deklaracia3ndfl.ru Open in urlscan Pro
87.236.16.87 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.deklaracia3ndfl.ru/
Effective URL:
https://deklaracia3ndfl.ru/
Submission: On March 16 via api (March 16th 2021, 11:44:40 am UTC) from US

Summary HTTP 107 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 22 IPs in 3 countries across 16 domains to perform 107 HTTP transactions. The main IP is 87.236.16.87, located in Russian Federation and belongs to BEGET-AS, RU. The main domain is deklaracia3ndfl.ru.
TLS certificate: Issued by R3 on February 16th 2021. Valid for: 3 months.

This is the only time deklaracia3ndfl.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 26	87.236.16.87 87.236.16.87	198610 (BEGET-AS) (BEGET-AS)
2	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	81.19.89.18 81.19.89.18	24638 (RAMBLER-T...) (RAMBLER-TELECOM-AS)
1 5	217.69.133.145 217.69.133.145	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
3	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
3	2a02:6b8:20::215 2a02:6b8:20::215	13238 (YANDEX) (YANDEX)
14	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	81.19.89.16 81.19.89.16	24638 (RAMBLER-T...) (RAMBLER-TELECOM-AS)
1 2	88.212.201.216 88.212.201.216	39134 (UNITEDNET) (UNITEDNET)
1 4	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
24	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
3 3	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
107	22

26 87.236.16.87 (Russian Federation) 2 redirects

ASN198610 (BEGET-AS, RU)
PTR: ssl.quasar.beget.com

www.deklaracia3ndfl.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
deklaracia3ndfl.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.19.89.18 (Moscow, Russian Federation)

ASN24638 (RAMBLER-TELECOM-AS, RU)
PTR: kraken.rambler.ru

counter.rambler.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 217.69.133.145 (Russian Federation) 1 redirects

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: top-fwz1.mail.ru

top-fwz1.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6b8:20::215 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)

site.yandex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
yastatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.19.89.16 (Moscow, Russian Federation)

ASN24638 (RAMBLER-TELECOM-AS, RU)
PTR: kraken.rambler.ru

kraken.rambler.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.216 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host216.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:6b8::1:119 (Moscow, Russian Federation) 1 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	322 KB
26	deklaracia3ndfl.ru 2 redirects www.deklaracia3ndfl.ru deklaracia3ndfl.ru	237 KB
14	doubleclick.net googleads.g.doubleclick.net	95 KB
11	gstatic.com fonts.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn3.gstatic.com encrypted-tbn1.gstatic.com www.gstatic.com	213 KB
5	mail.ru 1 redirects top-fwz1.mail.ru	15 KB
4	yandex.ru 1 redirects mc.yandex.ru	45 KB
4	googletagservices.com www.googletagservices.com	129 KB
4	google.com 3 redirects adservice.google.com www.google.com	760 B
3	google-analytics.com www.google-analytics.com	38 KB
2	yadro.ru 1 redirects counter.yadro.ru	1 KB
2	yandex.net site.yandex.net	22 KB
2	rambler.ru counter.rambler.ru kraken.rambler.ru	66 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	yastatic.net yastatic.net	28 KB
1	google.de adservice.google.de	799 B
1	googleadservices.com partner.googleadservices.com	646 B
107	16

	Domain	Requested by
25	deklaracia3ndfl.ru	1 redirects deklaracia3ndfl.ru
24	tpc.googlesyndication.com	googleads.g.doubleclick.net deklaracia3ndfl.ru tpc.googlesyndication.com pagead2.googlesyndication.com
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com deklaracia3ndfl.ru googleads.g.doubleclick.net
9	pagead2.googlesyndication.com	deklaracia3ndfl.ru pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
5	top-fwz1.mail.ru	1 redirects deklaracia3ndfl.ru top-fwz1.mail.ru
4	mc.yandex.ru	1 redirects deklaracia3ndfl.ru
4	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
4	fonts.gstatic.com	fonts.googleapis.com
3	www.google.com	3 redirects
3	www.google-analytics.com	deklaracia3ndfl.ru www.google-analytics.com googleads.g.doubleclick.net
2	encrypted-tbn1.gstatic.com	googleads.g.doubleclick.net
2	encrypted-tbn3.gstatic.com	googleads.g.doubleclick.net
2	counter.yadro.ru	1 redirects deklaracia3ndfl.ru
2	site.yandex.net	deklaracia3ndfl.ru site.yandex.net
2	fonts.googleapis.com	deklaracia3ndfl.ru googleads.g.doubleclick.net
1	www.gstatic.com	googleads.g.doubleclick.net
1	encrypted-tbn0.gstatic.com	googleads.g.doubleclick.net
1	encrypted-tbn2.gstatic.com	googleads.g.doubleclick.net
1	yastatic.net	site.yandex.net
1	kraken.rambler.ru	deklaracia3ndfl.ru
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	counter.rambler.ru	deklaracia3ndfl.ru
1	www.deklaracia3ndfl.ru	1 redirects
107	25

This site contains links to these domains. Also see Links.

Domain
top100.rambler.ru
top.mail.ru
www.liveinternet.ru

Subject Issuer	Validity	Valid
deklaracia3ndfl.ru R3	`2021-02-16` - `2021-05-17`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.rambler.ru RapidSSL RSA CA 2018	`2019-04-15` - `2021-06-13`	2 years	crt.sh
*.mail.ru GeoTrust ECC CA 2018	`2020-11-13` - `2021-11-17`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.yastatic.net Yandex CA	`2021-03-03` - `2021-09-01`	6 months	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
counter.yadro.ru R3	`2021-01-13` - `2021-04-13`	3 months	crt.sh
mc.yandex.ru Yandex CA	`2021-02-27` - `2021-08-09`	5 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh

This page contains 14 frames:

Primary Page: https://deklaracia3ndfl.ru/
Frame ID: 38881F81AF40D7ED8ACC173E4893747D
Requests: 51 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210310/r20190131/zrt_lookup.html
Frame ID: C408FDB06BAB66F1932655BE906AC02A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=600&slotname=2929926698&adk=32781153&adf=1947059294&pi=t.ma~as.2929926698&w=246&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=246x600&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&dt=1615895062305&bpp=18&bdt=467&idt=84&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=7535611538006&frm=20&pv=2&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=275&ady=1948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=hFHwuZmreY&p=https%3A//deklaracia3ndfl.ru&dtd=102
Frame ID: D1E3EB74C0EEBD7399FD106F0DD6B569
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&adk=1812271804&adf=3025194257&lmt=1615895061&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&ea=0&flash=0&pra=7&wgl=1&dt=1615895062432&bpp=1&bdt=594&idt=1&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=4&uci=a!4&fsb=1&dtd=5
Frame ID: 9697F30EBDB3B99FA98F8C04AAAE3560
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121
Frame ID: 19715863B4C62C4A469C6DE263E60C29
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3137185414&adf=1375308906&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062326&bpp=1&bdt=487&idt=123&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0%2C782x280&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=2194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=AgAyyufpDB&p=https%3A//deklaracia3ndfl.ru&dtd=127
Frame ID: BA23915BD1E5254B71DCBB1642AF7D5A
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/index.html
Frame ID: 0690EAC7E431E59515CAE04AB305A4CA
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CRIH2FppQYLenG4PZbIuYtjC2joftYfiQ2IviDM-Li6GPDhABIL-ttCdglYq4gsgHoAHMmZ34AsgBCakCBD5OZdACtD6oAwHIA0iqBM4BT9Ap0OExOeQpi6QUkzKS-WQQ_HbfwHkX4fXXiEmpCXGpUnivkkmGlPx7O4I0-OZg19XkW1EkLsAH4nxs1umk9GrKtAn-GyYTkHqErMPiRak-QIgZGvnSJilbB1U5Y31N3K6A9t07H74OTaD5bppHCeAFKPKaOzhY-dDT2643ruUTPc2bt2GiN3jQ9JK563aKQJmrFNRRRAYcVmdOpVjIsVZsmvUZTNI8tzly5q00GsfBTrXAc38qraESEp8aP08syRrRqsYOYFhVDzTtRGnABL-0v9uiA5IFBAgEGAGSBQQIBRgEoAYugAezxJqYAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBRCO96MB0ggJCIDhgBAQARgfgAoByAsB2BMNiBQC0BUBgBcBshcaChgIABIUcHViLTQ2MDU5ODUzMzM4NzY3MTM&sigh=CWePJ-Fg_Ek&template_id=419&tpd=AGWhJmvOhI-oQj8v2gNuuZ8-n1S5lISxqRGsWoBBLB-37Ff2ng
Frame ID: 8054515F73029D307C36FC535E6B6F47
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: E7F7626D4603A58A1793AA10DD0545A0
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 60E2D4F4BAB4AAAD5803F140497FBE7F
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 60C0EB73FC6091089C71B3AE17E36789
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/OqSalp92o-4AtfYt583RauVJYevBmhjij2pcg0zPe10.js
Frame ID: 0E35200451E36A99C5050A859B38ADDA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/OqSalp92o-4AtfYt583RauVJYevBmhjij2pcg0zPe10.js
Frame ID: 830E3D6E87A45583D748E8061040E04A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 23A8DFB4ACEC7CFBD71089FE537EF96C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.deklaracia3ndfl.ru/ HTTP 301
http://deklaracia3ndfl.ru/ HTTP 301
https://deklaracia3ndfl.ru/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

107
Requests

100 %
HTTPS

73 %
IPv6

16
Domains

25
Subdomains

22
IPs

3
Countries

1211 kB
Transfer

2644 kB
Size

16
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://top100.rambler.ru/home?id=3098116

Search URL Search Domain Scan URL

URL: https://top.mail.ru/jump?from=2639870
Title:

Search URL Search Domain Scan URL

URL: https://www.liveinternet.ru/click

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.deklaracia3ndfl.ru/ HTTP 301
http://deklaracia3ndfl.ru/ HTTP 301
https://deklaracia3ndfl.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://top-fwz1.mail.ru/counter?id=2639870;t=308;l=1 HTTP 302
https://top-fwz1.mail.ru/counter2?id=2639870;t=308;l=1

Request Chain 41

https://counter.yadro.ru/hit?t44.11;r;s1600*1200*24;uhttps%3A//deklaracia3ndfl.ru/;0.6044476837622801 HTTP 302
https://counter.yadro.ru/hit?q;t44.11;r;s1600*1200*24;uhttps%3A//deklaracia3ndfl.ru/;0.6044476837622801

Request Chain 49

https://mc.yandex.ru/watch/29221480?wmode=7&page-url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezuq74honwal%3Afp%3A1214%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A451%3Acn%3A1%3Adp%3A0%3Als%3A1261596313075%3Ahid%3A43361631%3Az%3A60%3Ai%3A20210316124422%3Aet%3A1615895063%3Ac%3A1%3Arn%3A508315226%3Au%3A1615895063969963338%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615895061049%3Ads%3A0%2C0%2C203%2C1%2C582%2C0%2C%2C586%2C15%2C%2C%2C%2C1375%3Adsn%3A0%2C0%2C203%2C1%2C581%2C0%2C%2C588%2C15%2C%2C%2C%2C1374%3Arqnl%3A1%3Ati%3A2%3Ast%3A1615895063%3At%3A%D0%94%D0%B5%D0%BA%D0%BB%D0%B0%D1%80%D0%B0%D1%86%D0%B8%D1%8F%203%20%D0%9D%D0%94%D0%A4%D0%9B%20%D0%B8%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D0%B9%20%D0%B2%D1%8B%D1%87%D0%B5%D1%82%3A%20%D0%B8%D0%BC%D1%83%D1%89%D0%B5%D1%81%D1%82%D0%B2%D0%B5%D0%BD%D0%BD%D1%8B%D0%B9%2C%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%20%D0%B8%20%D1%81%D1%82%D0%B0%D0%BD%D0%B4%D0%B0%D1%80%D1%82%D0%BD%D1%8B%D0%B9 HTTP 302
https://mc.yandex.ru/watch/29221480/1?wmode=7&page-url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezuq74honwal%3Afp%3A1214%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A451%3Acn%3A1%3Adp%3A0%3Als%3A1261596313075%3Ahid%3A43361631%3Az%3A60%3Ai%3A20210316124422%3Aet%3A1615895063%3Ac%3A1%3Arn%3A508315226%3Au%3A1615895063969963338%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615895061049%3Ads%3A0%2C0%2C203%2C1%2C582%2C0%2C%2C586%2C15%2C%2C%2C%2C1375%3Adsn%3A0%2C0%2C203%2C1%2C581%2C0%2C%2C588%2C15%2C%2C%2C%2C1374%3Arqnl%3A1%3Ati%3A2%3Ast%3A1615895063%3At%3A%D0%94%D0%B5%D0%BA%D0%BB%D0%B0%D1%80%D0%B0%D1%86%D0%B8%D1%8F%203%20%D0%9D%D0%94%D0%A4%D0%9B%20%D0%B8%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D0%B9%20%D0%B2%D1%8B%D1%87%D0%B5%D1%82%3A%20%D0%B8%D0%BC%D1%83%D1%89%D0%B5%D1%81%D1%82%D0%B2%D0%B5%D0%BD%D0%BD%D1%8B%D0%B9%2C%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%20%D0%B8%20%D1%81%D1%82%D0%B0%D0%BD%D0%B4%D0%B0%D1%80%D1%82%D0%BD%D1%8B%D0%B9

Request Chain 93

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 98

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 100

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

107 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
deklaracia3ndfl.ru/
Redirect Chain

https://www.deklaracia3ndfl.ru/
http://deklaracia3ndfl.ru/
https://deklaracia3ndfl.ru/

38 KB
9 KB

203ms
203ms

Document
text/html

87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 / PHP/5.6.40
Resource Hash: 31df0771606d4e5e10033e3f86f85843bab4fff802097997e1bc17295f96b9ae

Request headers

:method: GET
:authority: deklaracia3ndfl.ru
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx-reuseport/1.13.4
date: Tue, 16 Mar 2021 11:44:21 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
set-cookie: 8bb5375a1e34bb3fd56ca44cc75fd1af=15de1f982dccd970f514b79c53a53c57; path=admin; secure; HttpOnly
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
expires: Mon, 1 Jan 2001 00:00:00 GMT
last-modified: Tue, 16 Mar 2021 11:44:21 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-encoding: gzip

Redirect headers

Server: nginx-reuseport/1.13.4
Date: Tue, 16 Mar 2021 11:44:21 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 317
Connection: keep-alive
Keep-Alive: timeout=30
Location: https://deklaracia3ndfl.ru/

GET
H2 200 slimbox2.css
deklaracia3ndfl.ru/media/plg_content_mavikthumbnails/slimbox2/css/ 1 KB
730 B 85ms
81ms Stylesheet
text/css 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/media/plg_content_mavikthumbnails/slimbox2/css/slimbox2.css
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: 96b8f42a86b603650301137a943b7a7e6a05c2f94c29d2d1d6a9004d681bcc6a

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
last-modified: Mon, 04 May 2015 17:19:17 GMT
server: nginx-reuseport/1.13.4
etag: W/"5547aa15-4d8"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Tue, 23 Mar 2021 11:44:21 GMT

GET
H2 200 template.css
deklaracia3ndfl.ru/templates/protostar/css/ 155 KB
24 KB 97ms
92ms Stylesheet
text/css 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/templates/protostar/css/template.css
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: f408de23cf32ec04f55de769812877046b35c6c98c08421b4315dd57bc578104

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
last-modified: Mon, 04 Jan 2021 14:17:00 GMT
server: nginx-reuseport/1.13.4
etag: W/"5ff3235c-26d89"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Tue, 23 Mar 2021 11:44:21 GMT

GET
H2 200 mod_accordeonck_css.php
deklaracia3ndfl.ru/modules/mod_accordeonck/themes/simple/ 1 KB
589 B 159ms
155ms Stylesheet
text/css 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/modules/mod_accordeonck/themes/simple/mod_accordeonck_css.php?cssid=accordeonck112
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 / PHP/5.6.40
Resource Hash: 8f04f65d00aba3127ea9695bd2499b5c44e5ae96e169a358b263a887aea8e7b0

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
server: nginx-reuseport/1.13.4
x-powered-by: PHP/5.6.40
vary: Accept-Encoding
content-type: text/css

GET
H2 200 mod_accordeonck_css.php
deklaracia3ndfl.ru/modules/mod_accordeonck/themes/simple/ 1 KB
589 B 222ms
217ms Stylesheet
text/css 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/modules/mod_accordeonck/themes/simple/mod_accordeonck_css.php?cssid=accordeonck114
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 / PHP/5.6.40
Resource Hash: 71ad41e2c2ff4a1cc29027ed4e117a483be84e78a3e73e81877fe7eb346b0234

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
server: nginx-reuseport/1.13.4
x-powered-by: PHP/5.6.40
vary: Accept-Encoding
content-type: text/css

GET
H2 200 mod_accordeonck_css.php
deklaracia3ndfl.ru/modules/mod_accordeonck/themes/simple/ 1 KB
589 B 222ms
218ms Stylesheet
text/css 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/modules/mod_accordeonck/themes/simple/mod_accordeonck_css.php?cssid=accordeonck113
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 / PHP/5.6.40
Resource Hash: 09e9fc2f55f3925b0455f3df62d203a88f11ea4d5a489793b3d6deb77fab4a88

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
server: nginx-reuseport/1.13.4
x-powered-by: PHP/5.6.40
vary: Accept-Encoding
content-type: text/css

GET
H2 200 mod_accordeonck_css.php
deklaracia3ndfl.ru/modules/mod_accordeonck/themes/default/ 1 KB
511 B 221ms
217ms Stylesheet
text/css 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/modules/mod_accordeonck/themes/default/mod_accordeonck_css.php?cssid=accordeonck116
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 / PHP/5.6.40
Resource Hash: c5101d5130d0550b2ae8bfd26465900fa3a7ff17b9b737f3f5048f525e4338b3

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
server: nginx-reuseport/1.13.4
x-powered-by: PHP/5.6.40
vary: Accept-Encoding
content-type: text/css

GET
H2 200 mod_accordeonck_css.php
deklaracia3ndfl.ru/modules/mod_accordeonck/themes/default/ 1 KB
510 B 222ms
217ms Stylesheet
text/css 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/modules/mod_accordeonck/themes/default/mod_accordeonck_css.php?cssid=accordeonck118
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 / PHP/5.6.40
Resource Hash: cba8339bce8e86799a8e6a3c71e97c55c82f895d8f960b7aaa01b448b89fc3ba

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
server: nginx-reuseport/1.13.4
x-powered-by: PHP/5.6.40
vary: Accept-Encoding
content-type: text/css

GET
H2 200 jquery.min.js Show response
deklaracia3ndfl.ru/media/jui/js/ 94 KB
33 KB 156ms
151ms Script
application/x-javascript 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/media/jui/js/jquery.min.js
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: c8963b6bd2ca8497603794bf9adcbff7a3ea55c9c3edef3d5a992405ee256a90

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
last-modified: Fri, 20 Mar 2015 12:58:22 GMT
server: nginx-reuseport/1.13.4
etag: W/"550c196e-176ba"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Tue, 23 Mar 2021 11:44:21 GMT

GET
H2 200 jquery-noconflict.js Show response
deklaracia3ndfl.ru/media/jui/js/ 21 B
214 B 157ms
152ms Script
application/x-javascript 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/media/jui/js/jquery-noconflict.js
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: 5b6cf4e6eda02f7c90b60b3c32413c0851915f8f80a268a913b92929085132a6

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
last-modified: Fri, 20 Mar 2015 12:58:22 GMT
server: nginx-reuseport/1.13.4
etag: "550c196e-15"
content-type: application/x-javascript
cache-control: max-age=604800
accept-ranges: bytes
content-length: 21
expires: Tue, 23 Mar 2021 11:44:21 GMT

GET
H2 200 jquery-migrate.min.js Show response
deklaracia3ndfl.ru/media/jui/js/ 7 KB
3 KB 157ms
153ms Script
application/x-javascript 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/media/jui/js/jquery-migrate.min.js
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: 1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
last-modified: Fri, 20 Mar 2015 12:58:22 GMT
server: nginx-reuseport/1.13.4
etag: W/"550c196e-1c1f"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Tue, 23 Mar 2021 11:44:21 GMT

GET
H2 404 hover.js
deklaracia3ndfl.ru/media/plg_content_mavikthumbnails/js/ 0
0 221ms
217ms Script
text/html 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/media/plg_content_mavikthumbnails/js/hover.js
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 / PHP/5.6.40
Resource Hash

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Mar 2021 11:44:22 GMT
server: nginx-reuseport/1.13.4
x-powered-by: PHP/5.6.40
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
status: 404 ÐÑÐµÐ´ÑÑÐ°Ð²Ð»ÐµÐ½Ð¸Ðµ Ð½Ðµ Ð½Ð°Ð¹Ð´ÐµÐ½Ð¾ [name, type, prefix]: category, js, contentView
cache-control: no-cache
content-type: text/html; charset=UTF-8
content-length: 4365

GET
H2 200 slimbox2.js Show response
deklaracia3ndfl.ru/media/plg_content_mavikthumbnails/slimbox2/js/ 4 KB
2 KB 171ms
167ms Script
application/x-javascript 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/media/plg_content_mavikthumbnails/slimbox2/js/slimbox2.js
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: d860237637ae6f72cc617a924dd279bbf820a4b289d90cac33da6c5d67a336f2

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
last-modified: Mon, 04 May 2015 17:19:17 GMT
server: nginx-reuseport/1.13.4
etag: W/"5547aa15-101b"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Tue, 23 Mar 2021 11:44:21 GMT

GET
H2 200 caption.js Show response
deklaracia3ndfl.ru/media/system/js/ 491 B
541 B 172ms
168ms Script
application/x-javascript 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/media/system/js/caption.js
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: 20f7c83ab9dfdc1e88f4c3fafc0712492200ab738fb30660526bad9dcb7282dc

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
last-modified: Fri, 20 Mar 2015 12:58:22 GMT
server: nginx-reuseport/1.13.4
etag: W/"550c196e-1eb"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Tue, 23 Mar 2021 11:44:21 GMT

GET
H2 200 bootstrap.min.js Show response
deklaracia3ndfl.ru/media/jui/js/ 28 KB
8 KB 172ms
168ms Script
application/x-javascript 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/media/jui/js/bootstrap.min.js
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: 6ebe64de8e1c2f92400a03a97250c8b2f7443025d53fa42df90cb0589350c233

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
last-modified: Fri, 20 Mar 2015 12:58:22 GMT
server: nginx-reuseport/1.13.4
etag: W/"550c196e-71e4"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Tue, 23 Mar 2021 11:44:21 GMT

GET
H2 200 template.js Show response
deklaracia3ndfl.ru/templates/protostar/js/ 1 KB
782 B 172ms
168ms Script
application/x-javascript 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/templates/protostar/js/template.js
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: 6134d90ad4ea1911a38db6992cfec98cdf868270f17105d1c99bb29f0028d4a2

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
last-modified: Sun, 29 Mar 2015 17:24:04 GMT
server: nginx-reuseport/1.13.4
etag: W/"55183534-53c"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Tue, 23 Mar 2021 11:44:21 GMT

GET
H2 200 jquery.ui.core.min.js Show response
deklaracia3ndfl.ru/media/jui/js/ 21 KB
8 KB 172ms
168ms Script
application/x-javascript 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/media/jui/js/jquery.ui.core.min.js
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: 4d1feda979ec3b8a0952f18e6346cd4b51ef5bea614f328216b3bae504573bf3

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
last-modified: Fri, 20 Mar 2015 12:58:22 GMT
server: nginx-reuseport/1.13.4
etag: W/"550c196e-52de"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Tue, 23 Mar 2021 11:44:21 GMT

GET
H2 200 mod_accordeonck.js Show response
deklaracia3ndfl.ru/modules/mod_accordeonck/assets/ 3 KB
1 KB 172ms
169ms Script
application/x-javascript 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/modules/mod_accordeonck/assets/mod_accordeonck.js
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: bbe3c4b9a3afa6784c6c5a39ddeeb0318c383d0f267261c46740120b4c294df9

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
last-modified: Mon, 15 Feb 2016 15:23:34 GMT
server: nginx-reuseport/1.13.4
etag: W/"56c1ed76-aa6"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Tue, 23 Mar 2021 11:44:21 GMT

GET
H2 200 jquery.easing.1.3.js Show response
deklaracia3ndfl.ru/modules/mod_accordeonck/assets/ 8 KB
2 KB 172ms
169ms Script
application/x-javascript 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/modules/mod_accordeonck/assets/jquery.easing.1.3.js
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: 0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:21 GMT
content-encoding: gzip
last-modified: Mon, 15 Feb 2016 15:23:34 GMT
server: nginx-reuseport/1.13.4
etag: W/"56c1ed76-1fa1"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Tue, 23 Mar 2021 11:44:21 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
642 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c340f2fc9103b3a383daf2262c4c58829e4acd29f2e18e02675a823f89eef33b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Mar 2021 10:05:59 GMT
server: ESF
date: Tue, 16 Mar 2021 11:44:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Mar 2021 11:44:21 GMT

GET
H2 200 logo.jpg
deklaracia3ndfl.ru/images/ 19 KB
20 KB 85ms
85ms Image
image/jpeg 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://deklaracia3ndfl.ru/images/logo.jpg
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: 4a4e61c848af2150d8b25a6d8e8ef690b5387e4f9dcac16e57a03443c2215cf2

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:22 GMT
last-modified: Sat, 19 Mar 2016 19:00:17 GMT
server: nginx-reuseport/1.13.4
etag: "56eda1c1-4d94"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 19860
expires: Thu, 15 Apr 2021 11:44:22 GMT

GET
H2 200 %D0%A8%D0%B0%D0%BF%D0%BA%D0%B0.jpg
deklaracia3ndfl.ru/images/ 101 KB
102 KB 85ms
85ms Image
image/jpeg 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://deklaracia3ndfl.ru/images/%D0%A8%D0%B0%D0%BF%D0%BA%D0%B0.jpg
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: 23352c6491a675314f59e7fe98c8ae16308d563113e27c5f0729417a46fec7bd

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:22 GMT
last-modified: Fri, 20 Mar 2015 23:07:41 GMT
server: nginx-reuseport/1.13.4
etag: "550ca83d-1952e"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 103726
expires: Thu, 15 Apr 2021 11:44:22 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
49 KB 45ms
25ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b144fb40dc94ef312b2a28701da77e88a1d738e0bcf9a6f75c77635503483835

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49956
x-xss-protection: 0
server: cafe
etag: 3873043268518483981
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Mar 2021 11:44:22 GMT

GET
H2 200 %D0%B4%D0%B5%D0%BA%D0%BB%D0%B0%D1%80%D0%B0%D1%86%D0%B8%D1%8F.jpg
deklaracia3ndfl.ru/images/Dokumenti/ 13 KB
13 KB 91ms
90ms Image
image/jpeg 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://deklaracia3ndfl.ru/images/Dokumenti/%D0%B4%D0%B5%D0%BA%D0%BB%D0%B0%D1%80%D0%B0%D1%86%D0%B8%D1%8F.jpg
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: e71ec7110e0ddfb1fb9920ad46e3159e68a3c3304d5a4a5666c66d3afa2dbd2c

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:22 GMT
last-modified: Tue, 24 Mar 2015 15:29:43 GMT
server: nginx-reuseport/1.13.4
etag: "551182e7-34b3"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 13491
expires: Thu, 15 Apr 2021 11:44:22 GMT

GET
H/1.1 200
OK top100.jcn Show response
counter.rambler.ru/ 64 KB
65 KB 274ms
130ms Script
application/javascript 81.19.89.18
RAMBLER-TELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://counter.rambler.ru/top100.jcn?3098116
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.89.18 Moscow, Russian Federation, ASN24638 (RAMBLER-TELECOM-AS, RU),
Reverse DNS: kraken.rambler.ru
Software: nginx/1.17.9 /
Resource Hash: 870c289c475941b8b13445a2266ad64b09c2b25b8df3276661c931e1700b3fc9

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 16 Mar 2021 11:44:22 GMT
Server: nginx/1.17.9
Connection: keep-alive
Content-Type: application/octet-stream, application/javascript
Transfer-Encoding: chunked
P3P: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"

GET
H/1.1

200
OK

counter2
top-fwz1.mail.ru/
Redirect Chain

https://top-fwz1.mail.ru/counter?id=2639870;t=308;l=1
https://top-fwz1.mail.ru/counter2?id=2639870;t=308;l=1

1 KB
2 KB

121ms
59ms

Image
image/gif

217.69.133.145
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://top-fwz1.mail.ru/counter2?id=2639870;t=308;l=1

Requested by

Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

8b1a846fa112d9f2dd15adf98a1fd89c7672e81bb0123ee58a943f0cdbaf677b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 16 Mar 2021 11:44:22 GMT
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Connection: keep-alive
Content-Length: 1284
Pragma: no-cache
Access-Control-Allow-Headers: *
AMP-Access-Control-Allow-Source-Origin: *
Server: nginx
Access-Control-Allow-Methods: GET, POST, HEAD, PUT, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin
Cache-Control: private, no-cache, no-store, max-age=0
Access-Control-Allow-Credentials: true
Accept-CH-Lifetime: 86400
Accept-CH: DPR, Width, Viewport-Width, Downlink, Device-Memory
Timing-Allow-Origin: *
Keep-Alive: timeout=60

Redirect headers

Date: Tue, 16 Mar 2021 11:44:22 GMT
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Connection: keep-alive
Content-Length: 0
Pragma: no-cache
Access-Control-Allow-Headers: *
AMP-Access-Control-Allow-Source-Origin: *
Server: nginx
Access-Control-Allow-Methods: GET, POST, HEAD, PUT, OPTIONS
Location: https://top-fwz1.mail.ru/counter2?id=2639870;t=308;l=1
Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin
Cache-Control: private, no-cache, no-store, max-age=0
Access-Control-Allow-Credentials: true
Accept-CH-Lifetime: 86400
Accept-CH: DPR, Width, Viewport-Width, Downlink, Device-Memory
Timing-Allow-Origin: *
Keep-Alive: timeout=60

GET
H2 404 hover.js
deklaracia3ndfl.ru/media/plg_content_mavikthumbnails/js/ 0
0 134ms
134ms Script
text/html 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deklaracia3ndfl.ru/media/plg_content_mavikthumbnails/js/hover.js
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 / PHP/5.6.40
Resource Hash

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Mar 2021 11:44:22 GMT
server: nginx-reuseport/1.13.4
x-powered-by: PHP/5.6.40
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
status: 404 ÐÑÐµÐ´ÑÑÐ°Ð²Ð»ÐµÐ½Ð¸Ðµ Ð½Ðµ Ð½Ð°Ð¹Ð´ÐµÐ½Ð¾ [name, type, prefix]: category, js, contentView
cache-control: no-cache
content-type: text/html; charset=UTF-8
content-length: 4365

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 6107
date: Tue, 16 Mar 2021 10:02:35 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Tue, 16 Mar 2021 12:02:35 GMT

GET
H2 200 bg.png
deklaracia3ndfl.ru/images/ 7 KB
8 KB 90ms
90ms Image
image/png 87.236.16.87
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://deklaracia3ndfl.ru/images/bg.png
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/templates/protostar/css/template.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.87 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.quasar.beget.com
Software: nginx-reuseport/1.13.4 /
Resource Hash: 8626b33a6fdf0355110525ba973de9ac84ae896bc4703733133a5db813053b52

Request headers

Referer: https://deklaracia3ndfl.ru/templates/protostar/css/template.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:22 GMT
last-modified: Mon, 30 Mar 2015 20:31:32 GMT
server: nginx-reuseport/1.13.4
etag: "5519b2a4-1d4c"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 7500
expires: Thu, 15 Apr 2021 11:44:22 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFUZ0bbck.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFUZ0bbck.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

547ded99e5139a10d4145e6e5c62ce35fa03495f625ee8d1e457011408428154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://deklaracia3ndfl.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 12 Mar 2021 11:21:25 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:24 GMT
server: sffe
age: 346977
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9400
x-xss-protection: 0
expires: Sat, 12 Mar 2022 11:21:25 GMT

GET
H3-Q050 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ 14 KB
14 KB 33ms
20ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://deklaracia3ndfl.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 11 Mar 2021 02:04:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 466813
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Fri, 11 Mar 2022 02:04:09 GMT

GET
H2 200 all.js Show response
site.yandex.net/v2.0/js/ 56 KB
15 KB 128ms
41ms Script
application/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://site.yandex.net/v2.0/js/all.js

Requested by

Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

70a0083e92cf715231f7734f0ecf0365c77ec3fdfe97921d75b39afd09871711

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:22 GMT
content-encoding: br
vary: Accept-Encoding
nel: {"report_to": "network-errors", "max_age": 600, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 15151
last-modified: Thu, 14 Jan 2021 10:10:45 GMT
server: nginx/1.17.9
etag: "a144f832184afae15f82138151d89089"
x-robots-tag: noindex, noarchive, nofollow
strict-transport-security: max-age=43200000; includeSubDomains;
report-to: { "group": "network-errors", "max_age": 600, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=216013
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Mar 2021 23:40:10 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
390 B 45ms
13ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=1117785786&t=pageview&_s=1&dl=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&ul=en-us&de=UTF-8&dt=%D0%94%D0%B5%D0%BA%D0%BB%D0%B0%D1%80%D0%B0%D1%86%D0%B8%D1%8F%203%20%D0%9D%D0%94%D0%A4%D0%9B%20%D0%B8%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D0%B9%20%D0%B2%D1%8B%D1%87%D0%B5%D1%82%3A%20%D0%B8%D0%BC%D1%83%D1%89%D0%B5%D1%81%D1%82%D0%B2%D0%B5%D0%BD%D0%BD%D1%8B%D0%B9%2C%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%20%D0%B8%20%D1%81%D1%82%D0%B0%D0%BD%D0%B4%D0%B0%D1%80%D1%82%D0%BD%D1%8B%D0%B9&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=196991184&gjid=1300819977&cid=1023416858.1615895062&tid=UA-62005754-1&_gid=583824065.1615895062&_r=1&_slc=1&z=507198952

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Mar 2021 11:44:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://deklaracia3ndfl.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210310/r20190131/ 226 KB
85 KB 64ms
51ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210310/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4605985333876713&plah=deklaracia3ndfl.ru&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

476e55b7d10aaeb7ddd39212d5a22f590ac9355c2356fe7075b8c52f207edae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 86502
x-xss-protection: 0
server: cafe
etag: 2199629402476109975
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 16 Mar 2021 11:44:22 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210310/r20190131/ Frame C408 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210310/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c44ef8885a1386dad99986e4de63457883d50b1a966d27b502f37d691d7bd770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210310/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://deklaracia3ndfl.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://deklaracia3ndfl.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 16 Mar 2021 00:43:48 GMT
expires: Tue, 30 Mar 2021 00:43:48 GMT
content-type: text/html; charset=UTF-8
etag: 14488317231655078900
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4661
x-xss-protection: 0
age: 39634
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 208 B
646 B 163ms
67ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=deklaracia3ndfl.ru&callback=_gfp_s_&client=ca-pub-4605985333876713

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210310/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4605985333876713&plah=deklaracia3ndfl.ru&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

ce55bfef2360dd339b15ad1380dd8fb9b5159d6806950c8311c9e4ba2a47d762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 34ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=deklaracia3ndfl.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Mar 2021 11:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 33ms
14ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=deklaracia3ndfl.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Mar 2021 11:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D1E3 118 KB
38 KB 609ms
594ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=600&slotname=2929926698&adk=32781153&adf=1947059294&pi=t.ma~as.2929926698&w=246&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=246x600&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&dt=1615895062305&bpp=18&bdt=467&idt=84&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=7535611538006&frm=20&pv=2&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=275&ady=1948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=hFHwuZmreY&p=https%3A//deklaracia3ndfl.ru&dtd=102

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c79b151f3cb338cdabcc67e34562460c47caded145641ab3c193812da990a9e2

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLeKxJnetO8CFYMsGwodC4wNBg&gqi=FppQYMPzGpXAb4PRt-gJ&layout=/sadbundle/%24csp%253Der3%24/14072910087906121018/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-4605985333876713&output=html&h=600&slotname=2929926698&adk=32781153&adf=1947059294&pi=t.ma~as.2929926698&w=246&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=246x600&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&dt=1615895062305&bpp=18&bdt=467&idt=84&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=7535611538006&frm=20&pv=2&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=275&ady=1948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=hFHwuZmreY&p=https%3A//deklaracia3ndfl.ru&dtd=102
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://deklaracia3ndfl.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://deklaracia3ndfl.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLeKxJnetO8CFYMsGwodC4wNBg&gqi=FppQYMPzGpXAb4PRt-gJ&layout=/sadbundle/%24csp%253Der3%24/14072910087906121018/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 16 Mar 2021 11:44:23 GMT
server: cafe
content-length: 38383
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 16-Mar-2021 11:59:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 16 Mar 2021 11:44:23 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab62fe971dd4b318621de81bfd9315f50f36bd50791512128cea651f3ef136d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615552002806803"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28222
x-xss-protection: 0
expires: Tue, 16 Mar 2021 11:44:22 GMT

GET
H/1.1 200
OK /
kraken.rambler.ru/cnt/ 595 B
1 KB 229ms
76ms Image
image/gif 81.19.89.16
RAMBLER-TELECOM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kraken.rambler.ru/cnt/?et=pv&pid=3098116&rid=1615895062.418-853281324&tid=t1.-1.1671475706.1615895062418&v=1.15.0i&rn=91000916&bs=1600x1200&ce=1&rf&en=UTF-8&pt=%D0%94%D0%B5%D0%BA%D0%BB%D0%B0%D1%80%D0%B0%D1%86%D0%B8%D1%8F%203%20%D0%9D%D0%94%D0%A4%D0%9B%20%D0%B8%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D0%B9%20%D0%B2%D1%8B%D1%87%D0%B5%D1%82%3A%20%D0%B8%D0%BC%D1%83%D1%89%D0%B5%D1%81%D1%82%D0%B2%D0%B5%D0%BD%D0%BD%D1%8B%D0%B9%2C%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%20%D0%B8%20%D1%81%D1%82%D0%B0%D0%BD%D0%B4%D0%B0%D1%80%D1%82%D0%BD%D1%8B%D0%B9&sr=1600x1200&cd=24-bit&la=en-US&ja=0&acn=Mozilla&an=Netscape&pl=Linux%20x86_64&tz=-60&fv&sv&lv&le=0&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F
Requested by: Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.89.16 Moscow, Russian Federation, ASN24638 (RAMBLER-TELECOM-AS, RU),
Reverse DNS: kraken.rambler.ru
Software: nginx/1.17.9 /
Resource Hash: d55d80dda4ca1c3c956a0f62504bc7d196c6ebf98dcbde30aa337e6b7179fc7b

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 16 Mar 2021 11:44:22 GMT
Last-Modified: Thu, 16 Jan 2020 17:49:32 GMT
Server: nginx/1.17.9
ETag: "5e20a22c-253"
Access-Control-Allow-Methods: GET, POST, OPTIONS
P3P: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Access-Control-Allow-Headers: content-type
Content-Length: 595

GET
H/1.1 200
OK code.js Show response
top-fwz1.mail.ru/js/ 21 KB
9 KB 78ms
61ms Script
application/javascript 217.69.133.145
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL

https://top-fwz1.mail.ru/js/code.js

Requested by

Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

94cf658d2c7345f5472d9d4514ade118d9f9bed0d50a5fc4a02fb9dcd2c8d8c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 16 Mar 2021 11:44:22 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Connection: keep-alive
Access-Control-Allow-Headers: *
AMP-Access-Control-Allow-Source-Origin: *
Last-Modified: Wed, 09 Dec 2020 16:09:03 GMT
Server: nginx
ETag: W/"5fd0f69f-5361"
Access-Control-Allow-Methods: GET, POST, HEAD, PUT, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin
Cache-Control: max-age=3600, private
Access-Control-Allow-Credentials: true
Accept-CH-Lifetime: 86400
Accept-CH: DPR, Width, Viewport-Width, Downlink, Device-Memory
Timing-Allow-Origin: *
Keep-Alive: timeout=60
Expires: Tue, 16 Mar 2021 12:44:22 GMT

GET
H/1.1

200
OK

hit
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit?t44.11;r;s1600*1200*24;uhttps%3A//deklaracia3ndfl.ru/;0.6044476837622801
https://counter.yadro.ru/hit?q;t44.11;r;s1600*1200*24;uhttps%3A//deklaracia3ndfl.ru/;0.6044476837622801

132 B
586 B

71ms
70ms

Image
image/gif

88.212.201.216
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;t44.11;r;s1600*1200*24;uhttps%3A//deklaracia3ndfl.ru/;0.6044476837622801

Requested by

Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

88.212.201.216 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host216.rax.ru

Software

nginx/1.17.9 /

Resource Hash

e10cd8d343f9c37e3500c69d92f7ac7e78b6c7df29a2ace8cffe71bfa494e8c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Mar 2021 11:44:22 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 132
Expires: Sun, 15 Mar 2020 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 16 Mar 2021 11:44:22 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit?q;t44.11;r;s1600*1200*24;uhttps%3A//deklaracia3ndfl.ru/;0.6044476837622801
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Sun, 15 Mar 2020 21:00:00 GMT

GET
H2 200 watch.js Show response
mc.yandex.ru/metrika/ 123 KB
43 KB 139ms
50ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

a83a4b91b9d7e6f311543068b7c65291d001cd2fb17f19ab8e5a0adb1a0d01e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:22 GMT
content-encoding: br
last-modified: Sun, 14 Mar 2021 16:14:12 GMT
etag: "60472f6c-aa82"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 43650
expires: Tue, 16 Mar 2021 12:44:22 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9697 0
549 B 19ms
19ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&adk=1812271804&adf=3025194257&lmt=1615895061&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&ea=0&flash=0&pra=7&wgl=1&dt=1615895062432&bpp=1&bdt=594&idt=1&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=4&uci=a!4&fsb=1&dtd=5

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-4605985333876713&output=html&adk=1812271804&adf=3025194257&lmt=1615895061&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&ea=0&flash=0&pra=7&wgl=1&dt=1615895062432&bpp=1&bdt=594&idt=1&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=4&uci=a!4&fsb=1&dtd=5
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://deklaracia3ndfl.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://deklaracia3ndfl.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 16 Mar 2021 11:44:22 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 16-Mar-2021 11:59:22 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 16 Mar 2021 11:44:22 GMT
cache-control: private

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1971 68 KB
23 KB 577ms
576ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7eaa3a7223d443adcb191e7f80b2f9fd2be2f8fa2f609264b8ff44b5afc9ab8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://deklaracia3ndfl.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://deklaracia3ndfl.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 16 Mar 2021 11:44:23 GMT
server: cafe
content-length: 23217
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 16-Mar-2021 11:59:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 16 Mar 2021 11:44:23 GMT
cache-control: private

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BA23 90 KB
28 KB 509ms
508ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3137185414&adf=1375308906&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062326&bpp=1&bdt=487&idt=123&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0%2C782x280&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=2194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=AgAyyufpDB&p=https%3A//deklaracia3ndfl.ru&dtd=127

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9abe1867cc8213d3bfd033ea329dcbc58acf95b7f789c45816699642b6a73520

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/teracent_product_template_V1/Responsive_Logo_GpaSiriusSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/teracent_product_template_V1/Responsive_Logo_GpaSiriusSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM23xZnetO8CFUJuGwodvc8GNg&gqi=FppQYIeaHJGobJ2Cr7AM&layout=/pagead/gadgets/teracent_product_template_V1/Responsive_Logo_GpaSiriusSingleIframe.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3137185414&adf=1375308906&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062326&bpp=1&bdt=487&idt=123&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0%2C782x280&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=2194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=AgAyyufpDB&p=https%3A//deklaracia3ndfl.ru&dtd=127
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://deklaracia3ndfl.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://deklaracia3ndfl.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/teracent_product_template_V1/Responsive_Logo_GpaSiriusSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/teracent_product_template_V1/Responsive_Logo_GpaSiriusSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM23xZnetO8CFUJuGwodvc8GNg&gqi=FppQYIeaHJGobJ2Cr7AM&layout=/pagead/gadgets/teracent_product_template_V1/Responsive_Logo_GpaSiriusSingleIframe.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 16 Mar 2021 11:44:22 GMT
server: cafe
content-length: 27797
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 16-Mar-2021 11:59:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 16 Mar 2021 11:44:22 GMT
cache-control: private

GET
H2 200 jquery.min.js Show response
yastatic.net/jquery/1.6.2/ 89 KB
28 KB 57ms
56ms Script
application/x-javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/jquery/1.6.2/jquery.min.js

Requested by

Host: site.yandex.net
URL: https://site.yandex.net/v2.0/js/all.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:22 GMT
content-encoding: br
vary: Accept-Encoding
nel: {"report_to": "network-errors", "max_age": 600, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 28368
x-nginx-request-id: ff8a50865b203aad
last-modified: Mon, 12 Nov 2018 13:13:42 GMT
server: nginx/1.17.9
etag: "57f5e4ce99f95e1eb0f18d52b65b6769"
strict-transport-security: max-age=43200000; includeSubDomains;
report-to: { "group": "network-errors", "max_age": 600, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Jan 2022 02:59:39 GMT

POST
H/1.1 200
OK counter
top-fwz1.mail.ru/ 43 B
1 KB 66ms
55ms Other
image/gif 217.69.133.145
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL

https://top-fwz1.mail.ru/counter?js=13;id=2639870;u=https%3A//deklaracia3ndfl.ru/;st=1615895062424;title=%D0%94%D0%B5%D0%BA%D0%BB%D0%B0%D1%80%D0%B0%D1%86%D0%B8%D1%8F%203%20%D0%9D%D0%94%D0%A4%D0%9B%20%D0%B8%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D0%B9%20%D0%B2%D1%8B%D1%87%D0%B5%D1%82%3A%20%D0%B8%D0%BC%D1%83%D1%89%D0%B5%D1%81%D1%82%D0%B2%D0%B5%D0%BD%D0%BD%D1%8B%D0%B9%2C%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%20%D0%B8%20%D1%81%D1%82%D0%B0%D0%BD%D0%B4%D0%B0%D1%80%D1%82%D0%BD%D1%8B%D0%B9;s=1600*1200;vp=1600*1200;touch=0;hds=1;flash=;sid=70e92502f1c85911;ver=60.3.0;tz=-60%2FEurope%2FBerlin;ni=10//4g/0/0/;lvid=1615895062506%3A1615895062522%3A1%3Ae433253901c5da80ec9a559bf68e45b9;_=0.06193681958389741

Requested by

Host: top-fwz1.mail.ru
URL: https://top-fwz1.mail.ru/js/code.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 16 Mar 2021 11:44:22 GMT
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Access-Control-Allow-Headers: *
AMP-Access-Control-Allow-Source-Origin: https://deklaracia3ndfl.ru
Server: nginx
Access-Control-Allow-Methods: GET, POST, HEAD, PUT, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://deklaracia3ndfl.ru
Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin
Cache-Control: private, no-cache, no-store, max-age=0
Access-Control-Allow-Credentials: true
Accept-CH-Lifetime: 86400
Accept-CH: DPR, Width, Viewport-Width, Downlink, Device-Memory
Timing-Allow-Origin: https://deklaracia3ndfl.ru
Keep-Alive: timeout=60

GET
H2 200 opensearch.js Show response
site.yandex.net/v2.0/js/ 22 KB
7 KB 45ms
45ms Script
application/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://site.yandex.net/v2.0/js/opensearch.js

Requested by

Host: site.yandex.net
URL: https://site.yandex.net/v2.0/js/all.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

de66288f054df7f389e8281f87fb0a9a05095149f4e96d13c32a1c3b61b1a4a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:22 GMT
content-encoding: br
vary: Accept-Encoding
nel: {"report_to": "network-errors", "max_age": 600, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 6188
last-modified: Thu, 14 Jan 2021 10:10:45 GMT
server: nginx/1.17.9
etag: "1df256fb3e065fdf3b47b6ac51380393"
x-robots-tag: noindex, noarchive, nofollow
strict-transport-security: max-age=43200000; includeSubDomains;
report-to: { "group": "network-errors", "max_age": 600, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=216013
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Mar 2021 23:42:27 GMT

GET
H2

200

1 Show response
mc.yandex.ru/watch/29221480/
Redirect Chain

https://mc.yandex.ru/watch/29221480?wmode=7&page-url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezuq74honwal%3Afp%3A1214%3Afu%3A0%3Aen%3Autf-8%3Ala%...
https://mc.yandex.ru/watch/29221480/1?wmode=7&page-url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezuq74honwal%3Afp%3A1214%3Afu%3A0%3Aen%3Autf-8%3Al...

167 B
249 B

44ms
44ms

XHR
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/29221480/1?wmode=7&page-url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezuq74honwal%3Afp%3A1214%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A451%3Acn%3A1%3Adp%3A0%3Als%3A1261596313075%3Ahid%3A43361631%3Az%3A60%3Ai%3A20210316124422%3Aet%3A1615895063%3Ac%3A1%3Arn%3A508315226%3Au%3A1615895063969963338%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615895061049%3Ads%3A0%2C0%2C203%2C1%2C582%2C0%2C%2C586%2C15%2C%2C%2C%2C1375%3Adsn%3A0%2C0%2C203%2C1%2C581%2C0%2C%2C588%2C15%2C%2C%2C%2C1374%3Arqnl%3A1%3Ati%3A2%3Ast%3A1615895063%3At%3A%D0%94%D0%B5%D0%BA%D0%BB%D0%B0%D1%80%D0%B0%D1%86%D0%B8%D1%8F%203%20%D0%9D%D0%94%D0%A4%D0%9B%20%D0%B8%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D0%B9%20%D0%B2%D1%8B%D1%87%D0%B5%D1%82%3A%20%D0%B8%D0%BC%D1%83%D1%89%D0%B5%D1%81%D1%82%D0%B2%D0%B5%D0%BD%D0%BD%D1%8B%D0%B9%2C%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%20%D0%B8%20%D1%81%D1%82%D0%B0%D0%BD%D0%B4%D0%B0%D1%80%D1%82%D0%BD%D1%8B%D0%B9

Requested by

Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

f575426e1acf25819060b877b6c803cc5f9c58e64b3b88ac6e479f137e211893

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Mar 2021 11:44:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 16-Mar-2021 11:44:22 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://deklaracia3ndfl.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 167
x-xss-protection: 1; mode=block
expires: Tue, 16-Mar-2021 11:44:22 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Mar 2021 11:44:22 GMT
last-modified: Tue, 16-Mar-2021 11:44:22 GMT
location: /watch/29221480/1?wmode=7&page-url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezuq74honwal%3Afp%3A1214%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A451%3Acn%3A1%3Adp%3A0%3Als%3A1261596313075%3Ahid%3A43361631%3Az%3A60%3Ai%3A20210316124422%3Aet%3A1615895063%3Ac%3A1%3Arn%3A508315226%3Au%3A1615895063969963338%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615895061049%3Ads%3A0%2C0%2C203%2C1%2C582%2C0%2C%2C586%2C15%2C%2C%2C%2C1375%3Adsn%3A0%2C0%2C203%2C1%2C581%2C0%2C%2C588%2C15%2C%2C%2C%2C1374%3Arqnl%3A1%3Ati%3A2%3Ast%3A1615895063%3At%3A%D0%94%D0%B5%D0%BA%D0%BB%D0%B0%D1%80%D0%B0%D1%86%D0%B8%D1%8F%203%20%D0%9D%D0%94%D0%A4%D0%9B%20%D0%B8%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D0%B9%20%D0%B2%D1%8B%D1%87%D0%B5%D1%82%3A%20%D0%B8%D0%BC%D1%83%D1%89%D0%B5%D1%81%D1%82%D0%B2%D0%B5%D0%BD%D0%BD%D1%8B%D0%B9%2C%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%20%D0%B8%20%D1%81%D1%82%D0%B0%D0%BD%D0%B4%D0%B0%D1%80%D1%82%D0%BD%D1%8B%D0%B9
strict-transport-security: max-age=31536000
access-control-allow-origin: https://deklaracia3ndfl.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0
x-xss-protection: 1; mode=block
expires: Tue, 16-Mar-2021 11:44:22 GMT

GET
H2 200 advert.gif
mc.yandex.ru/metrika/ 43 B
136 B 44ms
44ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:22 GMT
last-modified: Tue, 09 Mar 2021 18:36:29 GMT
etag: "604264a0-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Tue, 16 Mar 2021 12:44:22 GMT

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ Frame BA23 46 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3137185414&adf=1375308906&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062326&bpp=1&bdt=487&idt=123&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0%2C782x280&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=2194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=AgAyyufpDB&p=https%3A//deklaracia3ndfl.ru&dtd=127

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 6107
date: Tue, 16 Mar 2021 10:02:35 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Tue, 16 Mar 2021 12:02:35 GMT

GET
H2 200 ssrh.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame BA23 84 KB
30 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/ssrh.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 15 Mar 2021 12:34:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83379
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30063
x-xss-protection: 0
server: cafe
etag: 16132151104434394549
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 16 Mar 2021 12:34:44 GMT

GET
H3-Q050 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame D1E3 67 B
520 B 34ms
20ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=600&slotname=2929926698&adk=32781153&adf=1947059294&pi=t.ma~as.2929926698&w=246&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=246x600&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&dt=1615895062305&bpp=18&bdt=467&idt=84&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=7535611538006&frm=20&pv=2&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=275&ady=1948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=hFHwuZmreY&p=https%3A//deklaracia3ndfl.ru&dtd=102

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Mar 2021 03:52:27 GMT
x-content-type-options: nosniff
server: cafe
age: 28316
etag: 2462972746714251406
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
expires: Wed, 17 Mar 2021 03:52:27 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 1971 4 KB
1 KB 43ms
29ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d344632c01d1ca55dc380216de660c9b8a5a3174e7d7afa6784aff50c945e1cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Mar 2021 09:59:25 GMT
server: ESF
date: Tue, 16 Mar 2021 11:44:23 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Mar 2021 11:44:23 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210310/r20110914/ Frame BA23 17 KB
7 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210310/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f829a00a403b78fe633e458e3e7a53e433d0bb4056ad9732c2f553fa68acfed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7126
x-xss-protection: 0
server: cafe
etag: 2064927160296813797
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Mar 2021 11:44:12 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/ Frame BA23 2 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

79c521a89112af803faa48f72e1f5f1b5d0685129a14b917317d1cc688613a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:43:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 6751271179024913178
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Mar 2021 11:43:37 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BA23 112 KB
34 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76f8ebf46fa95c31efb8a764b15a3a0849c11346454a026f003cdda43add1749

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615551985310811"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34604
x-xss-protection: 0
expires: Tue, 16 Mar 2021 11:44:23 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/ Frame BA23 13 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f14a53d6e112f5652255e499e109659fe79678b0de2eec4f42a1ac48c9ce72bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:43:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5996
x-xss-protection: 0
server: cafe
etag: 15528521553155206461
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Mar 2021 11:43:52 GMT

GET
H3-Q050 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/ Frame 0690 2 KB
2 KB 9ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/index.html

Requested by

Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db237cbdabdaac650983ee9d1c2ddccd10539c12d026e3d712ff6a6744097bcc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/14072910087906121018/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 800
date: Sat, 13 Mar 2021 05:36:56 GMT
expires: Sun, 13 Mar 2022 05:36:56 GMT
last-modified: Mon, 28 Sep 2020 12:04:49 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 281247
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 8054 0
0 43ms
42ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CRIH2FppQYLenG4PZbIuYtjC2joftYfiQ2IviDM-Li6GPDhABIL-ttCdglYq4gsgHoAHMmZ34AsgBCakCBD5OZdACtD6oAwHIA0iqBM4BT9Ap0OExOeQpi6QUkzKS-WQQ_HbfwHkX4fXXiEmpCXGpUnivkkmGlPx7O4I0-OZg19XkW1EkLsAH4nxs1umk9GrKtAn-GyYTkHqErMPiRak-QIgZGvnSJilbB1U5Y31N3K6A9t07H74OTaD5bppHCeAFKPKaOzhY-dDT2643ruUTPc2bt2GiN3jQ9JK563aKQJmrFNRRRAYcVmdOpVjIsVZsmvUZTNI8tzly5q00GsfBTrXAc38qraESEp8aP08syRrRqsYOYFhVDzTtRGnABL-0v9uiA5IFBAgEGAGSBQQIBRgEoAYugAezxJqYAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBRCO96MB0ggJCIDhgBAQARgfgAoByAsB2BMNiBQC0BUBgBcBshcaChgIABIUcHViLTQ2MDU5ODUzMzM4NzY3MTM&sigh=CWePJ-Fg_Ek&template_id=419&tpd=AGWhJmvOhI-oQj8v2gNuuZ8-n1S5lISxqRGsWoBBLB-37Ff2ng

Requested by

Host: deklaracia3ndfl.ru
URL: https://deklaracia3ndfl.ru/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=600&slotname=2929926698&adk=32781153&adf=1947059294&pi=t.ma~as.2929926698&w=246&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=246x600&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&dt=1615895062305&bpp=18&bdt=467&idt=84&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=7535611538006&frm=20&pv=2&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=275&ady=1948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=hFHwuZmreY&p=https%3A//deklaracia3ndfl.ru&dtd=102
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 16 Mar 2021 11:44:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 16 Mar 2021 11:44:23 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210310/r20110914/ Frame 8054 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210310/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f829a00a403b78fe633e458e3e7a53e433d0bb4056ad9732c2f553fa68acfed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7126
x-xss-protection: 0
server: cafe
etag: 2064927160296813797
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Mar 2021 11:44:12 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/ Frame 8054 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

79c521a89112af803faa48f72e1f5f1b5d0685129a14b917317d1cc688613a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:43:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 6751271179024913178
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Mar 2021 11:43:37 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8054 112 KB
34 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76f8ebf46fa95c31efb8a764b15a3a0849c11346454a026f003cdda43add1749

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615551985310811"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34604
x-xss-protection: 0
expires: Tue, 16 Mar 2021 11:44:23 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/ Frame 8054 13 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f14a53d6e112f5652255e499e109659fe79678b0de2eec4f42a1ac48c9ce72bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:43:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5996
x-xss-protection: 0
server: cafe
etag: 15528521553155206461
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Mar 2021 11:43:52 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame BA23 20 KB
21 KB 33ms
6ms Image
image/jpeg 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcTlFMaKPr92xz_fczH6OHWMo74PHlym2pdjmohnbojaMUQfAxIKXWzaqIwuvkw&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc181767f47c355d11c734bdf91defe35403286ede7af1db2122740f2bf31884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 12 Mar 2021 11:31:28 GMT
x-content-type-options: nosniff
last-modified: Wed, 16 Sep 2020 11:35:41 GMT
server: sffe
age: 346375
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20952
x-xss-protection: 0
expires: Sat, 12 Mar 2022 11:31:28 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame BA23 28 KB
28 KB 33ms
7ms Image
image/jpeg 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRJDzarNkhWP5jqzux4gKO90FjNIAKgSoZYE-uNQuck29QT9XVScwlakBYE5A&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee620d80c9409ae664143deaeed9709d56a226d788539c7645efb13b4f6ab676

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 10 Mar 2021 20:24:09 GMT
x-content-type-options: nosniff
last-modified: Sat, 02 Jun 2018 13:22:24 GMT
server: sffe
age: 487214
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28557
x-xss-protection: 0
expires: Thu, 10 Mar 2022 20:24:09 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame BA23 26 KB
27 KB 38ms
12ms Image
image/jpeg 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTBKtgS7Ouz4_D4HXx1tW4NV4vVpCBXuPnx0J4Z_8n1UebiKYLLQuezTN0zhg&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5a50be0fe87c7816ea4a3a2f1455dfcd8bcf5a65e11b193450ebc91e01095ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 15 Mar 2021 18:22:11 GMT
x-content-type-options: nosniff
last-modified: Tue, 31 Dec 2019 08:00:28 GMT
server: sffe
age: 62532
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27051
x-xss-protection: 0
expires: Tue, 15 Mar 2022 18:22:11 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame BA23 22 KB
23 KB 32ms
7ms Image
image/jpeg 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcRupGb9wmCYgBmO411aHhwNDS1RObvH8Z2gP1LfmmO1dZJq6h3t0VLejTB4yBc&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9986f7d7ba7fd859c984eea393cb3aac7049010b20c3bf4a8c9ea6a903536661

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 10 Mar 2021 22:46:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Feb 2021 10:24:11 GMT
server: sffe
age: 478671
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22728
x-xss-protection: 0
expires: Thu, 10 Mar 2022 22:46:32 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame BA23 26 KB
27 KB 32ms
6ms Image
image/jpeg 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTIfKELy562TFMQOAFx_ePUoYcXWn9isghW4nDGIpR73_qbJ61wrOvI1WWPU8s&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d15046e1a7fb2d635e0c045313700fb535685ebecd729120bc4eaf04dc4995b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 13 Mar 2021 10:26:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 03 Jun 2018 12:22:27 GMT
server: sffe
age: 263857
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26805
x-xss-protection: 0
expires: Sun, 13 Mar 2022 10:26:46 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame BA23 22 KB
23 KB 38ms
13ms Image
image/jpeg 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcS__osWhU6vilyOfX6LWbvNelci6ZnP03x7RsnIChYVX-7ziFEc9UF7lWx2fYg&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b7e11cbf30afeb6ec5f6d7979c4c9beb454fd46c32a32a21805f2f1b60ced27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 11 Mar 2021 04:31:58 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 Sep 2018 15:50:17 GMT
server: sffe
age: 457945
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22921
x-xss-protection: 0
expires: Fri, 11 Mar 2022 04:31:58 GMT

GET
H3-Q050 200 18340321473098222783
tpc.googlesyndication.com/simgad/ Frame BA23 4 KB
5 KB 8ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18340321473098222783

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee1f88576ec14b62bfdfa2dfc4137bf5061192186b9053b54fc79681fc25f950

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 09 Mar 2021 16:38:20 GMT
x-content-type-options: nosniff
age: 587163
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4284
x-xss-protection: 0
last-modified: Thu, 19 Sep 2013 15:39:48 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Mar 2022 16:38:20 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/ Frame 1971 2 KB
991 B 11ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e93f66cbe9b485135f0c8bbc9eaccf882ded6eb71daadde99a8426f6db7cb31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 896
x-xss-protection: 0
server: cafe
etag: 948078048762640732
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Mar 2021 11:40:38 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210310/r20110914/ Frame 1971 17 KB
7 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210310/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f829a00a403b78fe633e458e3e7a53e433d0bb4056ad9732c2f553fa68acfed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7126
x-xss-protection: 0
server: cafe
etag: 2064927160296813797
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Mar 2021 11:44:12 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/ Frame 1971 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

79c521a89112af803faa48f72e1f5f1b5d0685129a14b917317d1cc688613a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:43:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 6751271179024913178
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Mar 2021 11:43:37 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1971 112 KB
34 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76f8ebf46fa95c31efb8a764b15a3a0849c11346454a026f003cdda43add1749

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615551985310811"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34604
x-xss-protection: 0
expires: Tue, 16 Mar 2021 11:44:23 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/ Frame 1971 13 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210310/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f14a53d6e112f5652255e499e109659fe79678b0de2eec4f42a1ac48c9ce72bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:43:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5996
x-xss-protection: 0
server: cafe
etag: 15528521553155206461
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Mar 2021 11:43:52 GMT

GET
H2 200 1e8eaeef6431cb6de349a68674062a29.js Show response
www.gstatic.com/mysidia/ Frame 1971 26 KB
11 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1e8eaeef6431cb6de349a68674062a29.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b0b572a90abb3fce27b9dc1f79145706c7bcc6cc3ac84c8f501d344132816d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 10 Mar 2021 21:17:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Mar 2021 03:08:06 GMT
server: sffe
age: 484036
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10971
x-xss-protection: 0
expires: Tue, 08 Jun 2021 21:17:07 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame BA23 0
0 49ms
42ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CKAotFppQYM3UHMLcbb2fm7ADg7TG6WHKkqb68wenhZqWmhMQASC_rbQnYJWKuILIB6AB8r2l2gPIAQmpAgQ-TmXQArQ-qAMByANKqgTQAU_QW3AJKCFI_0CXBjuMLxgm_fGTXpIf_bCovc7eSyOHH5WSMvPJupp26pH2rWdkSwAQYxHDIoGqSQaj8aVExtiMs7sFBY6W3ovaV-Lke_aBGSSE1R8e5UwbzQ3-UIT9SQ7fdBJm8GzkDWbrwcayCK_2D--IA9z3OTQYpPIfeeAKXQlO-a1qJLZKJHDOxYLpblSL8XFTSkgqJ15ChlkGruDL2rJuK4FMbhgXPCXHz9nIYBSmErBzCsa6kd4zJbQsBcxxH8iTP0DEy0GuRgoZQmbABNqtk6XzAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAf2wdolqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCBhBLSCAkIgOGAEBABGB-ACgHICwHYEwuyFxoKGAgAEhRwdWItNDYwNTk4NTMzMzg3NjcxMw&sigh=DhacaleMgOg&template_id=311&tpd=AGWhJmuU3NI7Inx0v6NxeE0oaj3SpI2N5AK6DTu5CrzqNE7d2A

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3137185414&adf=1375308906&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062326&bpp=1&bdt=487&idt=123&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0%2C782x280&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=2194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=AgAyyufpDB&p=https%3A//deklaracia3ndfl.ru&dtd=127
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 16 Mar 2021 11:44:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1971 0
0 43ms
42ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CDBHFFppQYPeOHM2abb7ro-ABleijjGGr7tKMhAza2R4QASC_rbQnYJWKuILIB6AB1fP40gPIAQGoAwHIA8sEqgTNAU_QjMsWltGOiFXXbYK54qiPfs8Thu0ettXHIY2vE7yZ5jk8MTMFvPQrq7iW6uZ1PEGfRBoWxVPOx9czxyffFcoviotiSXCyJtXlGU6l5uUxrLC48FlEWwbhIjOHUlnYRtMRtWzsSg0BGRQ-IzqPz2uEOlmp9tdIx9QaFr9hKcc7BLagCEFDfsjf8Nived7lekbRKsDXq31so8fOc5oI9nH-kJf_NLO0fCjcdDXlaG6qvlz0D0U7ztXs-iLFW34WxgwmDbmQlOwrtJ4mTGfABLiSnsG0AZIFBAgEGAGSBQQIBRgEgAeTjIctqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEMCKG9IICQiA4YAQEAEYH4AKAcgLAdgTDIgUAbIXGgoYCAASFHB1Yi00NjA1OTg1MzMzODc2NzEz&sigh=D5BSkJ_Lx1Y&tpd=AGWhJmvMQx6KLDw4-GBKlcld9AE4v2UFurPpcjswK_EOturKlw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 16 Mar 2021 11:44:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E7F7 143 B
220 B 6ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3137185414&adf=1375308906&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062326&bpp=1&bdt=487&idt=123&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0%2C782x280&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=2194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=AgAyyufpDB&p=https%3A//deklaracia3ndfl.ru&dtd=127
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmcs5zbU8IPfmEVB7LgydmeS1O2xJdD16lV9KMYD--UAEcZrRG6fTs-JSeLe5c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3137185414&adf=1375308906&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062326&bpp=1&bdt=487&idt=123&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0%2C782x280&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=2194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=AgAyyufpDB&p=https%3A//deklaracia3ndfl.ru&dtd=127

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 16 Mar 2021 11:41:24 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 179
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame BA23 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0fc839330b89c132eddfec0f603f583edc40a1ade4f619ae0ec8307a017e88d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 60E2 143 B
165 B 6ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmcs5zbU8IPfmEVB7LgydmeS1O2xJdD16lV9KMYD--UAEcZrRG6fTs-JSeLe5c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 16 Mar 2021 11:41:24 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 179
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 60C0 143 B
165 B 6ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=600&slotname=2929926698&adk=32781153&adf=1947059294&pi=t.ma~as.2929926698&w=246&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=246x600&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&dt=1615895062305&bpp=18&bdt=467&idt=84&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=7535611538006&frm=20&pv=2&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=275&ady=1948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=hFHwuZmreY&p=https%3A//deklaracia3ndfl.ru&dtd=102
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmcs5zbU8IPfmEVB7LgydmeS1O2xJdD16lV9KMYD--UAEcZrRG6fTs-JSeLe5c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=600&slotname=2929926698&adk=32781153&adf=1947059294&pi=t.ma~as.2929926698&w=246&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=246x600&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&dt=1615895062305&bpp=18&bdt=467&idt=84&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=7535611538006&frm=20&pv=2&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=275&ady=1948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=hFHwuZmreY&p=https%3A//deklaracia3ndfl.ru&dtd=102

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 16 Mar 2021 11:41:24 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 179
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 8054 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 601381f7bed02cfe08ae9be1f4ad1c710c4c3210f3ff5e7ea319c4572e507428

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1971 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c08f6d9bb01e3cc4d95179ff37554b3f6d665e5c03194e1361cd67e3c153089c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 1971 16 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 15 Mar 2021 18:27:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:37 GMT
server: sffe
age: 62204
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15872
x-xss-protection: 0
expires: Tue, 15 Mar 2022 18:27:39 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 1971 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 15 Mar 2021 18:51:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
server: sffe
age: 60756
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15736
x-xss-protection: 0
expires: Tue, 15 Mar 2022 18:51:47 GMT

GET
H3-Q050 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 0690 9 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 04:49:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24901
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 17 Mar 2021 04:49:22 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 0690 22 KB
9 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 15 Mar 2021 13:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 16 Mar 2021 13:07:30 GMT

GET
H3-Q050 200 style.css
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/css/ Frame 0690 6 KB
3 KB 8ms
7ms Stylesheet
text/css 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/css/style.css

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4a7c13ad510d22054d213fb20e3f045b1bfc4f8a0a713768abd4db381f7d3b6

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 444669
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1531
x-xss-protection: 0
last-modified: Mon, 28 Sep 2020 12:04:49 GMT
server: sffe
date: Thu, 11 Mar 2021 08:13:14 GMT
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Mar 2022 08:13:14 GMT

GET
H3-Q050 200 classList.min.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/js/ Frame 0690 3 KB
1 KB 10ms
9ms Script
application/x-javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/js/classList.min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89d9b7a7b8e5d17c32994a4871c83a588f7ab509a80d1ff90d612c9cf9f1614e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 434887
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1207
x-xss-protection: 0
last-modified: Mon, 28 Sep 2020 12:04:49 GMT
server: sffe
date: Thu, 11 Mar 2021 10:56:16 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Mar 2022 10:56:16 GMT

GET
H3-Q050 200 script.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/js/ Frame 0690 3 KB
675 B 9ms
9ms Script
application/x-javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/js/script.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7765f0763113c53b837164849a3c334f99aca236191b99eb921c9656d9f2643

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 590633
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 572
x-xss-protection: 0
last-modified: Mon, 28 Sep 2020 12:04:49 GMT
server: sffe
date: Tue, 09 Mar 2021 15:40:30 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Mar 2022 15:40:30 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E7F7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
110 B

39ms
38ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmcs5zbU8IPfmEVB7LgydmeS1O2xJdD16lV9KMYD--UAEcZrRG6fTs-JSeLe5c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 16 Mar 2021 11:44:23 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Tue, 16-Mar-2021 12:44:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 16 Mar 2021 11:44:23 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 16 Mar 2021 11:44:23 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 OqSalp92o-4AtfYt583RauVJYevBmhjij2pcg0zPe10.js Show response
pagead2.googlesyndication.com/bg/ Frame 0E35 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OqSalp92o-4AtfYt583RauVJYevBmhjij2pcg0zPe10.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3aa49a969f76a3ee00b5f62de7cdd16ae54961ebc19a18e28f6a5c834ccf7b5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 14 Mar 2021 14:30:19 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 08 Mar 2021 17:45:00 GMT
server: sffe
age: 162844
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5732
x-xss-protection: 0
expires: Mon, 14 Mar 2022 14:30:19 GMT

GET
H3-Q050 200 motiv.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/img/ Frame 0690 30 KB
30 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/img/motiv.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/css/style.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fca45ae80c6450497732a7062eeacad2889c040fda5c4a11cf4e833d0e0575e6

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 562113
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30948
x-xss-protection: 0
last-modified: Mon, 28 Sep 2020 12:04:49 GMT
server: sffe
date: Tue, 09 Mar 2021 23:35:50 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Mar 2022 23:35:50 GMT

GET
H3-Q050 200 karte.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/img/ Frame 0690 6 KB
6 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/img/karte.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/css/style.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee9f56800393ffbbc4e52b10f7e06c8bebb250aab66f471ac7740077cf26ec14

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 99187
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5854
x-xss-protection: 0
last-modified: Mon, 28 Sep 2020 12:04:49 GMT
server: sffe
date: Mon, 15 Mar 2021 08:11:16 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Mar 2022 08:11:16 GMT

GET
H3-Q050 200 banner.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/img/ Frame 0690 11 KB
13 KB 10ms
9ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/img/banner.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/css/style.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e308f2e4812faee1816c3812bdcff613bf8d96e653a977f73f86de9bcfee1fd0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 584620
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11609
x-xss-protection: 0
last-modified: Mon, 28 Sep 2020 12:04:49 GMT
server: sffe
date: Tue, 09 Mar 2021 17:20:43 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Mar 2022 17:20:43 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 60E2
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
194 B

40ms
40ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmcs5zbU8IPfmEVB7LgydmeS1O2xJdD16lV9KMYD--UAEcZrRG6fTs-JSeLe5c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 16 Mar 2021 11:44:23 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Tue, 16-Mar-2021 12:44:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 16 Mar 2021 11:44:23 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 16 Mar 2021 11:44:23 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 OqSalp92o-4AtfYt583RauVJYevBmhjij2pcg0zPe10.js Show response
pagead2.googlesyndication.com/bg/ Frame 830E 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OqSalp92o-4AtfYt583RauVJYevBmhjij2pcg0zPe10.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4605985333876713&output=html&h=280&slotname=2929926698&adk=3020301090&adf=831680713&pi=t.ma~as.2929926698&w=782&fwrn=4&fwrnh=100&lmt=1615895061&rafmt=1&psa=0&format=782x280&url=https%3A%2F%2Fdeklaracia3ndfl.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615895062323&bpp=3&bdt=485&idt=117&shv=r20210310&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=246x600%2C0x0&nras=1&correlator=7535611538006&frm=20&pv=1&ga_vid=1023416858.1615895062&ga_sid=1615895062&ga_hid=1117785786&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=543&ady=455&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44737536%2C21068084%2C31060427%2C44737458&oid=3&pvsid=2518253991767721&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Ioj7FlOQqH&p=https%3A//deklaracia3ndfl.ru&dtd=121

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3aa49a969f76a3ee00b5f62de7cdd16ae54961ebc19a18e28f6a5c834ccf7b5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 14 Mar 2021 14:30:19 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 08 Mar 2021 17:45:00 GMT
server: sffe
age: 162844
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5732
x-xss-protection: 0
expires: Mon, 14 Mar 2022 14:30:19 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 60C0
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
21 B

40ms
40ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmcs5zbU8IPfmEVB7LgydmeS1O2xJdD16lV9KMYD--UAEcZrRG6fTs-JSeLe5c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 16 Mar 2021 11:44:23 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Tue, 16-Mar-2021 12:44:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 16 Mar 2021 11:44:23 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 16 Mar 2021 11:44:23 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 OqSalp92o-4AtfYt583RauVJYevBmhjij2pcg0zPe10.js Show response
pagead2.googlesyndication.com/bg/ Frame 0690 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OqSalp92o-4AtfYt583RauVJYevBmhjij2pcg0zPe10.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3aa49a969f76a3ee00b5f62de7cdd16ae54961ebc19a18e28f6a5c834ccf7b5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 14 Mar 2021 14:30:19 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 08 Mar 2021 17:45:00 GMT
server: sffe
age: 162844
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5732
x-xss-protection: 0
expires: Mon, 14 Mar 2022 14:30:19 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 49ms
32ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210310&st=env

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de1ff366aba726b072659c363304cec5beaa246e49993b08fe6e56c09eb0ba42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Mar 2021 11:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6495
x-xss-protection: 0

POST
H/1.1 200
OK tracker
top-fwz1.mail.ru/ 43 B
1 KB 56ms
56ms Other
image/gif 217.69.133.145
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL

https://top-fwz1.mail.ru/tracker?js=13;id=2639870;u=https%3A//deklaracia3ndfl.ru/;st=1615895062424;s=1600*1200;vp=1600*1200;touch=0;hds=1;flash=;sid=70e92502f1c85911;ver=60.3.0;tz=-60%2FEurope%2FBerlin;nt=0/0/1615895061049/////582/582/582/582/582//582/785/786/789/1375/1375/1390/2501/2501/;ni=10//4g/0/0/;lvid=1615895062506%3A1615895063553%3A2%3Ae433253901c5da80ec9a559bf68e45b9;_=0.3990374916969881;e=RT/load;et=1615895063552

Requested by

Host: top-fwz1.mail.ru
URL: https://top-fwz1.mail.ru/js/code.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 16 Mar 2021 11:44:23 GMT
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Access-Control-Allow-Headers: *
AMP-Access-Control-Allow-Source-Origin: https://deklaracia3ndfl.ru
Server: nginx
Access-Control-Allow-Methods: GET, POST, HEAD, PUT, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://deklaracia3ndfl.ru
Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin
Cache-Control: private, no-cache, no-store, max-age=0
Access-Control-Allow-Credentials: true
Accept-CH-Lifetime: 86400
Accept-CH: DPR, Width, Viewport-Width, Downlink, Device-Memory
Timing-Allow-Origin: https://deklaracia3ndfl.ru
Keep-Alive: timeout=60

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 11:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Tue, 16 Mar 2021 11:44:23 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 23A8 12 KB
5 KB 9ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://deklaracia3ndfl.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://deklaracia3ndfl.ru/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Tue, 16 Mar 2021 10:57:02 GMT
expires: Wed, 16 Mar 2022 10:57:02 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2841
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 OqSalp92o-4AtfYt583RauVJYevBmhjij2pcg0zPe10.js Show response
pagead2.googlesyndication.com/bg/ Frame 23A8 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OqSalp92o-4AtfYt583RauVJYevBmhjij2pcg0zPe10.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3aa49a969f76a3ee00b5f62de7cdd16ae54961ebc19a18e28f6a5c834ccf7b5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 14 Mar 2021 14:30:19 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 08 Mar 2021 17:45:00 GMT
server: sffe
age: 162844
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5732
x-xss-protection: 0
expires: Mon, 14 Mar 2022 14:30:19 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
88 B 41ms
41ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gda_r20210310&jk=2518253991767721&bg=!p6SlpOfNAAUO7zDoDjsAKQB2-DxaJb2sqwQUGoIeIlJQ9t6voKX5OoPIUbPIEgQk82nm_FfrFjSrAgAAAGZSAAAADmgBBwoBZwfwjebBgkqJGZzfTTajRtNq8Sg56Lc4I6MBl46FCIQ0g7HvX7fcyhWuLVemtVQU00cwsUXJhhLsYCs7uFOH2jyNXlSS2vT4GcJuB0K4Puj3Vndvada3bpgJFsK87FT9UfDUDIPjy36hmNEPiJz0LjHZ8xSTCiqjl-Tf2U8DVF-0enjeCsnANHVsJg53h8bGk06axy1mQuwR28ZcivXZNFt6SSUKPpDHKBsRMzLdvREluZJyE4v7ab2teZbHTKkcUL92QuXe7_y-kfCox1wU0nS2rAWQ5Ohqp9Vcrj3oZn6_lq57J6uFvVyU2eUiPmrQncKyF4eOOWoWg7tnPt5rQsp1VCnnQHMrrN-Sk2dJQoJ17b98q7vMiPNsfs8uoZlX_VdZlyzdF6IF1KXNFYro8Pbun4Qc54iwGEJO-0gp1lxV2DtH_VsbGsEP6BJ87Mhko3L7q4D38BT6Yx5dNqkMm83VZNF39i_7mQHUgl7-u_TY5kvWoe_Pj2CNYw0ovj-KceKn5MD3hJX8GSBtBRXeP0vb418AbSchC6cnnxOzsk-a6DCzuicz1YfBAKuyuOhUoPMvNuELcEe8mB-oqNZbijn08lDoTzYK-5ip__hgEBrf0K5eDsMig8TKRbWhh5VQNK4Fe3gQztaMXB-hjh7Z3lknY7I9gxFiGfoyf5tk-Hi1-12j2qpA_tf_oFu9DVDDos2GRpes-XgJ4YFe1yvZl7kXA8dd3Y4k8HQA5oQeSalIz9xc8JA5hsCzvsWQ7vBPZZk3Voc3jWGkvdrXjdPGxSaRSmJLndIInXHymn8OUhV9NtNTHw5RMjueZOnxjiH9XAUWMNtmuyTXQMSyR-fYVXYbgxGbmJhLW8rXsR-4O5yx_FdGkaxlG5H71QnY9KVbHSlL9d8uG7DT_Ccab_quFViJHIubaCCyV_vFTvt2tq_cfbC0_joNSJuOBvShhAHe0g67_Fir2WdC35ETttrbmy8PxmehVHzh2tdSnNcyLG9nn1EplmNb4C8uopKkqsrjQgu6oCYxHtyF84TQCoeqJuurFb-2F-dJlb7CKbyHjwuOzErefI6X2wu77bd3KK41JNJ46In6xfoO8qUVW9-4

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://deklaracia3ndfl.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Mar 2021 11:44:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1971 42 B
155 B 40ms
40ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst4VxB87Y5sKMGLXbfYdmhGiM5I-rKmHbAg8uO8BwwaN-W0rPfCHt5NuWhSZHX0LkaITy-hNqmO6XAdbJcE8fFCzAWeB4M_GtcqmqbBj3aWyn9-fPwSOo5q22ZFQw&sai=AMfl-YTLWgx2yG34KhEos-p1ZWNxcRCkqeH1OLQh-6Ad_ZERMycBGarW3djulXyGL5R2TB6irTdi0Z-ysYr3&sig=Cg0ArKJSzNkba72vlg8yEAE&id=osdim&mcvt=1000&p=455,543,735,1325&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210312&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=3020301090&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1615895062446&dlt=579&rpt=39&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Mar 2021 11:44:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 16:51:38	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 02:13:11	Name: IDE Value: AHWqTUmcs5zbU8IPfmEVB7LgydmeS1O2xJdD16lV9KMYD--UAEcZrRG6fTs-JSeLe5c
.deklaracia3ndfl.ru/	1970-01-20 00:51:06	Name: tmr_reqNum Value: 2
.deklaracia3ndfl.ru/	1970-01-19 16:51:36	Name: _ym_visorc Value: w
.deklaracia3ndfl.ru/	1970-01-19 16:52:47	Name: _ym_isad Value: 2
.deklaracia3ndfl.ru/	1970-01-20 01:37:11	Name: _ym_uid Value: 1615895063969963338
.deklaracia3ndfl.ru/	1970-01-20 00:51:06	Name: tmr_lvidTS Value: 1615895062506
.deklaracia3ndfl.ru/	1970-01-20 16:51:35	Name: top100_id Value: t1.-1.1671475706.1615895062418
.deklaracia3ndfl.ru/	1970-01-20 00:51:06	Name: tmr_lvid Value: e433253901c5da80ec9a559bf68e45b9
.deklaracia3ndfl.ru/	1970-01-20 16:51:35	Name: last_visit Value: 1615891462421::1615895062421
.deklaracia3ndfl.ru/	1970-01-19 16:53:01	Name: _gid Value: GA1.2.583824065.1615895062
.deklaracia3ndfl.ru/	1970-01-19 16:51:35	Name: _gat Value: 1
.deklaracia3ndfl.ru/	1970-01-20 01:37:11	Name: _ym_d Value: 1615895063
.deklaracia3ndfl.ru/	1970-01-20 10:22:47	Name: _ga Value: GA1.2.1023416858.1615895062
.deklaracia3ndfl.ru/	1970-01-20 02:13:11	Name: __gads Value: ID=4fdbb73c867b9cad-228dd2fac9ba0024:T=1615895062:RT=1615895062:S=ALNI_MY_qKMIP-Eze42uCAXcAKcK44OcUg
deklaracia3ndfl.ru/	1969-12-31 23:59:59	Name: 8bb5375a1e34bb3fd56ca44cc75fd1af Value: 15de1f982dccd970f514b79c53a53c57

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14072910087906121018/js/script.js(Line 73) Message: 16750

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
counter.rambler.ru
counter.yadro.ru
deklaracia3ndfl.ru
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
kraken.rambler.ru
mc.yandex.ru
pagead2.googlesyndication.com
partner.googleadservices.com
site.yandex.net
top-fwz1.mail.ru
tpc.googlesyndication.com
www.deklaracia3ndfl.ru
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
yastatic.net
142.250.186.162
217.69.133.145
2a00:1450:4001:800::2003
2a00:1450:4001:800::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:810::200e
2a00:1450:4001:811::2003
2a00:1450:4001:811::200e
2a00:1450:4001:812::2003
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:813::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::200a
2a02:6b8:20::215
2a02:6b8::1:119
81.19.89.16
81.19.89.18
87.236.16.87
88.212.201.216
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
09e9fc2f55f3925b0455f3df62d203a88f11ea4d5a489793b3d6deb77fab4a88
0b7e11cbf30afeb6ec5f6d7979c4c9beb454fd46c32a32a21805f2f1b60ced27
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d
1e93f66cbe9b485135f0c8bbc9eaccf882ded6eb71daadde99a8426f6db7cb31
20f7c83ab9dfdc1e88f4c3fafc0712492200ab738fb30660526bad9dcb7282dc
23352c6491a675314f59e7fe98c8ae16308d563113e27c5f0729417a46fec7bd
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
31df0771606d4e5e10033e3f86f85843bab4fff802097997e1bc17295f96b9ae
3aa49a969f76a3ee00b5f62de7cdd16ae54961ebc19a18e28f6a5c834ccf7b5d
4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87
476e55b7d10aaeb7ddd39212d5a22f590ac9355c2356fe7075b8c52f207edae2
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4a4e61c848af2150d8b25a6d8e8ef690b5387e4f9dcac16e57a03443c2215cf2
4d1feda979ec3b8a0952f18e6346cd4b51ef5bea614f328216b3bae504573bf3
547ded99e5139a10d4145e6e5c62ce35fa03495f625ee8d1e457011408428154
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5b6cf4e6eda02f7c90b60b3c32413c0851915f8f80a268a913b92929085132a6
601381f7bed02cfe08ae9be1f4ad1c710c4c3210f3ff5e7ea319c4572e507428
6134d90ad4ea1911a38db6992cfec98cdf868270f17105d1c99bb29f0028d4a2
6ebe64de8e1c2f92400a03a97250c8b2f7443025d53fa42df90cb0589350c233
6f829a00a403b78fe633e458e3e7a53e433d0bb4056ad9732c2f553fa68acfed
70a0083e92cf715231f7734f0ecf0365c77ec3fdfe97921d75b39afd09871711
71ad41e2c2ff4a1cc29027ed4e117a483be84e78a3e73e81877fe7eb346b0234
76f8ebf46fa95c31efb8a764b15a3a0849c11346454a026f003cdda43add1749
79c521a89112af803faa48f72e1f5f1b5d0685129a14b917317d1cc688613a18
7b0b572a90abb3fce27b9dc1f79145706c7bcc6cc3ac84c8f501d344132816d8
8626b33a6fdf0355110525ba973de9ac84ae896bc4703733133a5db813053b52
870c289c475941b8b13445a2266ad64b09c2b25b8df3276661c931e1700b3fc9
89d9b7a7b8e5d17c32994a4871c83a588f7ab509a80d1ff90d612c9cf9f1614e
8b1a846fa112d9f2dd15adf98a1fd89c7672e81bb0123ee58a943f0cdbaf677b
8f04f65d00aba3127ea9695bd2499b5c44e5ae96e169a358b263a887aea8e7b0
94cf658d2c7345f5472d9d4514ade118d9f9bed0d50a5fc4a02fb9dcd2c8d8c6
96b8f42a86b603650301137a943b7a7e6a05c2f94c29d2d1d6a9004d681bcc6a
9986f7d7ba7fd859c984eea393cb3aac7049010b20c3bf4a8c9ea6a903536661
9abe1867cc8213d3bfd033ea329dcbc58acf95b7f789c45816699642b6a73520
9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a83a4b91b9d7e6f311543068b7c65291d001cd2fb17f19ab8e5a0adb1a0d01e1
ab62fe971dd4b318621de81bfd9315f50f36bd50791512128cea651f3ef136d1
b144fb40dc94ef312b2a28701da77e88a1d738e0bcf9a6f75c77635503483835
bbe3c4b9a3afa6784c6c5a39ddeeb0318c383d0f267261c46740120b4c294df9
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
c08f6d9bb01e3cc4d95179ff37554b3f6d665e5c03194e1361cd67e3c153089c
c340f2fc9103b3a383daf2262c4c58829e4acd29f2e18e02675a823f89eef33b
c44ef8885a1386dad99986e4de63457883d50b1a966d27b502f37d691d7bd770
c4a7c13ad510d22054d213fb20e3f045b1bfc4f8a0a713768abd4db381f7d3b6
c5101d5130d0550b2ae8bfd26465900fa3a7ff17b9b737f3f5048f525e4338b3
c79b151f3cb338cdabcc67e34562460c47caded145641ab3c193812da990a9e2
c8963b6bd2ca8497603794bf9adcbff7a3ea55c9c3edef3d5a992405ee256a90
cba8339bce8e86799a8e6a3c71e97c55c82f895d8f960b7aaa01b448b89fc3ba
ce55bfef2360dd339b15ad1380dd8fb9b5159d6806950c8311c9e4ba2a47d762
d15046e1a7fb2d635e0c045313700fb535685ebecd729120bc4eaf04dc4995b9
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d344632c01d1ca55dc380216de660c9b8a5a3174e7d7afa6784aff50c945e1cc
d55d80dda4ca1c3c956a0f62504bc7d196c6ebf98dcbde30aa337e6b7179fc7b
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d7eaa3a7223d443adcb191e7f80b2f9fd2be2f8fa2f609264b8ff44b5afc9ab8
d860237637ae6f72cc617a924dd279bbf820a4b289d90cac33da6c5d67a336f2
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
db237cbdabdaac650983ee9d1c2ddccd10539c12d026e3d712ff6a6744097bcc
dc181767f47c355d11c734bdf91defe35403286ede7af1db2122740f2bf31884
de1ff366aba726b072659c363304cec5beaa246e49993b08fe6e56c09eb0ba42
de66288f054df7f389e8281f87fb0a9a05095149f4e96d13c32a1c3b61b1a4a3
e0fc839330b89c132eddfec0f603f583edc40a1ade4f619ae0ec8307a017e88d
e10cd8d343f9c37e3500c69d92f7ac7e78b6c7df29a2ace8cffe71bfa494e8c9
e308f2e4812faee1816c3812bdcff613bf8d96e653a977f73f86de9bcfee1fd0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e71ec7110e0ddfb1fb9920ad46e3159e68a3c3304d5a4a5666c66d3afa2dbd2c
ee1f88576ec14b62bfdfa2dfc4137bf5061192186b9053b54fc79681fc25f950
ee620d80c9409ae664143deaeed9709d56a226d788539c7645efb13b4f6ab676
ee9f56800393ffbbc4e52b10f7e06c8bebb250aab66f471ac7740077cf26ec14
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f14a53d6e112f5652255e499e109659fe79678b0de2eec4f42a1ac48c9ce72bd
f408de23cf32ec04f55de769812877046b35c6c98c08421b4315dd57bc578104
f575426e1acf25819060b877b6c803cc5f9c58e64b3b88ac6e479f137e211893
f5a50be0fe87c7816ea4a3a2f1455dfcd8bcf5a65e11b193450ebc91e01095ea
f7765f0763113c53b837164849a3c334f99aca236191b99eb921c9656d9f2643
fca45ae80c6450497732a7062eeacad2889c040fda5c4a11cf4e833d0e0575e6

deklaracia3ndfl.ru Open in urlscan Pro 87.236.16.87 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

107 Requests

100 %HTTPS

73 %IPv6

16 Domains

25 Subdomains

22 IPs

3 Countries

1211 kBTransfer

2644 kBSize

16 Cookies

3 Outgoing links

Page URL History

Redirected requests

107 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

deklaracia3ndfl.ru Open in urlscan Pro
87.236.16.87 Public Scan

Screenshot
Live screenshot

Full Image

107
Requests

100 %
HTTPS

73 %
IPv6

16
Domains

25
Subdomains

22
IPs

3
Countries

1211 kB
Transfer

2644 kB
Size

16
Cookies

107 HTTP transactions
3 data transactions