061650%2C31061736%2C31061818%2C31061762%2C20211866&vrg=2021071401&ptt=17&sc=1&sfv=1-0-38&ecs=20210722&iu_parts=205338224%2Cmail.ru_300*250_mainpage&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=4&cookie_enabled=1&cdm=ad.mail.ru&bc=31&abxe=1&dt=1626954521515&dlt=1626954521342&idt=160&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=658&adys=16&adks=462823201&ucis=h9nnt7o9q9b8&ifi=1&ifk=3317706057&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fmail.ru&loc=https%3A%2F%2Fad.mail.ru%2Fadi%2F3030%3Frnd%3D438487096&top=ad.mail.ru&vis=1&dmc=8&scr_x=0&scr_y=0&psz=284x234&msz=284x0&ga_vid=1256516554.1626954522&ga_sid=1626954522&ga_hid=1117949636&ga_fc=false&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

c82cd05665a769fcf4089c00be25598f4378f5c22e74741a8f65b95f97e23dde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14691
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ad.mail.ru
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
14901a31ba3631c2ae5e54a143a83467.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4209 6 KB
3 KB 60ms
14ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://14901a31ba3631c2ae5e54a143a83467.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 14901a31ba3631c2ae5e54a143a83467.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.mail.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.mail.ru/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 22 Jul 2021 11:48:41 GMT
expires: Fri, 22 Jul 2022 11:48:41 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 vpaid_56b062b7.js Show response
vpaid.springserve.com/production/ Frame DD74 487 KB
87 KB 36ms
7ms Script
application/javascript 2600:9000:2156:5800:15:6f6c:b180:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_56b062b7.js
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:5800:15:6f6c:b180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1124b04828785508ce2fedc6a122128f4cb52f637e9be944ede82409b981ef8

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Jul 2021 15:05:35 GMT
content-encoding: br
last-modified: Wed, 21 Jul 2021 14:56:41 GMT
server: AmazonS3
age: 74587
etag: W/"b19f9b7ab5961c8d0f4fb72f4f358f50"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 baaf38f0a0d54e4834bf934fa5189ceb.cloudfront.net (CloudFront)
cache-control: max-age=2678400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: klWhjWLPQq5-nPxB3SGFoZGX2HfgNRn6eqWkxjeScaAlE9hGoej71g==

GET
H/1.1 200
OK xml Show response
vastb.adwmg.com/ Frame DD74 2 KB
1 KB 329ms
107ms XHR
application/xml 147.135.11.103
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://vastb.adwmg.com/xml?networkId=112081842&adUnitCode=main.mail.ru_vast_banner&duration=10&pageUrl=https%3A%2F%2Fmail.ru%2F&skipOffset=5&adSlotSize=relative
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_56b062b7.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 147.135.11.103 , United States, ASN16276 (OVH, FR),
Reverse DNS: ns100638.ip-147-135-11.us
Software: nginx/1.18.0 / Express
Resource Hash: a2dc48778424d222fe44df1858e43fcb230fe7fe04d6777b4d6084e174640648

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 22 Jul 2021 11:48:41 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server: nginx/1.18.0
X-Powered-By: Express
ETag: W/"66b-ESnT70sCHjCImPBoX3bWEpxglhM"
Transfer-Encoding: chunked
Content-Type: application/xml; charset=utf-8
Access-Control-Allow-Origin: https://ad.mail.ru
Access-Control-Allow-Credentials: true
Connection: keep-alive

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012107130206000/ Frame 328A 188 KB
54 KB 36ms
9ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107130206000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1caacdebd86c67f86ab89cdbd30b056a8c1141638aafdd35ec453c4bae91692b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 239983
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55160
x-xss-protection: 0
server: sffe
date: Mon, 19 Jul 2021 17:08:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b724d3ee8cec1601"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Jul 2022 17:08:58 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012107130206000/v0/ Frame 328A 13 KB
6 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107130206000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b16e9c1da7045c9057350282766a114be2070b065e5e8a42ae635d0610ba6d0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 239983
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4795
x-xss-protection: 0
server: sffe
date: Mon, 19 Jul 2021 17:08:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "392d0f0d5f27c169"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Jul 2022 17:08:58 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012107130206000/v0/ Frame 328A 87 KB
27 KB 43ms
17ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107130206000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

faf5e994ddbada86a873b5d14c1bc0f449a097e61e6fbe0c04e0691b70ec5644

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 239983
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27843
x-xss-protection: 0
server: sffe
date: Mon, 19 Jul 2021 17:08:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f120bcb28bbafed0"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Jul 2022 17:08:58 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012107130206000/v0/ Frame 328A 4 KB
2 KB 45ms
20ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107130206000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d398520ac47945ab429cf02b444202f4db1cf7fee5b5335cf98fb009ce56ab8e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 239983
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1658
x-xss-protection: 0
server: sffe
date: Mon, 19 Jul 2021 17:08:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6fba3cabb8cd86f8"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Jul 2022 17:08:58 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012107130206000/v0/ Frame 328A 40 KB
13 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107130206000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29d096500cc94cbe347c613cb34199c274da1fe8b5df04fdb49ee75ace5edbec

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 239983
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/amphtml-china-available
date: Mon, 19 Jul 2021 17:08:58 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12840
x-xss-protection: 0
server: sffe
etag: "6d4edf2414c2591f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Jul 2022 17:08:58 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 328A 4 KB
726 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=ru

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 09:52:04 GMT
server: ESF
date: Thu, 22 Jul 2021 11:48:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 22 Jul 2021 11:48:41 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 328A 4 KB
703 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 11:46:24 GMT
server: ESF
date: Thu, 22 Jul 2021 11:48:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 22 Jul 2021 11:48:41 GMT

GET
DATA 200
OK truncated
/ Frame 328A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95e1b6614cf5494fb4559af61cf357ed720c4544b7ba7cb3d60960e02487017f

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 9689911563002489644
s0.2mdn.net/simgad/ Frame 328A 261 KB
261 KB 10ms
8ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/9689911563002489644

Requested by

Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c3ae575f2830868f6e1d9331de0961544cb7ed2a36f94a83b86329e90975eb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Jul 2021 15:56:09 GMT
x-content-type-options: nosniff
age: 589952
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 267611
x-xss-protection: 0
last-modified: Thu, 15 Jul 2021 14:06:03 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Jul 2022 15:56:09 GMT

GET
H3-29 200 2512031805776293652
s0.2mdn.net/simgad/ Frame 328A 1 KB
1 KB 8ms
6ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/2512031805776293652

Requested by

Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6daa507a2ab8f55aa909ca46af39d67bc24e6faa0932173bce15194bd97a69b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Jul 2021 15:54:22 GMT
x-content-type-options: nosniff
age: 590059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1153
x-xss-protection: 0
last-modified: Thu, 15 Jul 2021 14:05:45 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Jul 2022 15:54:22 GMT

GET
H2 200 ad
googleads.g.doubleclick.net/dbm/ Frame 328A 42 B
347 B 39ms
38ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B_7AMyHQZ2HMZR3Sg9tgoriVB9gTr_5N_5gp7oUU19r-TVKB-PSUxeXXuVDqyVqEu5YiEcsEsi5xiar0RlS1j8TjOCqq4Zla2Zh-1qrqjVXs53ooAa80owbw2FrnOv7ztyIK8_0mun5CF_Bx5087pldxD2rQ&dbm_d=AKAmf-DX5pCktmADP68d-LugdDNHAsoyb3bLTO2iwE6FK9EHKEm0Ra8MlxEOhwtFLvWJILLEwK305QAbAk6xf5d8XOVVQVALqy4ge6rWM4pWW1UzfhJGDcwSa0VfRHkcLvzhLzmc9cn8c7_hQI222gCx6rpNQ6mUKcYsEllJcB_LMJL7ze7y_PuydTsce_V7QpaQnnNntYcyKJI7MieuCvTR5AWeZtTV9Zy7dHjfkIJrUQgWbmDKAgcv9Q8q0QJsykAbylsipQ5nZa60KaUIwqVLo2iN3YUm8LmDHwHVaMPvpzqNjDayDbOeMq5OTTLq6U_jJXByk8Mjn1Xq3W3gvP9vebpwSxZz-heCMfOnRaTRgVq3NH9-3vAkJae9zC3JiK0hdaIQpLpd1dgL2AeYV_YPNf6d02n1uSY_5qL62wMI17Na5QL9DpPxWsemJOMZbpEy4Ha_fIb5dLRpYKx26j0fRKrulGEKPH9eu4y2qic5q9z5C2kshgSlOml1epYibYiGV8CzbOSzf4768bUVd5eZ8oOhuwAjAyY6wCaP0KgK828zC21O-zEUlGnKgUkDtSaJWJo7goJ1uz0W06_8AcV6MuO9nB7bgPXDd9qHVeuTRtbLZXR_FpCB--ztQFlUuETz7g_zbIyqCf6F3BKG0KKU7nNO-HBHb9YkvV75OXFAug2A33WZXYruwGZdW15fBW5xG88nAkLmrLFlSNdRECf4Uvvm0Fqc0O-CXVpz0C6sHR7IqRl4iwOGpdMrXcC4EmNuaZHnnPtd0RVfkywED1z5dokDnfagb58FlMiv8pj0GG8wnihLSuzIT3lsaDF0eabiA0H_kqY_HCi8KRyRUQEPcKSs8_bNHkIUioG0uRogEcw-D-3TXyrx7C2Wbel-2wfvYif8HAedXuyG8-cZC2ta2l5e7eQEU8fL7j3Kuf4LhNh6JwNRWsAVa78yH00yywfikYx9XNNIJmnDMxQOsYLGYsPyo97WNfcrF6zth8TmIM2zXS3eA8kKX6-VZ0ai0rghl8kcKdWm4A9UUYDyLkucMNh7qCMfTMG-BREOYtatjTZDWIPsMHiQtDYgx1FWxaDMJ0_C5klCrWNNFSHgDrpC0e5PSSXHuiUAqt1lmj7c_h03wJrOgrEvQx7wfGsX_-ep1VEufMglcSpLHt1XGHia6AU583l2pI31xef6FCOluD5oXEbvx8i_Tmhy0DgEFFvJ_W3LBQ2-_HUZ4YXwMD4RuteK3nFReYIjneKx0qsQIX-Rz7DX4Lnne6vXPQ3BwBVrGsWl_exRB3AEUJiX2HQMpFM910skTE_9dSvg8WQZvc-X2Z-bKnfvVBdVFh_QudZLOqIZvPX0qjr3hXvXQOJsYxi0USE2lEITXPOJtKF07lyzWL2Bnh0226zzajzohbliW2W3dpn093BKUbujYpiJjrKZuaB0feefjMgNWPWF5Vb9sr7uCAZjkcMxbj02uF2dS274WM4HM9X2p1qytgEbPgtbUWHta0o0PyS2wX_VqXUlxLACd2TXlhQyCEc908eVciHbc3Lo_Klb0wkRfvFFqpL9DvVtxgkHmOt6YoO5FqVX-Or6EqvgtgvuuvrZJ0agWdmhpNDRqI2Dk8MBlvn79d7v34TPzxaml_IEmx0rjJMOhoCrBqxOj6PkfOoiYiY5YIKBlcfUHIXpUN25A-gAoyC21TSt6jLn6EMSGOYCHQN6Gq5WFgi1CoJWXycblVk2qVhx2OlZZYtL-PTVEt30PiWBLPgl4f3Y5HdKHNxJNq7v1oIPUCJKdKTdofktPmN49ItrWzoQJlBJd_J485Nu2BCWLLJ04gl-fD_CP9lODxl7cbjDODjkl9v0LQvYOYZD5ysvbLGjPa1tkXa2IcGULSMdLA2FiWUfJ1C72VKIsGWeCCfvzBK4-XJ5BtjcMzs6mCmzZqL21uJkdXhJXvVICWA_YBO9bYezcwnZphMm_wxJWXBD2KUWq46jJuWoGakjLFZh0pmkKLVlHRWYjAeE05_cRm9uAyYAk5LJ1PZUDwIm5bkm8LTkpriGSahR4Bl5WcsxTQQIFLFPMM3BOxxWwhGTveDSqQVb07-VIZnTLeB6uK_yyoWV1FDNnaTqImuEOcxh4NZuH_xbHdwbzCD37N5-dGbHlUXtZZmKOLm0jCZsyPxm38c87QO4ztLmJQueHGPjc-RqQXQxh2Lu7zZ2RYw3MVjto2AN226re02JCBx_QFUWpAZUCSckckF81fokDVNfFBHIiTN_C0Dr2uiTGDd78Kane2KS08Kfi9Z9EHZhY0ubXArZDXseG9Lx_1m-JMkXeJVR0zAJN19ZW2w469yaMwQUZKuKfY871uvGkTmcKJtaiI7Y6SDhpEoQKYLndlu9qqDJN_w2mrq7A-7ySPxnU3q1wJyRwiuAdrCkYGQKNoEiXFoNA3OSbB3Oz73BS2DywdPvWBJCWOmHn1uyiINSSWVnueZTxE_3k_nDN8k--hSHFNeCnd6VN_yRlrGDjMDbnYoN4FlTydVsg9kaSc5TPIjRcq4yHwWmZYlCo3EOhireWY0JL_0SrCuZumEMlQ0xF-knbUov1WzlBlEQmxCQqPiMfygig-z-fJlOkEM2Yj6PizN7oyNeeLmrm-5HEKYwks7VyuagDJdkxzB0Zkk3VlxbUTzk1l_pC5rKRSR_LIa3iF011FGrr1KQU7qmFFvu7l8GuL4Ax_scUxkmZ6v0x8FEuUw6ajw3Uj7lt9zTyLGDuXL-gSgX61PwwuxJBHcyhc1LGS2HfKepKGRE-AfUCkD41UHOXiXPIlLxTL0XbjMXRvS99ar88XqeQ_qVxLW-x3CzmfqhxpjrU4rZVK2W7LDa8PCjH_X_PFgcOUiYJUTMJ7x9HQPhDfAmICEt2wbCZRG61bu4uqaX_j31njKqO5QkCpX--w-hEZy4eeXNNX_QrZwvfhLD1Hcy2K0CSb32ZGJ28GI2t0eVYGrVprsP3A030Yc6GUdrzPAelu4rWObsGWmdpiKrX802bo4ED6KrYiGGEWt3TpRV824KeJtopJX1Nm0dWYzJCNSSiuG2bBLxCWRSjGZXIxaUGgwuHsLUsuggsDRUV5HJYqSyt6VembeJwRhNfVioSK8nyjBXRt0cGsWDDlcdJjxFiE6Xro-PJciekWC38BPHC1h5OcoApXDSkQOCkQlbrFM995lZyrIIziJCba62MQyeG8vM_V-7RPQm66WwbXv7F0l4bCvz-p3ZaWczEk__7t2-_gweXHeHKX-K5_fbMBQLdA7sI6j5d271&cid=CAASFeRo_KAJoOez3yLblFcIk_YVuL8rlw

Requested by

Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 328A 0
0 65ms
64ms Image
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CB2AdGVv5YK7-IYSDjuwPpJCX6AbKzcbkY5P3iZS0DvAuEAEg4IWtRWCRhICA_BegAYHJh7kCyAEGqQKlxqXRasmzPqgDAcgDCqoEvwFP0H02HYV_6OzF8kKxvDIz3PWkdNHALOxFm0Ov9okKNFslhVWgIGv8jDhGN8MT1NR722TK6fzspWgQ51rLFCTj_0J11n_Q_-oM3nkQ8M-GGsVOnTpucDcEaUsYCxMSdFuc3_olUBSYC_YbZX6WSJ4klC4ZUnqxGzxBHgtwMT58p7Ktb6SVsiAXlVDEywkjQywmexWejGP5mfM3hQDtR5_b3pLp3FHIypNyuDfKqoA9njjIh414HMKBFc9WhOsnmcAEjOevkPED4AQDiAX_98LoM5IFBggDEAUYAZIFCggiEAUYAUj0pGKSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBjeAB-e2-MYBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RvYBwHyBwoQx9UMGJbw8a8B0ggJCIjhgBAQARgdgAoDyAsBsBPVyYkMyBPbvtndA9ATANgTCtgUAdAVAYAXAbIXGgoYCAASFHB1Yi04NjIyMTg2MzAzNzAzNTY5&sigh=jyQYcqlnEDg&cid=CAQSPgCNIrLMVb0SoObOQOxEpRCgfjOqqIMrOMyWNCOczuI-_cmoa3SKvpQHRquyo-Q08OkK8x2BUgBHMIf-xhw_&template_id=509&vt=10
Requested by: Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame 328A 0
0 15ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSI8haLhltysYiX-s7Uj9suZKrMaA3U0hMTy6PfvmvNndRXcaZpe4k5aN_ePFiVOn9k90hUBCNPujBLfK3zmD3GtFJQRw
Requested by: Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 ru.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 328A 3 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ru.png

Requested by

Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 22 Jul 2021 06:10:48 GMT
x-content-type-options: nosniff
server: cafe
age: 20273
etag: 6726277462267614359
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3041
x-xss-protection: 0
expires: Fri, 23 Jul 2021 06:10:48 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 328A 344 B
449 B 8ms
7ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 21 Jul 2021 18:40:15 GMT
x-content-type-options: nosniff
server: cafe
age: 61706
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Thu, 22 Jul 2021 18:40:15 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 328A 9 KB
10 KB 10ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8dd3b91ca60e6a0486326c5c275590dd1d753240c2efa9f94730815813997fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ad.mail.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 00:58:58 GMT
x-content-type-options: nosniff
age: 211783
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:43 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 00:58:58 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 328A 15 KB
15 KB 10ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ad.mail.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 18:26:24 GMT
x-content-type-options: nosniff
age: 235337
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Jul 2022 18:26:24 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 328A 16 KB
16 KB 9ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ad.mail.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 17:17:27 GMT
x-content-type-options: nosniff
age: 153074
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 17:17:27 GMT

GET
H/1.1 200
OK vast Show response
vastb.adwmg.com/ Frame 560E 17 KB
17 KB 204ms
204ms Script
application/javascript 147.135.11.103
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://vastb.adwmg.com/vast
Requested by: Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 147.135.11.103 , United States, ASN16276 (OVH, FR),
Reverse DNS: ns100638.ip-147-135-11.us
Software: nginx/1.18.0 / Express
Resource Hash: 8125e02730143efb5630c2c21d73fb44d995b322051da5ac71c34f70bd6d63e5

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 22 Jul 2021 11:48:42 GMT
Last-Modified: Mon, 29 Mar 2021 10:24:09 GMT
Server: nginx/1.18.0
X-Powered-By: Express
ETag: W/"444a-1787d83225e"
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17482

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 328A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

44ms
22ms

Image
text/html

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Thu, 22 Jul 2021 11:48:42 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-29 200 9689911563002489644
s0.2mdn.net/simgad/ Frame 328A 261 KB
261 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/9689911563002489644

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012107130206000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c3ae575f2830868f6e1d9331de0961544cb7ed2a36f94a83b86329e90975eb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Jul 2021 15:56:09 GMT
x-content-type-options: nosniff
age: 589953
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 267611
x-xss-protection: 0
last-modified: Thu, 15 Jul 2021 14:06:03 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Jul 2022 15:56:09 GMT

GET
H3-29 200 2512031805776293652
s0.2mdn.net/simgad/ Frame 328A 1 KB
1 KB 8ms
7ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/2512031805776293652

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012107130206000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6daa507a2ab8f55aa909ca46af39d67bc24e6faa0932173bce15194bd97a69b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Jul 2021 15:54:22 GMT
x-content-type-options: nosniff
age: 590060
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1153
x-xss-protection: 0
last-modified: Thu, 15 Jul 2021 14:05:45 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Jul 2022 15:54:22 GMT

GET
H3-29 200 ru.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 328A 3 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ru.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012107130206000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 22 Jul 2021 04:02:35 GMT
x-content-type-options: nosniff
server: cafe
age: 27967
etag: 6726277462267614359
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3041
x-xss-protection: 0
expires: Fri, 23 Jul 2021 04:02:35 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 328A 344 B
368 B 8ms
7ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012107130206000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 21 Jul 2021 22:40:25 GMT
x-content-type-options: nosniff
server: cafe
age: 47297
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Thu, 22 Jul 2021 22:40:25 GMT

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 69 KB
24 KB 33ms
33ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: vastb.adwmg.com
URL: https://vastb.adwmg.com/vast

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

42cadc875f0890119d3bb83437b8e413b9f7f4621145f065ba1857bb420fb2c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "937 / 383 of 1000 / last-modified: 1626952271"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24154
x-xss-protection: 0
expires: Thu, 22 Jul 2021 11:48:42 GMT

GET
H3-29 200 show_companion_ad.js Show response
pagead2.googlesyndication.com/pagead/ 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_companion_ad.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7313b1057f6543d7eb7acaa080be92b436473884cc71a5b0bdf5ece0d5e0aa4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:45:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5950
x-xss-protection: 0
server: cafe
etag: 3337145904970783249
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Thu, 22 Jul 2021 12:45:06 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.nl/adsid/ 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=ad.mail.ru

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 22 Jul 2021 11:48:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ad.mail.ru

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 22 Jul 2021 11:48:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
9 KB 458ms
458ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1363472695884961&correlator=2390366522640112&output=ldjh&impl=fifs&eid=31061806%2C31061818%2C21064369%2C21068030%2C20211866&vrg=2021071401&ptt=17&sc=1&sfv=1-0-38&ecs=20210722&iu_parts=112081842%2Cmain.mail.ru_vast_banner&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=4&cookie=ID%3D30f38dad876fcba9-225347968ac800fe%3AT%3D1626954521%3AS%3DALNI_MaT7xMLrcPW2lZSzsuL5izOdeZsfQ&cdm=ad.mail.ru&bc=31&abxe=1&dt=1626954522231&dlt=1626954520996&idt=181&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=133&adks=3386659194&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_sd=1&flash=0&url=https%3A%2F%2Fmail.ru%2F&loc=https%3A%2F%2Fad.mail.ru%2Fadi%2F3030%3Frnd%3D438487096&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=300x-1&ga_vid=967529672.1626954522&ga_sid=1626954522&ga_hid=2116617383&ga_fc=false&fws=4&ohw=300&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

eae813779fe8dff8ef3a8f1f914c9020747d2b818360134f1cb5a0409c4596d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8989
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ad.mail.ru
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 095D 6 KB
3 KB 40ms
13ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.mail.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.mail.ru/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 22 Jul 2021 11:48:42 GMT
expires: Fri, 22 Jul 2022 11:48:42 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK e32422448.gif
rs.mail.ru/ 43 B
207 B 125ms
41ms Image
image/gif 2a00:1148:db00::17
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rs.mail.ru/e32422448.gif?e=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a00:1148:db00::17 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 22 Jul 2021 11:48:42 GMT
Server: nginx
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 43
Content-Type: image/gif

GET
H3-29 200 container.html Show response
d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6FDF 6 KB
3 KB 24ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.mail.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.mail.ru/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 22 Jul 2021 11:48:42 GMT
expires: Fri, 22 Jul 2022 11:48:42 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ae2862c982de5ca8aa7d0b97b493a0561b30a04a6d7ae249ae8f758e7453842

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:42 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1626736025986498"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28059
x-xss-protection: 0
expires: Thu, 22 Jul 2021 11:48:42 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 28ms
27ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021071401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

13af99d5cc7547d396a1ffd423292fcb3ba969744401fca8bec767bd940aad51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 22 Jul 2021 11:48:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8444
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061818

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Thu, 22 Jul 2021 11:48:42 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 84E1 12 KB
5 KB 8ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.mail.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.mail.ru/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Thu, 22 Jul 2021 11:33:29 GMT
expires: Fri, 22 Jul 2022 11:33:29 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 913
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BA8A 783 B
531 B 16ms
15ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

89993bbf808a294788d1b9d06ae1d48670e8621ec7c69d10e0f88ee8bcb991c6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uJD2xkis7p/FvkbuUDDhRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.mail.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.mail.ru/

Response headers

expires: Thu, 22 Jul 2021 11:48:42 GMT
date: Thu, 22 Jul 2021 11:48:42 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-uJD2xkis7p/FvkbuUDDhRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 094E 624 B
297 B 24ms
23ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ4aTvAhjw0sahATAB&v=APEucNWkvlmrunj4TPWknDmw_7FOpmMEkrpejKvc5dsyhbMOImXBHSIRMPHxh6K3ttXEx7Ih3BTUZDO3gcEXXRXk-A3j0pBBN0LNwxnSAOLsTtw9kbwZB0yDtZ4b7NeXbh77Rpk6KCnqUgk1lM9YFdqkX9XthPIUWuwZ9godYrcHh7QN_uM1fng

Requested by

Host: d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
URL: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMX_6gIQ4aTvAhjw0sahATAB&v=APEucNWkvlmrunj4TPWknDmw_7FOpmMEkrpejKvc5dsyhbMOImXBHSIRMPHxh6K3ttXEx7Ih3BTUZDO3gcEXXRXk-A3j0pBBN0LNwxnSAOLsTtw9kbwZB0yDtZ4b7NeXbh77Rpk6KCnqUgk1lM9YFdqkX9XthPIUWuwZ9godYrcHh7QN_uM1fng
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmraH_UaPdFMwZDf6B7zgTD-9SlJHsI8NG4ZB89LcyU4k4-BNjZ9gJhsdeic9c; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 22 Jul 2021 11:48:42 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6FDF 60 KB
25 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAdME2WPsuCCzMJRhE6vCYeMrT4RlY2Jxj1_eNTbusoxbxBn_0RCfXPAu6tNOWC9PkzYQyq8oiI1QLzvzygFEA-TfP5jCIqSV0BqGnRYZ07RKZ6w0wD9se16gysOvgs4gJAuIsdbBsrhBPAJw5Ktp_3x8CUg&dbm_d=AKAmf-DxqVx5Fzmkmyt2gFOS4sIvYjObk9fbJcq14W2Dx-7yHuPUkyfsuD_xgYwzhxcoO2SwnaG6-sL2qZ6H6kQiOke577k8XvabBWjB4Xo7F80PD34NGy7A4Zq81rv15FS1jcp694tXC6Rtc6CBEL0MzUyBnhP91uk2KA2od_V3YE8igugRYfl3uaokqQaOKBv0EvvpH-ZdYtIW4yH-Cob2xZ8MaLd9bPuoXuD9KjJqJ9yVNgbni5jug0sgPdAckkdqN0l3aBS96DtpsCN0w-vNc9Cdwdn89-5FzYmiTtyngexOVVixWbbaIVfcpsauQb2jHxp8WGbUhtKoWoHnG2PQDT_g6z_JNI1vRMFqBPacduKePCl3LRhijzQShrXAsHBFUl7M2-_415xhB6ikU-Ffq5WoowE6k41Zcf0YG8Nvds0w_vCH3MO3fMOOk2OawSZ7x3sRNMsVTRKg-BlCQPM5IYyElgW_WsyoTfAbvKNBZknVY2sKGohkREjOryy4S_xvCvatgcYMUx82VwZ-y7-uekdfwjgk0BHP-EWEAKqMozXZy8M39vF0KGSM-fuGwr3o6MevojSS29DovRauJ7mtPs0AGFOeR92EKDZwPqyxpzGDj30Q8oMiuuM6J5yLG85X5OeFWNOK-2H63wGWnyBfTkZBCoUyBCn6bMgvemrVxdLpWT7wLjxMFWxRIt80i4Szx1jExY0Mk_MzkmrXtTY8a_368mqKEDQxiODoC-4r_sVsbE-oCF__fsF4x73HWmWBS_YP19ULak_OBraVPeRBu5vpjerHAK5Xyo2FS2VbBFX2shg8gxDk9O2CAVkB5dJGrmGxx-K7jz1ijuuJlP69N8nWJGtQ9WSLpD54jZg1ywCqF_GB0MEmY2vvDt3K_8KIS2Y1eGbxRhhYfZevGwILzDQ0BwQ3h0ij1tmFg9owXPL36rjsoD-2fxH-aCpdFbVPENVODTnMcrxEFMlhf_oeCQeCrvVekeRgSnFZ1aCwXUh3uxZGG53y0zLpiSGWXSMedgGkovH2dJDRpm4xvh201VPhAFXkLX1sSKXNubaJgKpg0o_UdHuUM3p3vg9cQamgA3Zwg-pDikhVk___mGjm7HmtVELOOG078mCDyu-hMQX9YwM72p8F39A7qQmnK139qvzeKfefYUcV18vFELhTCXvdi852iLKllh1zZ4xm_xiu4VN4DdONejBhQ8Lj4YniTlZROhz54fQsS9_HgHiJkEiKj0AlaE-K0i7miVsPz4fcfklfzJi-AVMc4wX0ituCCWCW0dCJkqufJQk9ybC-O37J40nieMaDtxNwZ8jGqFjZiqpoqhkTs5ToljSC1IfqCngVut5LOSre-liZWIRpywGHEq3PhCqP_Qyxyqh4amxfSmtHO_ss8mywsEI84nXRqpiwUI7SzMRCTPiVp1q6L8BWFWWJ3CBnb3qaUAcpD7zwxkuFoxpyp9-d-FuGs-3zYfUVFXJkyK5Ng8bTc7hcMNO_sqNgVz10p7Tas-ol3czAt5rMCB-0Dw3RhBs0hOetr_4kzlkQ5Tn1THwQZSxGAD3qacUGHELXLVHcNViItnsBxx18-DPlWKvDbcRINVbAt6X96LYca3rBLIzyWwmVvieN54FQokYhbhEZdBQLSJ3yFfii6P-BE3MoaSkQX87CH4g_yQ-x280CHmWcbDmuxt8Hx-X8_AgeZE2yIK3v1PGB8TBMvxGL6oMlUmfDJ_ggVYSffW4VVgbn24zVQHWdztvUqpYyay8Xm0Y33jLT2wZ0JLHuKeg3SNrdWMhR4nIkJrnREbIoP67lamT8xS7_hBN4mVxMU8k884n0xN6EX171PzS0U-3cMMNADR1sXzBlBf9_bNlhsxqExzMVZr3y7zp0_7D8YUCM-ynNob7jEEClpvKSJEFC529hOnKOKsNno0ZBByexlAXdFsi8WGHI5MVXNUF_cF6-UoeBsQGU5FII-SX-VEWEQxU_Q_wu11TW1_4N0MH_cjRzw3E6mi4yOs9umUMTwJXO9JCKZtGG-YAhdGrql_N2Gqpf7YaAl46awjMFiGHlXSPNO0mIo-8D4LobfFtMQBgdCAZKX1V6w_GILlvall-mJiyCDI0SYn8WFPkTJJq-Ptbw_2awUmP19cxfH1CFtXBKHlMVxsgnBI5CBFZfR7JVJRA3rxCggT6A7spKOst7bOMUxopHzy5HoeFsQN1lxLkKDcGgMdUzW6mZUR8QN8bQbMGz2AH92CcgOHlqqlFDytxxNd74BFhjDZTfmCzqF_cUycmcFMmeiYp7HP84F6Ybdvc_8RvTE1Jd8y5F3u9F-Z7p9mdn_REBfTceE4rINxA6EEgqiatVSYSBJUSjxyGb4DEr1tpgA9tLPfZlUl9RdiT5q-5Zf2lJwKo8oXEPz_aAP_eOX77m0Wxmt6evZgyIjXtjNcyjyzCMWbuka7sBIFypDWIHBQR6L1ut3JawSi3FznZw_v0e3rA38bkorZTC6Md68TFlJ851PaED4awVY_DnrkDFul0WVCYXjEVKr2BY0XYFN9L3AFNANir8Aomfy0EyOA1FpFVjU1czKLyk2pHFLRdujXcQM09JzTOAllGeOPzb9L5gj6Oa44i8bX9u1K-8r5SgE_uWx6U-vWE-iKPQevMlo7MQytmYT-laLZrpuP9O0lTM1iSF4kZBmHA6aoUSndo11ViQtXTbnuKLKt-k7Jj9gsGgmdBzLimktC2Y-2NOh3r5jGT5llt4Dmb5-gQwpNha_CZQUkRcjq4TKXQIyOvBaR3VONbgMmPUFhL3mA-cKCFMu8DTpVVHE5ilHaXm35OxbEASp-K7lsVHypYtuR1YZckdmmH8zSJ70qQxnwMszf8QgInXCBdGeRwrDvvYORN_mOB62snULK4GyHiii_PQ6pSJ2AAiTP2qMoIrfT3LCTN0GykNM-LhLzDWCya7wfECpyQNhWOZTcJatnFqg8xLCw8FwBjxrR6KS2lTZZHtXxIvz59s2ampD5EH1Yk0k_XEvB4Dc1kjK0x3666xQpWla5249jvtwyLOiUbkkTUvED6wQZB6QOMtReE-mmBG7kKI5P6-aUvWAoyMUdnISWxbilCirsQ6dgkTXs2E3UgJwybqlYVNGpaCMgH4F60H_6Z0UsubtFLg6T_WBD91NEdXstdcg3hVEE16oEOaNRLc2IYsZ_BKMCuyWvb2UVcxOIExzFo1uTSlIjyKOyLArZFcSoJ8y45slSFUAXBhPZu35Uimx2MKK7yDwOK1mRhF6BOUSmvJMaMrvROh2Y0BwdkSR7zanMhVopZCOR5Flqcxw6Rz-WOXdWj6aItfWBzECloAXeWU86jEB9HPPwQBGPd_3-uo3-HxV1cttZP7NeDkbOs6AdzFUDpGIq4&cid=CAASEuRoZIEDl69GNWAamKSFhNI9Yg&rfl=1%2Chttps%253A%252F%252Fad.mail.ru%252F%240

Requested by

Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1030d483226422b32956445ad0cb1ff238bae5906ef8be2fb8fdcfcf8f5b0ecb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25102
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6FDF 42 B
63 B 42ms
41ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BYlGrIeuj4B_CaHgSIZ3xORE2yKDcxQi-yYIH1Rqj9PcK4QXvl_tS1B2K8q6YF0cjgn0miaqSOKFLhcTcGc5KZl2KExCeQdYPLR6lhxk9cjzIuIPw

Requested by

Host: d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
URL: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210720/r20110914/client/ Frame 6FDF 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210720/r20110914/client/window_focus_fy2019.js

Requested by

Host: d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
URL: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:44:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 281
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Aug 2021 11:44:01 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6FDF 124 KB
37 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
URL: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cde489cf1c7c60eaa7f52a198c1b13cd33471693178874e6414a3fbf010f2652

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:42 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1626736020213958"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38153
x-xss-protection: 0
expires: Thu, 22 Jul 2021 11:48:42 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210720/r20110914/client/ Frame 6FDF 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210720/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
URL: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b1a4081a8a32bc714fbb7a2509141683bc3eb707a421c0db556ed856f6d8e99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:47:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 93
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6195
x-xss-protection: 0
server: cafe
etag: 10716856519410487149
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Aug 2021 11:47:09 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 6FDF 0
0 15ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTEgdbJ6jb_dyrnIIoeXYwAHtmid3wcCa6HdYLqSMfQIZB_Um9P9ikgUB8Qwr9vta1okfxxYiO4DFmtwwFxucL3jqjHqA
Requested by: Host: d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
URL: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 K69jH8UFrOCkOTHHl3NJFfCa68pF8Bp7Mwjsnyploxc.js Show response
pagead2.googlesyndication.com/bg/ Frame 84E1 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/K69jH8UFrOCkOTHHl3NJFfCa68pF8Bp7Mwjsnyploxc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2baf631fc505ace0a43931c797734915f09aebca45f01a7b3308ec9f2a65a317

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:26:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1343
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13214
x-xss-protection: 0
last-modified: Wed, 14 Jul 2021 07:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 22 Jul 2022 11:26:19 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 094E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG19K-ydH72sVGdrzqfaEqo&google_cver=1

43 B
1014 B

86ms
33ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG19K-ydH72sVGdrzqfaEqo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ4aTvAhjw0sahATAB&v=APEucNWkvlmrunj4TPWknDmw_7FOpmMEkrpejKvc5dsyhbMOImXBHSIRMPHxh6K3ttXEx7Ih3BTUZDO3gcEXXRXk-A3j0pBBN0LNwxnSAOLsTtw9kbwZB0yDtZ4b7NeXbh77Rpk6KCnqUgk1lM9YFdqkX9XthPIUWuwZ9godYrcHh7QN_uM1fng
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 22 Jul 2021 11:48:42 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 22 Jul 2021 11:48:42 GMT

Redirect headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG19K-ydH72sVGdrzqfaEqo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 094E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YPlbGrg61M7taSJitLzkfwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG19K-ydH72sVGdrzqfaEqo&google_cver=1

43 B
1014 B

32ms
31ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG19K-ydH72sVGdrzqfaEqo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ4aTvAhjw0sahATAB&v=APEucNWkvlmrunj4TPWknDmw_7FOpmMEkrpejKvc5dsyhbMOImXBHSIRMPHxh6K3ttXEx7Ih3BTUZDO3gcEXXRXk-A3j0pBBN0LNwxnSAOLsTtw9kbwZB0yDtZ4b7NeXbh77Rpk6KCnqUgk1lM9YFdqkX9XthPIUWuwZ9godYrcHh7QN_uM1fng
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 22 Jul 2021 11:48:43 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 22 Jul 2021 11:48:43 GMT

Redirect headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG19K-ydH72sVGdrzqfaEqo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 094E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECJMr-Z3UVjRluyYmeytx2I&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECJMr-Z3UVjRluyYmeytx2I%26google_cver%3D1

43 B
1 KB

24ms
22ms

Image
image/gif

185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECJMr-Z3UVjRluyYmeytx2I%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ4aTvAhjw0sahATAB&v=APEucNWkvlmrunj4TPWknDmw_7FOpmMEkrpejKvc5dsyhbMOImXBHSIRMPHxh6K3ttXEx7Ih3BTUZDO3gcEXXRXk-A3j0pBBN0LNwxnSAOLsTtw9kbwZB0yDtZ4b7NeXbh77Rpk6KCnqUgk1lM9YFdqkX9XthPIUWuwZ9godYrcHh7QN_uM1fng

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 22 Jul 2021 11:48:42 GMT
X-Proxy-Origin: 159.48.55.5; 159.48.55.5; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: a5a7deb8-7fe1-4e8a-b4a0-7efe5da66183
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 22 Jul 2021 11:48:42 GMT
X-Proxy-Origin: 159.48.55.5; 159.48.55.5; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 57eb13df-2d6b-4f8c-9a3d-bd50530125e0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECJMr-Z3UVjRluyYmeytx2I%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 094E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ5NTk1MjIzOTA3NTkwNzk2OA%3D%3D

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ5NTk1MjIzOTA3NTkwNzk2OA%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 22 Jul 2021 11:48:43 GMT
X-Proxy-Origin: 159.48.55.5; 159.48.55.5; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 78998565-f206-4ce9-93d7-e9690b91562c
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ5NTk1MjIzOTA3NTkwNzk2OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 6FDF 114 KB
39 KB 21ms
8ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Jul 2021 17:18:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66591
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jul 2021 17:18:51 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210720/r20110914/elements/html/ Frame 6FDF 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210720/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAdME2WPsuCCzMJRhE6vCYeMrT4RlY2Jxj1_eNTbusoxbxBn_0RCfXPAu6tNOWC9PkzYQyq8oiI1QLzvzygFEA-TfP5jCIqSV0BqGnRYZ07RKZ6w0wD9se16gysOvgs4gJAuIsdbBsrhBPAJw5Ktp_3x8CUg&dbm_d=AKAmf-DxqVx5Fzmkmyt2gFOS4sIvYjObk9fbJcq14W2Dx-7yHuPUkyfsuD_xgYwzhxcoO2SwnaG6-sL2qZ6H6kQiOke577k8XvabBWjB4Xo7F80PD34NGy7A4Zq81rv15FS1jcp694tXC6Rtc6CBEL0MzUyBnhP91uk2KA2od_V3YE8igugRYfl3uaokqQaOKBv0EvvpH-ZdYtIW4yH-Cob2xZ8MaLd9bPuoXuD9KjJqJ9yVNgbni5jug0sgPdAckkdqN0l3aBS96DtpsCN0w-vNc9Cdwdn89-5FzYmiTtyngexOVVixWbbaIVfcpsauQb2jHxp8WGbUhtKoWoHnG2PQDT_g6z_JNI1vRMFqBPacduKePCl3LRhijzQShrXAsHBFUl7M2-_415xhB6ikU-Ffq5WoowE6k41Zcf0YG8Nvds0w_vCH3MO3fMOOk2OawSZ7x3sRNMsVTRKg-BlCQPM5IYyElgW_WsyoTfAbvKNBZknVY2sKGohkREjOryy4S_xvCvatgcYMUx82VwZ-y7-uekdfwjgk0BHP-EWEAKqMozXZy8M39vF0KGSM-fuGwr3o6MevojSS29DovRauJ7mtPs0AGFOeR92EKDZwPqyxpzGDj30Q8oMiuuM6J5yLG85X5OeFWNOK-2H63wGWnyBfTkZBCoUyBCn6bMgvemrVxdLpWT7wLjxMFWxRIt80i4Szx1jExY0Mk_MzkmrXtTY8a_368mqKEDQxiODoC-4r_sVsbE-oCF__fsF4x73HWmWBS_YP19ULak_OBraVPeRBu5vpjerHAK5Xyo2FS2VbBFX2shg8gxDk9O2CAVkB5dJGrmGxx-K7jz1ijuuJlP69N8nWJGtQ9WSLpD54jZg1ywCqF_GB0MEmY2vvDt3K_8KIS2Y1eGbxRhhYfZevGwILzDQ0BwQ3h0ij1tmFg9owXPL36rjsoD-2fxH-aCpdFbVPENVODTnMcrxEFMlhf_oeCQeCrvVekeRgSnFZ1aCwXUh3uxZGG53y0zLpiSGWXSMedgGkovH2dJDRpm4xvh201VPhAFXkLX1sSKXNubaJgKpg0o_UdHuUM3p3vg9cQamgA3Zwg-pDikhVk___mGjm7HmtVELOOG078mCDyu-hMQX9YwM72p8F39A7qQmnK139qvzeKfefYUcV18vFELhTCXvdi852iLKllh1zZ4xm_xiu4VN4DdONejBhQ8Lj4YniTlZROhz54fQsS9_HgHiJkEiKj0AlaE-K0i7miVsPz4fcfklfzJi-AVMc4wX0ituCCWCW0dCJkqufJQk9ybC-O37J40nieMaDtxNwZ8jGqFjZiqpoqhkTs5ToljSC1IfqCngVut5LOSre-liZWIRpywGHEq3PhCqP_Qyxyqh4amxfSmtHO_ss8mywsEI84nXRqpiwUI7SzMRCTPiVp1q6L8BWFWWJ3CBnb3qaUAcpD7zwxkuFoxpyp9-d-FuGs-3zYfUVFXJkyK5Ng8bTc7hcMNO_sqNgVz10p7Tas-ol3czAt5rMCB-0Dw3RhBs0hOetr_4kzlkQ5Tn1THwQZSxGAD3qacUGHELXLVHcNViItnsBxx18-DPlWKvDbcRINVbAt6X96LYca3rBLIzyWwmVvieN54FQokYhbhEZdBQLSJ3yFfii6P-BE3MoaSkQX87CH4g_yQ-x280CHmWcbDmuxt8Hx-X8_AgeZE2yIK3v1PGB8TBMvxGL6oMlUmfDJ_ggVYSffW4VVgbn24zVQHWdztvUqpYyay8Xm0Y33jLT2wZ0JLHuKeg3SNrdWMhR4nIkJrnREbIoP67lamT8xS7_hBN4mVxMU8k884n0xN6EX171PzS0U-3cMMNADR1sXzBlBf9_bNlhsxqExzMVZr3y7zp0_7D8YUCM-ynNob7jEEClpvKSJEFC529hOnKOKsNno0ZBByexlAXdFsi8WGHI5MVXNUF_cF6-UoeBsQGU5FII-SX-VEWEQxU_Q_wu11TW1_4N0MH_cjRzw3E6mi4yOs9umUMTwJXO9JCKZtGG-YAhdGrql_N2Gqpf7YaAl46awjMFiGHlXSPNO0mIo-8D4LobfFtMQBgdCAZKX1V6w_GILlvall-mJiyCDI0SYn8WFPkTJJq-Ptbw_2awUmP19cxfH1CFtXBKHlMVxsgnBI5CBFZfR7JVJRA3rxCggT6A7spKOst7bOMUxopHzy5HoeFsQN1lxLkKDcGgMdUzW6mZUR8QN8bQbMGz2AH92CcgOHlqqlFDytxxNd74BFhjDZTfmCzqF_cUycmcFMmeiYp7HP84F6Ybdvc_8RvTE1Jd8y5F3u9F-Z7p9mdn_REBfTceE4rINxA6EEgqiatVSYSBJUSjxyGb4DEr1tpgA9tLPfZlUl9RdiT5q-5Zf2lJwKo8oXEPz_aAP_eOX77m0Wxmt6evZgyIjXtjNcyjyzCMWbuka7sBIFypDWIHBQR6L1ut3JawSi3FznZw_v0e3rA38bkorZTC6Md68TFlJ851PaED4awVY_DnrkDFul0WVCYXjEVKr2BY0XYFN9L3AFNANir8Aomfy0EyOA1FpFVjU1czKLyk2pHFLRdujXcQM09JzTOAllGeOPzb9L5gj6Oa44i8bX9u1K-8r5SgE_uWx6U-vWE-iKPQevMlo7MQytmYT-laLZrpuP9O0lTM1iSF4kZBmHA6aoUSndo11ViQtXTbnuKLKt-k7Jj9gsGgmdBzLimktC2Y-2NOh3r5jGT5llt4Dmb5-gQwpNha_CZQUkRcjq4TKXQIyOvBaR3VONbgMmPUFhL3mA-cKCFMu8DTpVVHE5ilHaXm35OxbEASp-K7lsVHypYtuR1YZckdmmH8zSJ70qQxnwMszf8QgInXCBdGeRwrDvvYORN_mOB62snULK4GyHiii_PQ6pSJ2AAiTP2qMoIrfT3LCTN0GykNM-LhLzDWCya7wfECpyQNhWOZTcJatnFqg8xLCw8FwBjxrR6KS2lTZZHtXxIvz59s2ampD5EH1Yk0k_XEvB4Dc1kjK0x3666xQpWla5249jvtwyLOiUbkkTUvED6wQZB6QOMtReE-mmBG7kKI5P6-aUvWAoyMUdnISWxbilCirsQ6dgkTXs2E3UgJwybqlYVNGpaCMgH4F60H_6Z0UsubtFLg6T_WBD91NEdXstdcg3hVEE16oEOaNRLc2IYsZ_BKMCuyWvb2UVcxOIExzFo1uTSlIjyKOyLArZFcSoJ8y45slSFUAXBhPZu35Uimx2MKK7yDwOK1mRhF6BOUSmvJMaMrvROh2Y0BwdkSR7zanMhVopZCOR5Flqcxw6Rz-WOXdWj6aItfWBzECloAXeWU86jEB9HPPwQBGPd_3-uo3-HxV1cttZP7NeDkbOs6AdzFUDpGIq4&cid=CAASEuRoZIEDl69GNWAamKSFhNI9Yg&rfl=1%2Chttps%253A%252F%252Fad.mail.ru%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:47:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Aug 2021 11:47:18 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210720/r20110914/ Frame 6FDF 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210720/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1130c26caface5cfa7b2d0cdbbb70cdb3004c582e74969d580216f65596c47c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:43:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 317
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9349
x-xss-protection: 0
server: cafe
etag: 11779355884012761328
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Aug 2021 11:43:25 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6FDF 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
URL: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 00:44:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39873
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Jul 2022 00:44:09 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F308 1 KB
749 B 11ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
URL: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 22 Jul 2021 03:09:05 GMT
expires: Fri, 23 Jul 2021 03:09:05 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 31177
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 6FDF 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b24b9659cda04d58f636f46eedf0df652b7aeaab298a9b35f0127e23c4fbb18c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 index.html Show response
s0.2mdn.net/9957158/1616512476367/ Frame 1DB5 87 KB
22 KB 7ms
7ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9957158/1616512476367/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19c465e378b54c8d6be6ab6584fe2d7c5ae0e9fed10bda96f123cf0c3fd5e8b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9957158/1616512476367/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 22880
date: Thu, 22 Jul 2021 11:18:03 GMT
expires: Fri, 23 Jul 2021 11:18:03 GMT
last-modified: Tue, 23 Mar 2021 15:14:36 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 1840
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6FDF 0
592 B 125ms
67ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv0Bm8hNs7_YmuW0K_GKhxkoj91cWHzuhJMB86Pu-SVx9Powh2XbsNWJnfACblPW9vBscthNnLa5bK6jFB0ly7_1btKpU5C84fF7Sshdz-eX2Znjs89JFnj4CE5JTGxxAvopQmoYKohJbg-oQkg1CgBfgThOtg1hQWJH-BNb0zbh_JDpEYYpP4bPf-O7SQjGI-72K2AFEApae-mByREfYSaRhGFqI8PJyf9RGn07fwaskKEl0w6tYohPFpbawYAnK1s2lhdwdQYtGpCxQYUnEjGJAyH8Bc2n1x5VPIXXmBj0CxnA-POMYE-4lqmvtB49CvrOQ4md2XI0DjHtoyrtmeRn8tGyjbrhgOuNVI8gSTvd0PCL5LjHbwWEEhlMmtudNYyVsK3CYT3NEgW39fGMX70oKxrlfHJ-U4gWaJ7DMpNOq9n6bYOxdI3edTeDK4GpB7l4hvHyVl1KHbogSywt-Lxkg3jCHTw1MX-NsFC5oGtYZ1NOUziohRN6LjEblf3ULdQ-rearE-9_zjjKPDQWGacLsOniEe9BIHDfhDFbHj7jVgpNbjJKD8bZS2Suj6xImmx3xJIm_q8q4HhWE8aO6aKEstijKFLXfl-rZqThpWSJYHe-KdtdFnz4soAPXNvWDd101FzocgxZ10S8_zzElgMpJqfLu0l6XVXkQy8s9iL1meQuImBDe4rrd4Gy-V1YabdDSpKdG5tMPT5ZuymAHi8Fr1TEdfC3OYKhtg_qDGyBTBi9ATzaHhyBJQXosRZx8Wx32txI3mJRD4uaJmIW5xXQslpa4BY4NXCTjoWOCreowwQgCSntvfT__FFqQ8BK8_PoRlK7ObTBt7VDhlKpt8MvCGD59_u-pL4nOQS95dh-YpYazBNL1Nva-WpCunT66DvPz-ba_qIYBjMP1zEbge3asBezKgFkPuA16x9z2eTi54spn3Ez0StTKZWa3UTYzKmcAFp3MujpfGqEayyaEPaYSiHMMttPmrHI_nv3KaZgBornLR3akTbsdizl0r-UXYtQZjgSVsrTnaHTfpGtGQ1El_BrkrcUQh_uHgeVZ2pT88VYc5IOqdHl8D3fc3Hu67mdRL3SSrosGOpHhrR3ie5rJIlfUyP_FM3Bu0JxzG_E8_RbGgQhFuk-bG6dQPo1Y9KPl4HJtQHuNpAqTDs1bkxgvZsS25gwZ48617gxW8MU-MTczyCjnXrcrDBFcVn6ng_&sai=AMfl-YRleJD87AfMg3ejANHipyQ8MRzPRO_U1GAi870zn-Yn5mk89KWun2oWUGZp1y26R_Im7ULEdKP7D1DXvhY8GIcAfkJgn4XSHMxTnvYv7XMLEmt-GCAzFpNI7OmtGH_pdQisBVfNzALYZVdyRQJaYB7c_8pzJw&sig=Cg0ArKJSzE-jcASxl70PEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=106&cbvp=1&cstd=103&cisv=r20210720.32418&adurl=

Requested by

Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 22 Jul 2021 11:48:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C2D6 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 22 Jul 2021 00:44:09 GMT
expires: Fri, 22 Jul 2022 00:44:09 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 39874
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F308
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFDwFLFj5xRSk1eavI1KEPs&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFDwFLFj5xRSk1eavI1KEPs&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=RGFTSDhwMm4xTTZ4Ylo1&google_gid=CAESEFDwFLFj5xRSk1eavI1KEPs&google_cver=1&google_push=AYg5qPLJTh8xncUULoyhpe_18olDnESJ0QGtVwaq_BZwixU...

170 B
188 B

36ms
36ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=RGFTSDhwMm4xTTZ4Ylo1&google_gid=CAESEFDwFLFj5xRSk1eavI1KEPs&google_cver=1&google_push=AYg5qPLJTh8xncUULoyhpe_18olDnESJ0QGtVwaq_BZwixUYcxPWYyr4V2O0JNnTESB9j6mPY8vibnOf9-YZeETymjvRWe4uPg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 22 Jul 2021 11:48:42 GMT
Server: PingMatch/v2.0.30-661-ga8ef792#rel-ec2-master i-0b5388877fe362141@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=604800; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=RGFTSDhwMm4xTTZ4Ylo1&google_gid=CAESEFDwFLFj5xRSk1eavI1KEPs&google_cver=1&google_push=AYg5qPLJTh8xncUULoyhpe_18olDnESJ0QGtVwaq_BZwixUYcxPWYyr4V2O0JNnTESB9j6mPY8vibnOf9-YZeETymjvRWe4uPg
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F308
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEPHffg6-VrKeS_1bgIw4DWw&google_cver=1&google_push=AYg5qPInED-e14Sft06-dNItxKbVUMx9b24QhF_yFk22b0cusAnR0JnH6-XbgDvi7or1irnZ_MU1WvMHFgF5UI_zWa6xB7X5iPQ
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C049B4D16ADB42768331C2F1CDECC04A&google_push=AYg5qPInED-e14Sft06-dNItxKbVUMx9b24QhF_yFk22b0cusAnR0JnH6-XbgDvi7or1irnZ_MU1WvMHFgF5UI_...

170 B
188 B

37ms
36ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C049B4D16ADB42768331C2F1CDECC04A&google_push=AYg5qPInED-e14Sft06-dNItxKbVUMx9b24QhF_yFk22b0cusAnR0JnH6-XbgDvi7or1irnZ_MU1WvMHFgF5UI_zWa6xB7X5iPQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 22 Jul 2021 11:48:43 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C049B4D16ADB42768331C2F1CDECC04A&google_push=AYg5qPInED-e14Sft06-dNItxKbVUMx9b24QhF_yFk22b0cusAnR0JnH6-XbgDvi7or1irnZ_MU1WvMHFgF5UI_zWa6xB7X5iPQ
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Wed, 21 Jul 2021 11:48:43 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame F308 0
136 B 65ms
24ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEPH4Cq-016y1a-4Y1gXAHkA&google_cver=1&google_push=AYg5qPIS6sweuQJjEg-OO-ncQlCdxnxiS3sAKkQ4XkPU2AfPwsXDXm2fncMBupzgX9dAGb7H0Vx9pnorM6Au2dDnWbyLZwVCRw
Requested by: Host: d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
URL: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:43 GMT
via: 1.1 google
alt-svc: clear

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F308
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEB7CJ63jww7sParqsV1sdQg&google_cver=1&google_push=AYg5qPLlLezU3ESFBs8JxZU2YSK2PjCM-eIMcoBFAYPjTyO5ap3Tp-BgoKAkb...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEB7CJ63jww7sParqsV1sdQg&google_cver=1&google_push=AYg5qPLlLezU3ESFBs8JxZU2YSK2PjCM-eIMcoBFAYPjTyO5ap3Tp-BgoKAkb...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=BdsMl3qvDodaKz6AeZfWsQ&google_push=AYg5qPLlLezU3ESFBs8JxZU2YSK2PjCM-eIMcoBFAYPjTyO5ap3Tp-BgoKAkbJS1XVOkNayb3IeLokbZu...

170 B
188 B

36ms
35ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=BdsMl3qvDodaKz6AeZfWsQ&google_push=AYg5qPLlLezU3ESFBs8JxZU2YSK2PjCM-eIMcoBFAYPjTyO5ap3Tp-BgoKAkbJS1XVOkNayb3IeLokbZuVJBxv56dsMlTEqdkg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 22 Jul 2021 11:48:43 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=BdsMl3qvDodaKz6AeZfWsQ&google_push=AYg5qPLlLezU3ESFBs8JxZU2YSK2PjCM-eIMcoBFAYPjTyO5ap3Tp-BgoKAkbJS1XVOkNayb3IeLokbZuVJBxv56dsMlTEqdkg
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 236

GET google
pix.impdesk.com/csync/ Frame F308 0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F308
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEK...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPLIZrNr_8kFU7zQCFR04Uuo_sdxm14r55hisU4Kwk_Tr-B1uFVGu0mCQmeZrXOVZI4SBwvTRi48U98mqVX4EREZgKPpdbw&google_hm=

170 B
188 B

36ms
35ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPLIZrNr_8kFU7zQCFR04Uuo_sdxm14r55hisU4Kwk_Tr-B1uFVGu0mCQmeZrXOVZI4SBwvTRi48U98mqVX4EREZgKPpdbw&google_hm=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:43 GMT
server: Tengine
etag: OPTOUT
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPLIZrNr_8kFU7zQCFR04Uuo_sdxm14r55hisU4Kwk_Tr-B1uFVGu0mCQmeZrXOVZI4SBwvTRi48U98mqVX4EREZgKPpdbw&google_hm=
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame F308 0
12 B 34ms
33ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L7tYeaHtQBIDEDcZRkZiBA9EHjNkW9Ivd71ipqWMm3pZhOJrBCG-jyjpj0649yEw

Requested by

Host: d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
URL: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:43 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 DcmEnabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 1DB5 28 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9957158/1616512476367/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9957158/1616512476367/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Jul 2021 13:32:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80165
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10285
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jul 2021 13:32:38 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 328A 42 B
64 B 16ms
15ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuCFC_dX7c8123QDt46nPo7wnqqA2DTOr0F2k9fdOuDG6QSDXpEc0p6dOxoxNoIR3AR0m1OIXd9Q5Ov0TRIcwecb81E8f3uxafcx7xLg176EJLBn9_1OQtIO1PlgA&sai=AMfl-YSE_tjP0MQvj77g2NPOwHgsPGRo2y_8LGZCv-x2xvEsFCXR5DmQANgQZIisWT2tMvSsg9-sO84r7MIiknMYaaIfvA6ajQ2ekB1acjxsFsZKC3ZjkOdL4CfqAccPVFU&sig=Cg0ArKJSzP5LSTZUAwa3EAE&cid=CAASFeRo_KAJoOez3yLblFcIk_YVuL8rlw&id=ampim&o=658,16&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1005&mtos=0,0,1005,1005,1005&tos=0,0,1005,0,0&tfs=67&tls=1072&g=94.21866536140442&h=100&tt=1072&r=v&avms=ampa&adk=462823201

Requested by

Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 404 null
s0.2mdn.net/9957158/1616512476367/ Frame 1DB5 43 B
61 B 7ms
7ms Image
image/gif 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9957158/1616512476367/null

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9957158/1616512476367/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9957158/1616512476367/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:47:16 GMT
x-content-type-options: nosniff
server: sffe
age: 87
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=900
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Thu, 22 Jul 2021 12:02:16 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6FDF 0
60 B 62ms
61ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: ad.mail.ru
URL: https://ad.mail.ru/adi/3030?rnd=438487096

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 22 Jul 2021 11:48:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 K69jH8UFrOCkOTHHl3NJFfCa68pF8Bp7Mwjsnyploxc.js Show response
pagead2.googlesyndication.com/bg/ Frame C2D6 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/K69jH8UFrOCkOTHHl3NJFfCa68pF8Bp7Mwjsnyploxc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2baf631fc505ace0a43931c797734915f09aebca45f01a7b3308ec9f2a65a317

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:26:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1344
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13214
x-xss-protection: 0
last-modified: Wed, 14 Jul 2021 07:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 22 Jul 2022 11:26:19 GMT

GET
H3-29 200 cta.png
s0.2mdn.net/9957158/1616512476367/ Frame 1DB5 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9957158/1616512476367/cta.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3937ea48c06f95db646d65f7fdc149192173f7c5ad0085281b8037310292e756

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9957158/1616512476367/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Jul 2021 22:17:04 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Mar 2021 15:14:36 GMT
server: sffe
age: 48699
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1951
x-xss-protection: 0
expires: Thu, 22 Jul 2021 22:17:04 GMT

GET
H3-29 200 overlay.png
s0.2mdn.net/9957158/1616512476367/ Frame 1DB5 7 KB
7 KB 12ms
11ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9957158/1616512476367/overlay.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab2e88aac4b52e74cb24f0824ed4997736d21196145cf8e0465a52c2d56984fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9957158/1616512476367/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 01:58:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Mar 2021 15:14:36 GMT
server: sffe
age: 35386
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6699
x-xss-protection: 0
expires: Fri, 23 Jul 2021 01:58:57 GMT

GET
H3-29 200 bg.jpg
s0.2mdn.net/9957158/1616512476367/ Frame 1DB5 15 KB
15 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9957158/1616512476367/bg.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c4634d290513badfce22d5fabc61fda05a8fd39cbd35c6f8eeedfedfffb9058

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9957158/1616512476367/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 01:58:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Mar 2021 15:14:36 GMT
server: sffe
age: 35386
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Fri, 23 Jul 2021 01:58:57 GMT

GET
H3-29 200 texture.jpg
s0.2mdn.net/9957158/1616512476367/ Frame 1DB5 391 KB
391 KB 13ms
12ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9957158/1616512476367/texture.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da00a0647ea6fd935e1fce3020aa7fd9da449e465ec3f8a47c65d94d4b35a916

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9957158/1616512476367/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:17:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Mar 2021 15:14:36 GMT
server: sffe
age: 30701
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 400430
x-xss-protection: 0
expires: Fri, 23 Jul 2021 03:17:02 GMT

GET
DATA 200
OK truncated
/ Frame 1DB5 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 replay.png
s0.2mdn.net/9957158/1616512476367/ Frame 1DB5 4 KB
4 KB 11ms
10ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9957158/1616512476367/replay.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e02679d3ab67797a2ee0b8edeee2dcd941d7818848203d8992366ffc6e046eaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9957158/1616512476367/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 05:07:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Mar 2021 15:14:36 GMT
server: sffe
age: 24097
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3588
x-xss-protection: 0
expires: Fri, 23 Jul 2021 05:07:06 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021071401&jk=1363472695884961&bg=!ExClEFTNAAbnC78O5ws7ACkAdvg8WoDyWnf8EmNxS_UTsby6KAPf3oF1PGuLeEoRlTe2QB1zv1eRlwIAAADNUgAAAAxoAQcKAGNgrVRsA6KpgebRG1P20BHDkAeVaxEHldN5T_6BE_QdOnw_3mXP9eEdNW4Ek9J0GAGpHSkWEkyXuuFl2VVIEye6xB2o8b072bRjRkkXp7rcqTeOW8VBbGjeh3jmQQ_nE0ZryeaZAnfKH5BpHhXcerXcfy9VHdlll69Zf7k19h7jOxceK41wg0XCo1BXKHNklyvNMrWdXnNVOkKVUhp9GXo0otoZ-ZAVGaHcFXrTzEezMM0veCJz3ynaVn2g5L9NvgpjzKqXKP7GKDIuo-TYv9p7OlFdRwa554Vk3SBFTy_u6fqGwm8YR5dKLpKCWLfkXKwFLmvn3IF7fdnNaZ4SLNsjSe0dg5tA9wi7slqAYSkQ9t2LHo4qffaWevKDd9I-t4DFJyV7HE2lj7t9XQM1Ct07z_EwXan04b25e-xz7lgt2hR3eCi8cdlbEgRvKbYM7QSTL5Dmn0JGvwzS5daPEW8pNV0L6Cs7cj0im_r7n9TDUnkkFedXPFl_kJ58Bd4L-nJ5GSWUL7JuNc8zjMqAowSFqHLmRQstVgeO99BWoD94pFZOgvHzNfG4i9Ai6fS_DxHV9cog1hJjRRaEVpDp0NkMM0ROa490rF4URexU7ZnA3rO44ng9sFZQYb6UKsH3qLUHe4zsc2c9wfIQxDKGeua6Cl4tozTBnigRju1TtxbJbz_gm9xUsZMFJsbjOFGWbjwSUi3LuPWYKkdyF8uKbC7sYNsyR7uk-pbwMGLS2XYqH9niDAqdt3Ax2ImG4fq7AzD2ITyhSZddU8LOBzAIHDNGrPgfcyI5QoYaR5nKElfi2l5FwY7JyZMl8kGKEQoLutCVLOR2PjkCnzlYOvjTcKaU6LgHmUnrwc3aszP8kPtfxp8v7KQXcLNa8z_XByPrMEeiF3btqqdS2dqcbgDP2kt3g1shV7QH599VTEiYqJrBBlVMedyCQkAsTFDJ2rGHZwnpN_PgSjRr3u_PrAjW

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 cta.png
s0.2mdn.net/9957158/1616512476367/ Frame 1DB5 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9957158/1616512476367/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9957158/1616512476367/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3937ea48c06f95db646d65f7fdc149192173f7c5ad0085281b8037310292e756

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9957158/1616512476367/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Jul 2021 22:17:04 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Mar 2021 15:14:36 GMT
server: sffe
age: 48699
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1951
x-xss-protection: 0
expires: Thu, 22 Jul 2021 22:17:04 GMT

GET
H3-29 200 replay.png
s0.2mdn.net/9957158/1616512476367/ Frame 1DB5 4 KB
4 KB 7ms
6ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9957158/1616512476367/replay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9957158/1616512476367/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e02679d3ab67797a2ee0b8edeee2dcd941d7818848203d8992366ffc6e046eaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9957158/1616512476367/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 05:07:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Mar 2021 15:14:36 GMT
server: sffe
age: 24097
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3588
x-xss-protection: 0
expires: Fri, 23 Jul 2021 05:07:06 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C2D6 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B3dwaGlv5YNDaM_GL7_UPy4WZkA8AAAAAOAHgBAI&bg=!YGOlYyfNAAbnC78O5ws7ACkAdvg8WoASagpt4wPEb8Ahgvbxm0UcAt1Av_x1ARmd13g4FqqQ7x5mPQIAAAB6UgAAAAxoAQcKAKAPJW4W-Dj-qd1tUgNLXXmk9CEKtcJRdsqgF2UBVqRXQql2pyiAK4pY5wYsbOHCl1VZiSSJo0w-Ah_NAdl6qa3XNajCe2pTil3AtL2yMaFVLzCGYXPK-UYWJsHKBesxZ1N25jitnjhrYIREzovxm6xU_O4sO_wc1OgmfYy6FLaHvZ6LIaeN2SndyEl6mqL4Z5g715JYcZnE37qKWyCHfxwfmQLK4yTX2JsqMY4IujJyVUUSyGWzZ-OCjpcCWKRZBeJ_fps_DcsBIRvO2G1oh8weNJDshn8FgEeAXtlKt5zD8WxKYprSuaVOAHKba5k23EerFAxb0jJkG8_rIgwbpZ6ozhCXmY8N-DfxfJvYmJWufl0fDktpbIiD6z2wIaUmuOVFtJ5uWcFOYKGsYtpdmoEaVU15QmTJdQP0TqqtpHdlkt_BX17KjS8WnnaCyizQi02L4uxjQmiEc-J5NCKE8tJKLgpZVIdsBLZqtiF8K3x7DoogqTr099tbos5FDmwG51J-EsVo67PnmznpDdaHjVIHTJruiw_njVy9KMjUjy7O_swivmgFHHrUlo98qb9WStn8qUBgh9BxnhTqnGXx6RWu1YC0lRePu-AwVQFAjDp8eCuAfhupJ2r6ahj-vK5NRe_x3AWuomqAX8ju6ItN5UJ8ddk0RbxSO-gPODtTBG5Dmqm2_Up9io6YkidvP9BNzgIIhxkJFlm7VtAlm-W6H6Bapg1O9XNBF1-wgQVyAQQ4FYG-GmeupjpsCL7ZD5dIDZlBeLmfStHE5U_HZLEKJPoGTGabTvURAnAw_XKcq43MkMvBvbVmFk0hPXL6QXcKD-W-qsEth0dWe_WY6SI0spH0ziWO_BpqR7f7wzmEJoYteBf0r1Gesq0uyQp6kGTWOr9m5kk96jN7Qf9sPSj3dnAPvSbAkWcPLtErDeZ8FmhgOuKDkqKvzjdFfNhvpnXnUkPK2T_8FTSNEzIIe1u6x8ACmsMK9sl9d3IUclmy0TZqXSt2Q4vvhb0eqAIRFhJ-RSRRUN4PFcNdjNfqgh4A_cAM-2nFJiWknlZntr2R7mRRDtddEDj5fXAOFgHdxhk661SgiMI536c1SWCEBkJgYbEDCzRkz_NWwNi9ECr3S1bJNgtupznyZwjHUcc8i15H2ktAf3svZ31dkXUoJRmM

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6FDF 42 B
64 B 20ms
20ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu15Tqh17-tREcZBAhcfGxkuyjY8D7l79i8C0H3yCXAHur2IQoCj23Qv1FJAfezWNlJCGt7JprdXDnNMlZryvsoQ5eoGgiKsr0T5jtgGuEsjFQDo0sVdWoTEuBdPA&sai=AMfl-YSg8fs_1Fp_5ZeZkCPgjboDxtj1txgp8tjPDxVS52TNssLBJvxMw6JL3wNx_1Cht1k4NJvIx97x2-PacSYrpiFBqJvrxBJhENoxpFECxcadhDh8XuBmSdfpvYI&sig=Cg0ArKJSzNSb2VbDHiL7EAE&cid=CAASEuRoZIEDl69GNWAamKSFhNI9Yg&id=lidar2&mcvt=1000&p=8,650,258,950&mtos=0,789,1000,1104,1104&tos=0,789,211,104,0&v=20210719&bin=7&avms=nio&bs=0,0&mc=0.75&if=1&app=0&itpl=20&adk=3386659194&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1626954522710&dlt=122&rpt=114&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 11:48:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 i Show response
vid-io-dub.springserve.com/vd/ Frame DD74 0
112 B 111ms
37ms XHR
text/plain 54.229.115.186
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io-dub.springserve.com/vd/i?suuid=14c265a5&ps_id=621808&batch=1&imp=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_56b062b7.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.229.115.186 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-115-186.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ad.mail.ru
date: Thu, 22 Jul 2021 11:48:44 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0

GET
H2 200 i
vid-io-dub.springserve.com/vd/ Frame 32E4 43 B
121 B 107ms
36ms Image
image/gif 54.229.115.186
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vid-io-dub.springserve.com/vd/i?event=vast_flash_impression
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.229.115.186 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-115-186.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 11:48:44 GMT
server: nginx
content-length: 43
content-type: image/gif

POST
H2 200 i Show response
vid-io-dub.springserve.com/vd/ Frame DD74 0
112 B 37ms
37ms XHR
text/plain 54.229.115.186
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io-dub.springserve.com/vd/i?suuid=14c265a5&ps_id=621808&batch=2
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_56b062b7.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.229.115.186 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-115-186.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ad.mail.ru
date: Thu, 22 Jul 2021 11:48:51 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0

POST
H2 200 i Show response
vid-io-dub.springserve.com/vd/ Frame DD74 0
112 B 36ms
36ms XHR
text/plain 54.229.115.186
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io-dub.springserve.com/vd/i?suuid=14c265a5&ps_id=621808&batch=3
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_56b062b7.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.229.115.186 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-115-186.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad.mail.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ad.mail.ru
date: Thu, 22 Jul 2021 11:48:52 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 6FDF 0
0

POST csi
csi.gstatic.com/ Frame 32E4 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pix.impdesk.com
URL: https://pix.impdesk.com/csync/google?google_gid=CAESEGAzGKH2p7VNJXG6mkyZEB4&google_cver=1&google_push=AYg5qPL2ubkY9DwPxTf7Jue3jAtVrPmmbvEh64H3EDaWe3-ASQSZlYofb1TD2KfzAIzNugYM4-ux9B2ETzA0BWHMusuj4n1WXg

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu15Tqh17-tREcZBAhcfGxkuyjY8D7l79i8C0H3yCXAHur2IQoCj23Qv1FJAfezWNlJCGt7JprdXDnNMlZryvsoQ5eoGgiKsr0T5jtgGuEsjFQDo0sVdWoTEuBdPA&sai=AMfl-YSg8fs_1Fp_5ZeZkCPgjboDxtj1txgp8tjPDxVS52TNssLBJvxMw6JL3wNx_1Cht1k4NJvIx97x2-PacSYrpiFBqJvrxBJhENoxpFECxcadhDh8XuBmSdfpvYI&sig=Cg0ArKJSzNSb2VbDHiL7EAE&cid=CAASEuRoZIEDl69GNWAamKSFhNI9Yg&id=lidartos&mcvt=9141&p=8,650,258,950&mtos=8130,8930,9141,9245,9245&tos=8130,800,211,104,0&v=20210719&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3386659194&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosc=1&eosm=0&rst=1626954522710&dlt=122&rpt=114&isd=0&msd=0&r=u&ec=0

Domain: csi.gstatic.com
URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kreupr44&c=8100788035953&slotId=4050394017976.5&fb=ima_html5-lima&sdkv=h.3.472.0&mrd=4&aab=1&itv=1&uet=2&rec=loaded-1%7Cshow_ad-1%7Cunmute-1%7Cmute-1%7CcreativeView-1%7Cimpression-1%7Cmeasurable_impression-1%7CfirstQuartile-1%7Cskip-1

Verdicts & Comments Add Verdict or Comment

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.mail.ru/	1970-01-20 13:27:06	Name: p Value: 5wcAAMDeiAAA

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/012107130206000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2107130206000 https://ad.mail.ru/adi/3030?rnd=438487096

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

14901a31ba3631c2ae5e54a143a83467.safeframe.googlesyndication.com
ad.mail.ru
adservice.google.com
adservice.google.nl
analytics.wmgroup.us
cdn.ampproject.org
cdn.jsdelivr.net
cm.g.doubleclick.net
csi.gstatic.com
d17a54b86bab1425b76ae1fcb12c04d5.safeframe.googlesyndication.com
d3f4nuq5dskrej.cloudfront.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
imasdk.googleapis.com
pagead2.googlesyndication.com
pix.impdesk.com
pm.w55c.net
rs.mail.ru
s0.2mdn.net
securepubads.g.doubleclick.net
sync.1rx.io
tpc.googlesyndication.com
tr.blismedia.com
tracking.m6r.eu
um.simpli.fi
vastb.adwmg.com
vid-io-dub.springserve.com
vid.springserve.com
vpaid.springserve.com
www.google.com
www.googletagservices.com
csi.gstatic.com
pagead2.googlesyndication.com
pix.impdesk.com
142.250.185.226
142.250.185.66
142.250.186.162
147.135.11.103
169.50.137.190
172.217.31.163
18.158.226.176
185.33.221.87
2.18.234.21
213.19.147.44
216.58.212.162
2600:9000:2156:5800:15:6f6c:b180:93a1
2600:9000:2182:7400:1c:77a1:eec0:21
2a00:1148:db00::17
2a00:1450:4001:800::2001
2a00:1450:4001:800::2003
2a00:1450:4001:801::2001
2a00:1450:4001:808::2002
2a00:1450:4001:809::2001
2a00:1450:4001:80f::2002
2a00:1450:4001:810::200a
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:813::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:830::2006
2a00:1450:4001:831::2001
2a00:1450:4001:831::200a
2a04:4e42:3::485
34.250.23.129
34.96.105.8
54.229.115.186
72.251.244.141
087e9facfd9d1dddb0201c1d294f4b44f6cbdd3a02a698bb9acb9f85a46c41e5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
1030d483226422b32956445ad0cb1ff238bae5906ef8be2fb8fdcfcf8f5b0ecb
1130c26caface5cfa7b2d0cdbbb70cdb3004c582e74969d580216f65596c47c1
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
130cd7fbc7a835ab8d1e683a108369534476bfc5c5b75cf93a3def2bce0f5812
13af99d5cc7547d396a1ffd423292fcb3ba969744401fca8bec767bd940aad51
18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb
19c465e378b54c8d6be6ab6584fe2d7c5ae0e9fed10bda96f123cf0c3fd5e8b2
1b16e9c1da7045c9057350282766a114be2070b065e5e8a42ae635d0610ba6d0
1b1a4081a8a32bc714fbb7a2509141683bc3eb707a421c0db556ed856f6d8e99
1caacdebd86c67f86ab89cdbd30b056a8c1141638aafdd35ec453c4bae91692b
2180b81aeb53baf599c8fc869a9010abb25dd9bfdc8279dad28733374d2bf3d5
2405bd02584cae91a0a4c434fec3e72f392d07e1bedc993c3b16baa7800bbdfd
29d096500cc94cbe347c613cb34199c274da1fe8b5df04fdb49ee75ace5edbec
2baf631fc505ace0a43931c797734915f09aebca45f01a7b3308ec9f2a65a317
2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391
3937ea48c06f95db646d65f7fdc149192173f7c5ad0085281b8037310292e756
42cadc875f0890119d3bb83437b8e413b9f7f4621145f065ba1857bb420fb2c7
49477b5f0f6309d3fcc379bc6454edc3623fb30908026cec6e67be42bd9c84e2
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f8671c0503a6238188a5fc116577e50a7a07a780a57921a4026ddcce7f9b0cc
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
65506c87a4e71875a107df7ca37f45ccfd40688cf8e01f65c7e71792dbd6818c
6c3ae575f2830868f6e1d9331de0961544cb7ed2a36f94a83b86329e90975eb3
6c4634d290513badfce22d5fabc61fda05a8fd39cbd35c6f8eeedfedfffb9058
6daa507a2ab8f55aa909ca46af39d67bc24e6faa0932173bce15194bd97a69b5
7313b1057f6543d7eb7acaa080be92b436473884cc71a5b0bdf5ece0d5e0aa4d
79eb09d625582fc132812df31b30bd280305488c911849ecbe76e8eb53bfd8be
8125e02730143efb5630c2c21d73fb44d995b322051da5ac71c34f70bd6d63e5
89993bbf808a294788d1b9d06ae1d48670e8621ec7c69d10e0f88ee8bcb991c6
8dd3b91ca60e6a0486326c5c275590dd1d753240c2efa9f94730815813997fee
95e1b6614cf5494fb4559af61cf357ed720c4544b7ba7cb3d60960e02487017f
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ae2862c982de5ca8aa7d0b97b493a0561b30a04a6d7ae249ae8f758e7453842
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
a2dc48778424d222fe44df1858e43fcb230fe7fe04d6777b4d6084e174640648
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ab2e88aac4b52e74cb24f0824ed4997736d21196145cf8e0465a52c2d56984fd
abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b24b9659cda04d58f636f46eedf0df652b7aeaab298a9b35f0127e23c4fbb18c
b522f3020c155252273666edf2a0b9f8a48ac7b625846692c71a02fd5f0e92ff
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
c82cd05665a769fcf4089c00be25598f4378f5c22e74741a8f65b95f97e23dde
c9b86fb3ddf4db048fcdb86ae7b80be5565a239669b67652a8ae1398e487edbe
cc310932652aeacf45230c766bfc8d81138b45d58812c7e52cea82a132de5154
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cde489cf1c7c60eaa7f52a198c1b13cd33471693178874e6414a3fbf010f2652
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d1124b04828785508ce2fedc6a122128f4cb52f637e9be944ede82409b981ef8
d398520ac47945ab429cf02b444202f4db1cf7fee5b5335cf98fb009ce56ab8e
da00a0647ea6fd935e1fce3020aa7fd9da449e465ec3f8a47c65d94d4b35a916
e02679d3ab67797a2ee0b8edeee2dcd941d7818848203d8992366ffc6e046eaa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eae813779fe8dff8ef3a8f1f914c9020747d2b818360134f1cb5a0409c4596d2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
faf5e994ddbada86a873b5d14c1bc0f449a097e61e6fbe0c04e0691b70ec5644
fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

ad.mail.ru Open in urlscan Pro 2a00:1148:db00::17 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

110 Requests

95 %HTTPS

56 %IPv6

23 Domains

35 Subdomains

30 IPs

6 Countries

2575 kBTransfer

4988 kBSize

1 Cookies

0 Outgoing links

Redirected requests

110 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

ad.mail.ru Open in urlscan Pro
2a00:1148:db00::17 Public Scan

Screenshot
Live screenshot

Full Image

110
Requests

95 %
HTTPS

56 %
IPv6

23
Domains

35
Subdomains

30
IPs

6
Countries

2575 kB
Transfer

4988 kB
Size

1
Cookies

110 HTTP transactions
1 data transactions