www.themoscowtimes.com Open in urlscan Pro
95.215.189.12 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Submission: On April 16 via api (April 16th 2021, 3:49:03 pm UTC) from DE

Summary HTTP 439 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 104 IPs in 9 countries across 88 domains to perform 439 HTTP transactions. The main IP is 95.215.189.12, located in Netherlands and belongs to PROCOLIX, NL. The main domain is www.themoscowtimes.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 21st 2021. Valid for: a year.

This is the only time www.themoscowtimes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	95.215.189.12 95.215.189.12	51758 (PROCOLIX) (PROCOLIX)
20	95.215.189.11 95.215.189.11	51758 (PROCOLIX) (PROCOLIX)
1	143.204.90.117 143.204.90.117	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:202... 2600:9000:2021:aa00:18:1fcd:34e:d2a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
16	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (HIGHWINDS3) (HIGHWINDS3)
4	23.111.9.35 23.111.9.35	33438 (HIGHWINDS2) (HIGHWINDS2)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
5	13.33.139.101 13.33.139.101	16509 (AMAZON-02) (AMAZON-02)
1	13.33.139.117 13.33.139.117	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
14	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	184.30.17.156 184.30.17.156	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.207.42.216 34.207.42.216	14618 (AMAZON-AES) (AMAZON-AES)
1	2a04:4e42:3::714 2a04:4e42:3::714	54113 (FASTLY) (FASTLY)
5	69.16.175.42 69.16.175.42	20446 (HIGHWINDS3) (HIGHWINDS3)
5	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
1 20	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
3	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:400c:c0d::9a	15169 (GOOGLE) (GOOGLE)
2	143.204.90.104 143.204.90.104	16509 (AMAZON-02) (AMAZON-02)
1 3	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	54.243.166.109 54.243.166.109	14618 (AMAZON-AES) (AMAZON-AES)
1	54.175.245.12 54.175.245.12	14618 (AMAZON-AES) (AMAZON-AES)
16	13.33.139.84 13.33.139.84	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	34.226.165.133 34.226.165.133	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba12	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2600:1480:300... 2600:1480:3000:e5::	33905 (AKAMAI-AMS) (AKAMAI-AMS)
6	2606:4700:20:... 2606:4700:20::681a:b19	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:10:... 2606:4700:10::6816:3181	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba19	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4 38	216.52.2.19 216.52.2.19	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
5	2606:2800:233... 2606:2800:233:1ab3:789:1032:20e3:21	15133 (EDGECAST) (EDGECAST)
12	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:808::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
4	52.37.176.195 52.37.176.195	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
2	2606:4700:303... 2606:4700:3032::ac43:9028	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 10	185.33.223.178 185.33.223.178	29990 (ASN-APPNEX) (ASN-APPNEX)
2	185.86.138.16 185.86.138.16	201081 (SMARTADSE...) (SMARTADSERVER)
2	213.19.162.41 213.19.162.41	3356 (LEVEL3) (LEVEL3)
4	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	2606:4700:e0:... 2606:4700:e0::ac40:6f08	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:e6:... 2606:4700:e6::ac40:ce03	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.210.215.45 52.210.215.45	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
36	199.232.137.44 199.232.137.44	54113 (FASTLY) (FASTLY)
2	104.111.233.227 104.111.233.227	16625 (AKAMAI-AS) (AKAMAI-AS)
3 5	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1	52.57.150.20 52.57.150.20	16509 (AMAZON-02) (AMAZON-02)
4 4	54.171.173.220 54.171.173.220	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
6 8	3.124.165.65 3.124.165.65	16509 (AMAZON-02) (AMAZON-02)
2 3	185.33.221.88 185.33.221.88	29990 (ASN-APPNEX) (ASN-APPNEX)
4 4	185.29.135.226 185.29.135.226	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 2	169.50.137.190 169.50.137.190	36351 (SOFTLAYER) (SOFTLAYER)
1	8.43.72.97 8.43.72.97	26667 (RUBICONPR...) (RUBICONPROJECT)
11 27	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
1 1	52.21.173.249 52.21.173.249	14618 (AMAZON-AES) (AMAZON-AES)
1 2	52.95.118.60 52.95.118.60	16509 (AMAZON-02) (AMAZON-02)
3	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
4 4	18.158.22.14 18.158.22.14	16509 (AMAZON-02) (AMAZON-02)
1	104.108.144.24 104.108.144.24	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	154.59.122.79 154.59.122.79	174 (COGENT-174) (COGENT-174)
4 4	213.19.147.151 213.19.147.151	26120 (RHYTHMONE) (RHYTHMONE)
4 4	185.184.8.30 185.184.8.30	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2 2	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
4 6	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
2 2	52.51.154.44 52.51.154.44	16509 (AMAZON-02) (AMAZON-02)
2 2	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
4 8	52.18.90.176 52.18.90.176	16509 (AMAZON-02) (AMAZON-02)
9	184.30.24.198 184.30.24.198	16625 (AKAMAI-AS) (AKAMAI-AS)
15	34.253.11.193 34.253.11.193	16509 (AMAZON-02) (AMAZON-02)
3 10	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1 1	46.228.164.13 46.228.164.13	56396 (TURN) (TURN)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
1	46.228.164.11 46.228.164.11	56396 (TURN) (TURN)
1 2	2606:4700::68... 2606:4700::6812:d05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
5 5	37.157.2.239 37.157.2.239	198622 (ADFORM) (ADFORM)
3 3	184.30.24.241 184.30.24.241	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6811:71bc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	70.42.32.159 70.42.32.159	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	54.226.160.243 54.226.160.243	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	3.222.149.159 3.222.149.159	14618 (AMAZON-AES) (AMAZON-AES)
1	150.136.25.38 150.136.25.38	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	169.197.150.7 169.197.150.7	398989 (DEEPINTENT) (DEEPINTENT)
1 1	64.202.112.63 64.202.112.63	23352 (SERVERCEN...) (SERVERCENTRAL)
2 2	54.93.115.47 54.93.115.47	16509 (AMAZON-02) (AMAZON-02)
2 2	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
3	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1 1	124.146.215.51 124.146.215.51	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
1	157.230.182.221 157.230.182.221	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	3.120.52.49 3.120.52.49	16509 (AMAZON-02) (AMAZON-02)
2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	151.101.13.44 151.101.13.44	54113 (FASTLY) (FASTLY)
4 7	185.64.190.79 185.64.190.79	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 14	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 2	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	185.86.138.143 185.86.138.143	201081 (SMARTADSE...) (SMARTADSERVER)
2 2	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	139.162.84.221 139.162.84.221	63949 (LINODE-AP...) (LINODE-AP Linode)
2	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
1 1	47.252.78.131 47.252.78.131	45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co.)
2	151.101.13.108 151.101.13.108	54113 (FASTLY) (FASTLY)
5 6	54.36.109.155 54.36.109.155	16276 (OVH) (OVH)
1 1	51.75.15.106 51.75.15.106	16276 (OVH) (OVH)
1 1	3.123.96.39 3.123.96.39	16509 (AMAZON-02) (AMAZON-02)
2 2	77.243.60.138 77.243.60.138	42697 (NETIC-AS) (NETIC-AS)
2 2	18.193.144.52 18.193.144.52	16509 (AMAZON-02) (AMAZON-02)
2	99.83.181.31 99.83.181.31	16509 (AMAZON-02) (AMAZON-02)
439	104

1 95.215.189.12 (Netherlands)

ASN51758 (PROCOLIX, NL)
PTR: host880.procolix.com

www.themoscowtimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 95.215.189.11 (Netherlands)

ASN51758 (PROCOLIX, NL)
PTR: host879.procolix.com

static.themoscowtimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.90.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-90-117.fra50.r.cloudfront.net

get.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2021:aa00:18:1fcd:34e:d2a1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.111.9.35 (United States)

ASN33438 (HIGHWINDS2, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.33.139.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-139-101.cph50.r.cloudfront.net

onetag-geo.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.139.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-139-117.cph50.r.cloudfront.net

signal-beacon.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.17.156 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-17-156.deploy.static.akamaitechnologies.com

chimpstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.207.42.216 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-207-42-216.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::714 (United States)

ASN54113 (FASTLY, US)

mab.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.16.175.42 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: hwcdn.net

static.vidazoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

368dc34c4e2602c35f583ea099c55052.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0d::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.90.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-90-104.fra50.r.cloudfront.net

onetag-geo-grouping.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.243.166.109 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-166-109.compute-1.amazonaws.com

servergen.vidazoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.175.245.12 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-245-12.compute-1.amazonaws.com

cms.vidazoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 13.33.139.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-139-84.cph50.r.cloudfront.net

likevertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.226.165.133 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-165-133.compute-1.amazonaws.com

pl.vidazoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba12 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

inventory.vidazoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1480:3000:e5:: (United States)

ASN33905 (AKAMAI-AMS, NL)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:b19 (United States)

ASN13335 (CLOUDFLARENET, US)

hb.adpone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:10::6816:3181 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.adtrue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00::210:ba19 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ads.projectagoraservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 216.52.2.19 (United States) 4 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gslbeacon.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vap4ams1.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:2800:233:1ab3:789:1032:20e3:21 (United States)

ASN15133 (EDGECAST, US)

video.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:808::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.37.176.195 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-37-176-195.us-west-2.compute.amazonaws.com

exchange.adtrue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3032::ac43:9028 (United States)

ASN13335 (CLOUDFLARENET, US)

projectagora.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.33.223.178 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.138.16 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.162.41 (United Kingdom)

ASN3356 (LEVEL3, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e0::ac40:6f08 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-adtrue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:e6::ac40:ce03 (United States)

ASN13335 (CLOUDFLARENET, US)

projectagoralibs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.210.215.45 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-215-45.eu-west-1.compute.amazonaws.com

projectagora-483829-hdb.adomik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 199.232.137.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images-c.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.233.227 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-227.deploy.static.akamaitechnologies.com

pxdrop.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.227.248.159 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.57.150.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.171.173.220 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.124.165.65 (Frankfurt am Main, Germany) 6 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.88 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.29.135.226 (United Kingdom) 4 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.50.137.190 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: be.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.43.72.97 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 216.58.212.130 (Mountain View, United States) 11 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.21.173.249 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.118.60 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.149 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.158.22.14 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.108.144.24 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-144-24.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.59.122.79 (United States) 1 redirects

ASN174 (COGENT-174, US)

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.19.147.151 (United Kingdom) 4 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.184.8.30 (Amsterdam, Netherlands) 4 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-30.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:f916:5049:f87f:108e (United States) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 198.148.27.139 (New York, United States) 4 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.51.154.44 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-154-44.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.129 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.18.90.176 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)

data.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 184.30.24.198 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-198.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 34.253.11.193 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.98.64.218 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.13 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.11 (United Kingdom)

ASN56396 (TURN, GB)

r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:d05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.159.93 (Germany) 2 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.2.239 (Denmark) 5 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.30.24.241 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-241.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:71bc (United States)

ASN13335 (CLOUDFLARENET, US)

www.who.int	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.159 (United States) 1 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.226.160.243 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.222.149.159 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-149-159.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 150.136.25.38 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.63 (United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.93.115.47 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-115-47.eu-central-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
e1.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.51 (Setagaya-ku, Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.230.182.221 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

bisdr.vidazoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.52.49 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-52-49.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.13.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.64.190.79 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.110 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 141.226.228.48 (Netherlands) 4 redirects

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.80 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.138.143 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.163 (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.162.84.221 (Tokyo, Japan) 2 redirects

ASN63949 (LINODE-AP Linode, LLC, US)

s.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.252.78.131 (United States) 1 redirects

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)

event.clientgear.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.13.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.36.109.155 (France) 5 redirects

ASN16276 (OVH, FR)

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.75.15.106 (France) 1 redirects

ASN16276 (OVH, FR)

cookie-matching.mediarithmics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.123.96.39 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-96-39.eu-central-1.compute.amazonaws.com

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.243.60.138 (Aalborg, Denmark) 2 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.193.144.52 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-144-52.eu-central-1.compute.amazonaws.com

a.sportradarserving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.83.181.31 (United States)

ASN16509 (AMAZON-02, US)

connect-metrics-collector.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
signal-metrics-collector-beta.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	taboola.com 4 redirects cdn.taboola.com trc.taboola.com images-c.taboola.com images.taboola.com sync.taboola.com match.taboola.com sync-t1.taboola.com	593 KB
44	doubleclick.net 11 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	417 KB
40	lijit.com 4 redirects ap.lijit.com gslbeacon.lijit.com vap4ams1.lijit.com pxdrop.lijit.com ce.lijit.com	94 KB
39	googlesyndication.com 1 redirects 368dc34c4e2602c35f583ea099c55052.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com	195 KB
26	pubmatic.com 7 redirects hbopenbid.pubmatic.com ads.pubmatic.com image6.pubmatic.com image8.pubmatic.com image2.pubmatic.com simage2.pubmatic.com	102 KB
23	gstatic.com fonts.gstatic.com www.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com	323 KB
21	themoscowtimes.com www.themoscowtimes.com static.themoscowtimes.com	1 MB
19	twitter.com platform.twitter.com syndication.twitter.com	804 KB
16	likevertising.com likevertising.com	104 KB
15	gumgum.com rtb.gumgum.com	5 KB
15	adnxs.com 4 redirects ib.adnxs.com secure.adnxs.com acdn.adnxs.com	46 KB
12	vidazoo.com static.vidazoo.com servergen.vidazoo.com cms.vidazoo.com pl.vidazoo.com inventory.vidazoo.com bisdr.vidazoo.com	195 KB
11	s-onetag.com get.s-onetag.com onetag-geo.s-onetag.com signal-beacon.s-onetag.com onetag-geo-grouping.s-onetag.com connect-metrics-collector.s-onetag.com signal-metrics-collector-beta.s-onetag.com	25 KB
10	openx.net 3 redirects us-u.openx.net eu-u.openx.net u.openx.net	2 KB
10	adtrue.com cdn.adtrue.com exchange.adtrue.com	180 KB
9	twimg.com cdn.syndication.twimg.com pbs.twimg.com video.twimg.com	563 KB
8	adsrvr.org 4 redirects data.adsrvr.org match.adsrvr.org	3 KB
8	bidswitch.net 6 redirects x.bidswitch.net	2 KB
8	googletagservices.com www.googletagservices.com	247 KB
7	google.com 1 redirects ampcid.google.com adservice.google.com www.google.com	1 KB
6	id5-sync.com 5 redirects id5-sync.com	9 KB
6	contextweb.com 4 redirects bh.contextweb.com	2 KB
6	criteo.com 2 redirects bidder.criteo.com gum.criteo.com dis.criteo.com	1 KB
6	rubiconproject.com fastlane.rubiconproject.com pixel-us-east.rubiconproject.com pixel-eu.rubiconproject.com pixel.rubiconproject.com	4 KB
6	adpone.com hb.adpone.com	526 KB
5	adform.net 5 redirects c1.adform.net	3 KB
5	tapad.com 3 redirects pixel.tapad.com	2 KB
5	googletagmanager.com www.googletagmanager.com	193 KB
4	criteo.net static.criteo.net	103 KB
4	creativecdn.com 4 redirects creativecdn.com	1 KB
4	mfadsrvr.com 4 redirects rtb.mfadsrvr.com	2 KB
4	mathtag.com 4 redirects sync.mathtag.com	2 KB
4	crwdcntrl.net 4 redirects bcp.crwdcntrl.net sync.crwdcntrl.net	3 KB
4	smartadserver.com prg.smartadserver.com rtb-csync.smartadserver.com	5 KB
4	google-analytics.com www.google-analytics.com	57 KB
4	fontawesome.com use.fontawesome.com	173 KB
3	emxdgt.com cs.emxdgt.com e1.emxdgt.com	81 B
3	casalemedia.com 3 redirects ssum-sec.casalemedia.com	3 KB
3	turn.com 2 redirects d.turn.com ad.turn.com r.turn.com	1 KB
3	1rx.io 3 redirects sync.1rx.io	2 KB
3	cdn-adtrue.com cdn-adtrue.com	28 KB
3	google.de adservice.google.de ampcid.google.de www.google.de	557 B
3	chartbeat.com static.chartbeat.com mab.chartbeat.com	24 KB
2	sportradarserving.com 2 redirects a.sportradarserving.com	1 KB
2	bttrack.com bttrack.com	760 B
2	appier.net 2 redirects s.c.appier.net	721 B
2	semasio.net uipglob.semasio.net Failed	1 KB
2	3lift.com 2 redirects eb2.3lift.com	948 B
2	everesttech.net 2 redirects sync-tm.everesttech.net	627 B
2	360yield.com 2 redirects ad.360yield.com	618 B
2	adition.com 2 redirects dsp.adfarm1.adition.com	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	2 KB
2	rfihub.com 2 redirects p.rfihub.com	1 KB
2	bidr.io 2 redirects match.prod.bidr.io	1018 B
2	quantserve.com 2 redirects pixel.quantserve.com	1008 B
2	sitescout.com 1 redirects pixel-sync.sitescout.com	461 B
2	amazon-adsystem.com 1 redirects aax-eu.amazon-adsystem.com	474 B
2	simpli.fi 1 redirects um.simpli.fi	841 B
2	adomik.com projectagora-483829-hdb.adomik.com	206 B
2	projectagoralibs.com projectagoralibs.com	3 KB
2	projectagora.net projectagora.net	207 KB
2	google.be adservice.google.be	964 B
2	projectagoraservices.com ads.projectagoraservices.com	10 KB
2	facebook.com www.facebook.com	198 B
2	facebook.net connect.facebook.net	97 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	creative-serving.com 1 redirects ads.creative-serving.com	435 B
1	mediarithmics.com 1 redirects cookie-matching.mediarithmics.com	313 B
1	clientgear.com 1 redirects event.clientgear.com	260 B
1	socdm.com 1 redirects tg.socdm.com	697 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	585 B
1	zemanta.com 1 redirects b1sync.zemanta.com	288 B
1	deepintent.com match.deepintent.com	44 B
1	technoratimedia.com sync.technoratimedia.com	294 B
1	ipredictive.com 1 redirects sync.ipredictive.com	428 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com	829 B
1	stackadapt.com sync.srv.stackadapt.com	168 B
1	outbrain.com 1 redirects sync.outbrain.com	627 B
1	who.int www.who.int	116 KB
1	acuityplatform.com 1 redirects ums.acuityplatform.com	609 B
1	media.net contextual.media.net	371 B
1	clickagy.com 1 redirects aorta.clickagy.com	664 B
1	eyeota.net ps.eyeota.net	344 B
1	chartbeat.net ping.chartbeat.net	169 B
1	chimpstatic.com chimpstatic.com	577 B
1	jquery.com code.jquery.com	29 KB
1	onesignal.com cdn.onesignal.com	3 KB
0	wbtrk.net Failed um.wbtrk.net Failed
439	88

	Domain	Requested by
27	cm.g.doubleclick.net	11 redirects gslbeacon.lijit.com www.themoscowtimes.com 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com us-u.openx.net rtb.gumgum.com f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
20	ce.lijit.com	2 redirects likevertising.com gslbeacon.lijit.com us-u.openx.net rtb.gumgum.com
20	tpc.googlesyndication.com	1 redirects securepubads.g.doubleclick.net tpc.googlesyndication.com 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
20	static.themoscowtimes.com	www.themoscowtimes.com static.themoscowtimes.com
18	cdn.taboola.com	likevertising.com cdn.taboola.com
16	likevertising.com	www.themoscowtimes.com likevertising.com
16	platform.twitter.com	www.themoscowtimes.com platform.twitter.com
15	rtb.gumgum.com	gslbeacon.lijit.com rtb.gumgum.com
15	ap.lijit.com	2 redirects likevertising.com ap.lijit.com gslbeacon.lijit.com
14	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com www.themoscowtimes.com
14	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.themoscowtimes.com likevertising.com f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
11	fonts.gstatic.com	fonts.googleapis.com
10	sync.taboola.com	4 redirects
10	trc.taboola.com	cdn.taboola.com
10	ib.adnxs.com	2 redirects projectagora.net cdn.adtrue.com acdn.adnxs.com
9	ads.pubmatic.com	gslbeacon.lijit.com ads.pubmatic.com rtb.gumgum.com cdn.adtrue.com
8	x.bidswitch.net	6 redirects gslbeacon.lijit.com rtb.gumgum.com
8	www.googletagservices.com	www.themoscowtimes.com securepubads.g.doubleclick.net 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
7	image8.pubmatic.com	4 redirects
7	match.adsrvr.org	4 redirects 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com us-u.openx.net rtb.gumgum.com
6	id5-sync.com	5 redirects
6	images-c.taboola.com	likevertising.com
6	us-u.openx.net	3 redirects gslbeacon.lijit.com us-u.openx.net
6	bh.contextweb.com	4 redirects
6	cdn.adtrue.com	likevertising.com exchange.adtrue.com www.themoscowtimes.com
6	hb.adpone.com	likevertising.com
5	c1.adform.net	5 redirects
5	pixel.tapad.com	3 redirects likevertising.com www.themoscowtimes.com
5	video.twimg.com	platform.twitter.com
5	static.vidazoo.com	code.jquery.com static.vidazoo.com
5	onetag-geo.s-onetag.com	get.s-onetag.com signal-beacon.s-onetag.com
5	www.googletagmanager.com	www.themoscowtimes.com cdn-adtrue.com www.googletagmanager.com
4	sync-t1.taboola.com
4	static.criteo.net	cdn.adtrue.com static.criteo.net
4	creativecdn.com	4 redirects
4	rtb.mfadsrvr.com	4 redirects
4	sync.mathtag.com	4 redirects
4	www.gstatic.com	f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
4	hbopenbid.pubmatic.com	projectagora.net cdn.adtrue.com
4	exchange.adtrue.com	www.themoscowtimes.com cdn.adtrue.com
4	www.google-analytics.com	www.googletagmanager.com www.themoscowtimes.com
4	use.fontawesome.com	static.themoscowtimes.com use.fontawesome.com
3	ssum-sec.casalemedia.com	3 redirects
3	sync.1rx.io	3 redirects
3	secure.adnxs.com	2 redirects gslbeacon.lijit.com
3	encrypted-tbn3.gstatic.com	f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
3	bcp.crwdcntrl.net	3 redirects
3	cdn-adtrue.com	exchange.adtrue.com likevertising.com
3	pbs.twimg.com	platform.twitter.com
3	servergen.vidazoo.com	static.vidazoo.com
3	www.google.com	1 redirects www.themoscowtimes.com f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
3	syndication.twitter.com	platform.twitter.com
3	adservice.google.com	securepubads.g.doubleclick.net
2	a.sportradarserving.com	2 redirects
2	acdn.adnxs.com	cdn.adtrue.com
2	bttrack.com	cdn.taboola.com
2	s.c.appier.net	2 redirects
2	uipglob.semasio.net
2	dis.criteo.com	2 redirects
2	e1.emxdgt.com
2	rtb-csync.smartadserver.com
2	simage2.pubmatic.com	1 redirects
2	pixel.rubiconproject.com
2	u.openx.net
2	match.taboola.com
2	image2.pubmatic.com	2 redirects
2	images.taboola.com	likevertising.com
2	gum.criteo.com	static.criteo.net
2	image6.pubmatic.com	ads.pubmatic.com
2	eb2.3lift.com	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	ad.360yield.com	2 redirects
2	eu-u.openx.net	us-u.openx.net
2	dsp.adfarm1.adition.com	2 redirects
2	p.rfihub.com	2 redirects
2	match.prod.bidr.io	2 redirects
2	pixel.quantserve.com	2 redirects
2	pixel-sync.sitescout.com	1 redirects f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
2	aax-eu.amazon-adsystem.com	1 redirects gslbeacon.lijit.com
2	um.simpli.fi	1 redirects gslbeacon.lijit.com
2	encrypted-tbn2.gstatic.com	f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
2	encrypted-tbn0.gstatic.com	f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
2	pxdrop.lijit.com	www.themoscowtimes.com
2	googleads.g.doubleclick.net	4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
2	bidder.criteo.com	cdn.adtrue.com
2	vap4ams1.lijit.com	likevertising.com
2	projectagora-483829-hdb.adomik.com
2	projectagoralibs.com	ads.projectagoraservices.com
2	fastlane.rubiconproject.com	projectagora.net
2	prg.smartadserver.com	projectagora.net
2	projectagora.net	ads.projectagoraservices.com
2	4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	adservice.google.be	securepubads.g.doubleclick.net
2	ads.projectagoraservices.com	likevertising.com
2	www.facebook.com	connect.facebook.net
2	onetag-geo-grouping.s-onetag.com	signal-beacon.s-onetag.com
2	connect.facebook.net	www.themoscowtimes.com connect.facebook.net
2	fonts.googleapis.com	static.themoscowtimes.com f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
2	static.chartbeat.com	www.themoscowtimes.com
1	signal-metrics-collector-beta.s-onetag.com	signal-beacon.s-onetag.com
1	connect-metrics-collector.s-onetag.com	get.s-onetag.com
1	ads.creative-serving.com	1 redirects
1	sync.crwdcntrl.net	1 redirects
1	cookie-matching.mediarithmics.com	1 redirects
1	event.clientgear.com	1 redirects
1	bisdr.vidazoo.com	static.vidazoo.com
1	tg.socdm.com	1 redirects
1	cs.emxdgt.com	rtb.gumgum.com
1	sync.targeting.unrulymedia.com	1 redirects
1	b1sync.zemanta.com	1 redirects
1	match.deepintent.com	rtb.gumgum.com
1	sync.technoratimedia.com	rtb.gumgum.com
1	sync.ipredictive.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	sync.srv.stackadapt.com	rtb.gumgum.com
1	sync.outbrain.com	1 redirects
1	www.who.int	likevertising.com
1	s.tribalfusion.com	www.themoscowtimes.com
1	a.tribalfusion.com	1 redirects
1	r.turn.com	www.themoscowtimes.com
1	ad.turn.com	1 redirects
1	d.turn.com	1 redirects
1	data.adsrvr.org	gslbeacon.lijit.com
1	ums.acuityplatform.com	1 redirects
1	contextual.media.net	gslbeacon.lijit.com
1	pixel-eu.rubiconproject.com	gslbeacon.lijit.com
1	aorta.clickagy.com	1 redirects
1	pixel-us-east.rubiconproject.com	gslbeacon.lijit.com
1	encrypted-tbn1.gstatic.com	f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
1	ps.eyeota.net	likevertising.com
1	gslbeacon.lijit.com	ap.lijit.com
1	inventory.vidazoo.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	pl.vidazoo.com	static.vidazoo.com
1	cms.vidazoo.com	static.vidazoo.com
1	www.google.de	www.themoscowtimes.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	ampcid.google.de	www.google-analytics.com
1	368dc34c4e2602c35f583ea099c55052.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	ampcid.google.com	www.google-analytics.com
1	mab.chartbeat.com	static.chartbeat.com
1	ping.chartbeat.net	www.themoscowtimes.com
1	chimpstatic.com	www.themoscowtimes.com
1	signal-beacon.s-onetag.com	get.s-onetag.com
1	code.jquery.com	www.themoscowtimes.com
1	cdn.onesignal.com	www.themoscowtimes.com
1	get.s-onetag.com	www.themoscowtimes.com
1	www.themoscowtimes.com
0	um.wbtrk.net Failed	f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
439	151

This site contains links to these domains. Also see Links.

Domain
offline.themoscowtimes.com
mothersanddaughters.themoscowtimes.com
generationp.themoscowtimes.com
vtimes.io
www.facebook.com
twitter.com
telegram.me
wa.me
www.interfax.ru
www.mos-gorsud.ru
www.rferl.org
apnews.com
www.instagram.com
vk.com
www.youtube.com
thebarentsobserver.com
codastory.com
carnegie.ru
www.bni.com
stichting2oktober.org

Subject Issuer	Validity	Valid
themoscowtimes.com Sectigo RSA Domain Validation Secure Server CA	`2021-01-21` - `2022-02-11`	a year	crt.sh
static.themoscowtimes.com R3	`2021-04-01` - `2021-06-30`	3 months	crt.sh
*.s-onetag.com Amazon	`2021-02-03` - `2022-03-04`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-04` - `2021-08-04`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2020-06-01` - `2021-06-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-12-14`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-02-10` - `2021-05-10`	3 months	crt.sh
wildcardsan.us15.list-manage.com DigiCert SHA2 Secure Server CA	`2021-01-11` - `2022-01-17`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2020-12-01` - `2021-12-30`	a year	crt.sh
*.vidazoo.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-24` - `2022-04-24`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
www.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
cms.vidazoo.com R3	`2021-03-19` - `2021-06-17`	3 months	crt.sh
likevertising.com Amazon	`2020-09-24` - `2021-10-26`	a year	crt.sh
pl.vidazoo.com R3	`2021-03-18` - `2021-06-16`	3 months	crt.sh
pbs.twimg.com DigiCert SHA2 High Assurance Server CA	`2020-08-05` - `2021-08-10`	a year	crt.sh
*.adtrue.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-08-14`	2 years	crt.sh
paadserver.projectagora.info R3	`2021-02-25` - `2021-05-26`	3 months	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2020-03-11` - `2021-05-10`	a year	crt.sh
*.google.be GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.adomik.com Amazon	`2021-03-03` - `2022-04-01`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
cert1.a2.atm.aqfer.net R3	`2021-04-07` - `2021-07-06`	3 months	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2020-10-05` - `2021-11-06`	a year	crt.sh
*.eyeota.net R3	`2021-02-28` - `2021-05-29`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2021-04-09` - `2022-03-20`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.gumgum.com Amazon	`2020-07-03` - `2021-08-03`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.turn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-31` - `2022-03-31`	a year	crt.sh
*.srv.stackadapt.com Amazon	`2020-12-09` - `2022-01-07`	a year	crt.sh
*.technoratimedia.com DigiCert SHA2 High Assurance Server CA	`2020-07-28` - `2021-10-01`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2020-05-18` - `2021-07-17`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-29` - `2022-03-29`	a year	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2021-03-16` - `2022-03-17`	a year	crt.sh
*.id5-sync.com R3	`2021-03-23` - `2021-06-21`	3 months	crt.sh

This page contains 59 frames:

Primary Page: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Frame ID: 62E88471174B5C13BAC27E41E491E01E
Requests: 95 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.63899b173766ee6f8a729a72b542b0fb.html?origin=https%3A%2F%2Fwww.themoscowtimes.com
Frame ID: ABC9E83462EB17447A3EBBA9CFA95375
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
Frame ID: 042043D97A8B592757678C6E6D84C150
Requests: 24 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstsBoL0nDY-5Q5hn1Tb2OqJRw76_eQCFWbXlj0NTMVuE7V7CECecsIGztcXOTlxypkjWOrAK4Mp3MU6z8GtNDiwZ-khRMeriUoC8FFCPtE0pizHNYQJ9RdvzmkGioyluKqH7HZkll-3YZfkn2Od99vZMUbfNN4vpva-0TcotZgTRNnB_OnXPWroIunDvg-Damdw_ylYJpJ_YA1w0FLyPcnfPZDBDmPHcj_koQbr0ogLt7NqIlBTIUZ3pam_9OHNOgj4_8eulk5Qatw_oMNDQeJml-9acF16iVoW_J3HAZColOVhT2i0geFQrdasDXTvEM5MeSsC&sai=AMfl-YRwe4u1NNLdj8Wm4LR-FtDQpg5g6Q_cP9EJobMWTywvpqLbU4sFAI9FiEp5kafNX508zw4b8SQ-FbcPNhdMf8P9qGUJF3yl9TLeHMNRkttUOx_DKfDr28gjPgCVOKC0&sig=Cg0ArKJSzOjHCRXwVvmUEAE&urlfix=1&adurl=
Frame ID: 3F0904B9E6357C816C1372CB5F8A06A1
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvXQrsUMov3XaPKDIbEjVAbQorU2pbTBKsgfN54hEruVQD55SfDfZt5heX6xjfY8GeyFdVp0Pebt3VgVMiRRR4pcQeIcWVEIGphNh0f_8Ctdu9qGINbO-Ka6pu0mYObbJe6hlJNNPIqN7WwHmK2DgtIyW3Bn0ahiLuax04Ce_AW1RM31AihosNQRNveBpUE3_I9FieNvz9zCx08e-Mzt7Ez_QBh5kU95qRWcUi1HorUQKOQABJeA8IRwirJlzkKZsELU4ZPmuyZc8XBZTktTSgpzNW1jreRQFrafu1TBiDP93MsqWJoLPG341Iw_97wpCWUs48A700&sai=AMfl-YQw-YRbWeDAi3ULw5CDH3wH1MR1u4BWXEJWPQTPjDXtbFP630KpksBjHlRtMXUB84fu8E7BdHAR-ODS9si5ghloHNyPCh4xYTa3gDHh0cnFy-GETKxLx48U_dPP-OjV&sig=Cg0ArKJSzFxymzmQykoiEAE&urlfix=1&adurl=
Frame ID: F48CFF69AD017B615015772C55515587
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 63536F841979C22E19AA5FD06CE7BF09
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 39C602C0C89DC6B4F4C4918F800F6740
Requests: 11 HTTP requests in this frame

Frame: https://likevertising.com/async_usersync?i=ozq8lklz3e1znpqig3c&a=3f438269c50c900a489ac681b8b2a85d5&cb=1289791618588125757
Frame ID: B1F94ECD625B011EA626634E86CB83B3
Requests: 2 HTTP requests in this frame

Frame: https://likevertising.com/async_usersync?i=ozq8lklz3e1znpqig3c&a=6edc5c89447c574ef4cea93f1f2f891a7&cb=6250641618588125759
Frame ID: 09EE72AC0A39DB56E51D7A786BA22515
Requests: 2 HTTP requests in this frame

Frame: https://likevertising.com/usersync?i=ozq8lklz3e1znpqig3c&a=0663c4e8643197170d2aea8d47191c277&cb=7319591618588125763
Frame ID: 96FD0AF2B62E9C5D0ECE6EE0E9FBBFE3
Requests: 2 HTTP requests in this frame

Frame: https://likevertising.com/usync?i=ozq8lklz3e1znpqig3c&a=212f87a9373ade82747a9703475edc409&cb=4518051618588125764
Frame ID: 3ADCB7470E85AFD319ECCE42BE71BE57
Requests: 12 HTTP requests in this frame

Frame: https://likevertising.com/usersync?i=ozq8lklz3e1znpqig3c&a=87a35e76bc314113496756222bdcb5fa5&cb=6581331618588125765
Frame ID: 209B2183BA8B52624A67BC9EFE27A351
Requests: 9 HTTP requests in this frame

Frame: https://likevertising.com/usync?i=ozq8lklz3e1znpqig3c&a=4f4a4c72e5d91df7438c43d8a6ef40cd1&cb=7651761618588125766
Frame ID: CC12139FAAD636D62A82B883CC4765D2
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 88A1102F33A73C17A2104916AA11C339
Requests: 11 HTTP requests in this frame

Frame: https://likevertising.com/stats?i=b2q9ssvr0rctu7elxrne&a=42995271e73e9db492ff35b40498d85b5&cb=7250621618588125779
Frame ID: BED456AC2B662844CEE4E623387C0DFE
Requests: 2 HTTP requests in this frame

Frame: https://likevertising.com/counter?i=b2q9ssvr0rctu7elxrne&a=798b3c9db127d443eca7398dcf6ff2539&cb=9925431618588125781
Frame ID: D4DD1768C09EFB0FBF02AC5681BB2BFC
Requests: 10 HTTP requests in this frame

Frame: https://likevertising.com/stat?i=b2q9ssvr0rctu7elxrne&a=381b3593439a32d7eb976a934b5655d61&cb=5515571618588125783
Frame ID: E8AD1EE7945C37DBE8D0E7B99F6C9FF9
Requests: 2 HTTP requests in this frame

Frame: https://likevertising.com/usersync?i=b2q9ssvr0rctu7elxrne&a=56a2b13f3aa682806e16e152c8c768697&cb=2070681618588125785
Frame ID: 4125C8B39EE6D06C91F97E1498FE2494
Requests: 2 HTTP requests in this frame

Frame: https://likevertising.com/counter?i=b2q9ssvr0rctu7elxrne&a=71fe11d01084140e99d087fe51ae4cfc5&cb=7702561618588125786
Frame ID: 5D7A5BA15B9A7525BCB87DA5D61599E8
Requests: 2 HTTP requests in this frame

Frame: https://likevertising.com/sync?i=b2q9ssvr0rctu7elxrne&a=6965507efc6b22ad0bb46f9e614d09d69&cb=7024631618588125787
Frame ID: 105F4363C9D04EF4A3D7F8FA89DD74BA
Requests: 9 HTTP requests in this frame

Frame: https://exchange.adtrue.com/delivery/impress?pzoneid=17495&ref=https%3A%2F%2Fwww.themoscowtimes.com%2F&cb=1995951483&timeZone=2&adWidth=300&adHeight=250&loc=https://www.themoscowtimes.com/
Frame ID: C1DB0E5DD71C24C6352B182727A6EAFC
Requests: 11 HTTP requests in this frame

Frame: https://exchange.adtrue.com/delivery/impress?pzoneid=17496&ref=https%3A%2F%2Fwww.themoscowtimes.com%2F&cb=3576286728&timeZone=2&adWidth=728&adHeight=90&loc=https://www.themoscowtimes.com/
Frame ID: 9BF77B72E78011775423C78EB76810DA
Requests: 11 HTTP requests in this frame

Frame: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: CA3E3FF846F8EE3CB8027E850D117707
Requests: 10 HTTP requests in this frame

Frame: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 7A40B57A526AD7915D650AE9EE67182F
Requests: 25 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 1AE9A2FAA52BBF35B0378DA8E9EDDCCD
Requests: 2 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: 842B3B9CABC7F3D82F8C90C7AF1C6DCC
Requests: 15 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: E226613AC4AE872F7D7C743A17C94CCC
Requests: 19 HTTP requests in this frame

Frame: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Frame ID: D3DDAE717718FBCE0F8F751821DBA983
Requests: 23 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: F971DC04BA57EA1410D5E2FF60124D23
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 946F424340F8390EC447091AEA6DBBAF
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0F83533981E61A00852370F9882EC022
Requests: 9 HTTP requests in this frame

Frame: https://cdn.adtrue.com/rtb/passback.js
Frame ID: 96D9278A1EB3A80361B65C4A7DE6C591
Requests: 3 HTTP requests in this frame

Frame: https://cdn.adtrue.com/rtb/passback.js
Frame ID: 1E36E87BD871D91DA31E9294C3D3B782
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Frame ID: FF6EA90E15F071597507EA79D053C153
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Frame ID: ECBCC0268623D45C222C4FF65C903A0D
Requests: 15 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Frame ID: C7CCAC01204C5FAE16D919F83B69D435
Requests: 8 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Frame ID: B22D68CAE68B6B941AF7802CC794F587
Requests: 1 HTTP requests in this frame

Frame: https://ce.lijit.com/merge?pid=1&3pid=7717151559607682856&gdpr=1&gdpr_consent=
Frame ID: 93F599EC5AC26173DE2A586B3DA3F5F1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 13AF4224D19D6E2113ED7272833BAE5C
Requests: 9 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: B9FFDAD12483BC8EF3FC6DF93D26EF21
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 59384C1D13062381EE28E2BD1E57E42B
Requests: 3 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=6a796079-b1e0-4400-90cb-e1c53ed31491&gdpr=1&gdpr_consent=
Frame ID: 265B1F1D448E9290246F511A85B90C6C
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YHmx4QAAJ8GhbAAC&gdpr=1&gdpr_consent=&_test=YHmx4QAAJ8GhbAAC
Frame ID: C6A64682A54D40ED5AE81BF094E4171A
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wYzY3ZDgzYy0zNGI0LTQwZDctOWY4Zi1lNTM4NDNjZDRkNmY=&gdpr=1&gdpr_consent=&google_tc=
Frame ID: 44832E1CBAC854409AF39C5987958594
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Frame ID: 68C75D667474D2DC4DFD3097CDDAB2E1
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Frame ID: D6474D70D6D9CA3366EC8FDA0CEC6ED9
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=http%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: 6DC7A50C9D415A80EE968B96A31ADA14
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YHmx6MCo8YoAAK4nCJoAAAAA
Frame ID: 64EADDB64A1530799F44F9596A34FE9B
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=zet&i=1870471594334026212
Frame ID: BE321A11AF974C87200A85C99941515B
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=25HJhndzcYwQ1eV5GPkX&pi=gumgum&tc=1
Frame ID: 871B5530FDBDE86DDCCAE02BABBDF75E
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: F7F698A28B54765708D1628FF8C75A38
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=www.themoscowtimes.com
Frame ID: 1DCDE2A68B9EC24E3CAAF87B14439084
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=www.themoscowtimes.com
Frame ID: 99A546301B6C80411EE5971E8508AC82
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&tbid=29febbe1-38ac-44ef-abe5-ecf8b198d057-tuct7733763&query=taboola_hm%3D14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&isDirect=0
Frame ID: E2064934FB0C8472EB3173787F31D882
Requests: 18 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 56D8D2B2FE95B8DCBAA5D6CE7D2DCB9C
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 72A2607D6D972331D7D98B95425E5F32
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 3E83DD279AF2617F762BF229784D46EE
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 8A522823DF9A7CCA2FACE6741D0D458C
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=f431c12e-7b1d-4c2d-9b71-f1200d175dfd-tuct7733763
Frame ID: BC43355C5AC407A44794B53BBC9E6569
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Debian (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Debian/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

439
Requests

99 %
HTTPS

36 %
IPv6

88
Domains

151
Subdomains

104
IPs

9
Countries

6510 kB
Transfer

19060 kB
Size

10
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://offline.themoscowtimes.com/#/
Title: TMT Offline

Search URL Search Domain Scan URL

URL: https://mothersanddaughters.themoscowtimes.com/
Title: Mothers & Daughters

Search URL Search Domain Scan URL

URL: https://generationp.themoscowtimes.com/
Title: Generation P

Search URL Search Domain Scan URL

URL: https://vtimes.io/
Title: RU

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet/?url=https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&text=%E2%80%98Putin%E2%80%99s%20Chef%E2%80%99%20Ordered%20to%20Pay%20for%20Mass%20Child%20Poisonings

Search URL Search Domain Scan URL

URL: https://telegram.me/share/url?url=https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Search URL Search Domain Scan URL

URL: https://wa.me/?text=https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Search URL Search Domain Scan URL

URL: https://www.interfax.ru/russia/682569
Title: reported

Search URL Search Domain Scan URL

URL: https://www.mos-gorsud.ru/rs/meshchanskij/services/cases/civil/details/090a83c0-bdaa-4aca-8f35-88a3c40ea66f?caseFinalRangeDateFrom=31.10.2019&caseFinalRangeDateTo=31.10.2019&formType=fullForm
Title: sued

Search URL Search Domain Scan URL

URL: https://twitter.com/SobolLubov/status/1189908746912387072
Title: said

Search URL Search Domain Scan URL

URL: https://www.rferl.org/a/russia-prigozhin-current-time-investigation-companies-state-deals/29794524.html
Title: reported

Search URL Search Domain Scan URL

URL: https://apnews.com/05cd669f634a4a23881ba8f81d4579c1
Title: reported

Search URL Search Domain Scan URL

URL: https://www.facebook.com/MoscowTimes/

Search URL Search Domain Scan URL

URL: https://twitter.com/moscowtimes

Search URL Search Domain Scan URL

URL: https://www.instagram.com/themoscowtimes/

Search URL Search Domain Scan URL

URL: https://vk.com/themoscowtimes

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCRNPdAfK5Mp8ORtjUt3Q8UA

Search URL Search Domain Scan URL

URL: https://thebarentsobserver.com/en
Title: Barents Observer

Search URL Search Domain Scan URL

URL: https://codastory.com/
Title: Coda Story

Search URL Search Domain Scan URL

URL: https://carnegie.ru/
Title: Carnegie Moscow Center

Search URL Search Domain Scan URL

URL: https://www.bni.com/
Title: BNI

Search URL Search Domain Scan URL

URL: https://stichting2oktober.org/
Title: Stichting 2 Oktober

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 241

https://pixel.tapad.com/idsync/ex/receive?partner_id=1512&partner_device_id=299a355a50ea533dacb39a5e&gdpr=1&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=299a355a50ea533dacb39a5e&gdpr=1&gdpr_consent=

Request Chain 243

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=299a355a50ea533dacb39a5e/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent= HTTP 302
https://bcp.crwdcntrl.net/5/ct=y/c=5436/tp=SVRN/tpid=299a355a50ea533dacb39a5e/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=5001&3pid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=5001&3pid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent=&dnr=1

Request Chain 258

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD7zaG5ShCwCRiwCTIIX_q0MeQbSKQ HTTP 301
https://tpc.googlesyndication.com/simgad/7928391831661038378

Request Chain 261

https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=299a355a50ea533dacb39a5e&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=3&3pid=386f6079-b1e0-4500-bd85-33a681cdb9d6&gdpr=1&gdpr_consent=

Request Chain 262

https://um.simpli.fi/lj_match?r=1618588127882&gdpr=1&gdpr_consent= HTTP 302
https://um.simpli.fi/no_match_opted_out

Request Chain 264

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=Mjk5YTM1NWE1MGVhNTMzZGFjYjM5YTVl

Request Chain 265

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=Mjk5YTM1NWE1MGVhNTMzZGFjYjM5YTVl HTTP 302
https://ap.lijit.com/dsp/google/reporting

Request Chain 266

https://aorta.clickagy.com/pixel.gif?ch=185&cm=299a355a50ea533dacb39a5e&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=84&3pid=c:5dc558eeb665d3821da1d0e958a3fa6d

Request Chain 267

https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=1&gdpr_consent= HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t

Request Chain 269

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=299a355a50ea533dacb39a5e/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=5001&3pid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent=

Request Chain 270

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=

Request Chain 271

https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=1&gdpr_consent= HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=87&3pid=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0

Request Chain 273

https://ums.acuityplatform.com/tum?umid=27&uid=299a355a50ea533dacb39a5e&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=66&3pid=573443741461 HTTP 302
https://ce.lijit.com/merge?pid=66&3pid=573443741461&dnr=1

Request Chain 274

https://sync.1rx.io/usersync2/sovrn?gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=56&3pid=OPTOUT

Request Chain 275

https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent= HTTP 302
https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent=&tc=1 HTTP 302
https://ce.lijit.com/merge?pid=86&3pid=25HJhndzcYwQ1eV5GPkX&pi=sovrn&gdpr_consent=&gdpr=1&tc=1

Request Chain 276

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=OFQSZmxVQG8jB0dvaFwIZ20AE2cjB0RpPlUh0Lxt

Request Chain 277

https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=49&3pid=PWNKDdcqs97u&ev=1&pid=558511&gdpr_consent=&gdpr=1

Request Chain 278

https://match.prod.bidr.io/cookie-sync/svr?gdpr=1&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/svr?gdpr=1&gdpr_consent=&_bee_ppp=1 HTTP 303
https://ce.lijit.com/merge?pid=85&3pid=AACKX07A82QAACq44aeSsQ&gdpr=1

Request Chain 279

https://p.rfihub.com/cm?in=1&pub=1827&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=10&3pid=1870471594334026225

Request Chain 283

https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent= HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=

Request Chain 285

https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=1&3pid=7717151559607682856&gdpr=1&gdpr_consent=

Request Chain 300

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEIv7-1Hq-lGliW-w9kGw42M&google_cver=1&google_push=AQvitULMaPUYc2dr2LK2E9jaXBNS0J4INz_jewAJ2aAGxrOytrRFf8SHkqEIXCtahIi_1Y2mnTv2NQnWyKFsm3UrmTA38_iDKQI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzU3NTg3NTExMzEwODg2NDE5OQ== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESECWQMY3N7qrmDDtu7gVjOe4&google_cver=1

Request Chain 301

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJs27TeiQ1FR67e1_EMKWwo&google_cver=1&google_push=AQvitUJnarW4BrfvrXxeorWECmcxl8EfpzCvdFuWk9Ln06y_4NzetnFi2WuVeOHF3yGMNpDEyj10swbDxgPo4L-AQb01ovONxS8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUJnarW4BrfvrXxeorWECmcxl8EfpzCvdFuWk9Ln06y_4NzetnFi2WuVeOHF3yGMNpDEyj10swbDxgPo4L-AQb01ovONxS8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUJnarW4BrfvrXxeorWECmcxl8EfpzCvdFuWk9Ln06y_4NzetnFi2WuVeOHF3yGMNpDEyj10swbDxgPo4L-AQb01ovONxS8&google_tc=

Request Chain 302

https://a.tribalfusion.com/i.match?p=b6&u=CAESEBEtujKrF4v-fJa4Gt-LYHc&google_cver=1&google_push=AQvitUIB1YFoCcy2xLq1JGiZJQ0Qkzm4--p8AGPMKOVaCWNxMdddDZc2ZT3sBa-ZZ6UpimTz-n0XsQNPrjjIIfmop9jnYq78gOru&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUIB1YFoCcy2xLq1JGiZJQ0Qkzm4--p8AGPMKOVaCWNxMdddDZc2ZT3sBa-ZZ6UpimTz-n0XsQNPrjjIIfmop9jnYq78gOru%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBEtujKrF4v-fJa4Gt-LYHc&google_cver=1&google_push=AQvitUIB1YFoCcy2xLq1JGiZJQ0Qkzm4--p8AGPMKOVaCWNxMdddDZc2ZT3sBa-ZZ6UpimTz-n0XsQNPrjjIIfmop9jnYq78gOru&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUIB1YFoCcy2xLq1JGiZJQ0Qkzm4--p8AGPMKOVaCWNxMdddDZc2ZT3sBa-ZZ6UpimTz-n0XsQNPrjjIIfmop9jnYq78gOru%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 304

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEE_x_4881QvM4MzN6jTZS9w&google_cver=1&google_push=AQvitUK1krtq1SuBLmh_S6mwt5Fo8d8hnXo1j63OF0BB9UsCRPQlZp13NNBg0MEN0JRvdtlgYigBJW4paWNzmYfE3WBOX6hSwhw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk1MTc4MzA3NTQ3OTg3Nzc4MA%3D%3D&google_push=AQvitUK1krtq1SuBLmh_S6mwt5Fo8d8hnXo1j63OF0BB9UsCRPQlZp13NNBg0MEN0JRvdtlgYigBJW4paWNzmYfE3WBOX6hSwhw

Request Chain 305

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEG3Me7BcUmW9a6lWc-pyPPM&google_cver=1&google_push=AQvitUJfQS1DsBZawfbITt1pzRQNEDQbW5b-MfuysoJG3GChX5B_OkQ_BsItST9EbnkLrwZoszJYK8wD7CxFLunV0eM8oNqqvbY HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEG3Me7BcUmW9a6lWc-pyPPM&google_cver=1&google_push=AQvitUJfQS1DsBZawfbITt1pzRQNEDQbW5b-MfuysoJG3GChX5B_OkQ_BsItST9EbnkLrwZoszJYK8wD7CxFLunV0eM8oNqqvbY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDY1MTk3MjQ1NzM1NTMzMTAzMQ&google_push=AQvitUJfQS1DsBZawfbITt1pzRQNEDQbW5b-MfuysoJG3GChX5B_OkQ_BsItST9EbnkLrwZoszJYK8wD7CxFLunV0eM8oNqqvbY

Request Chain 306

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJydzknH_q4NVl0fxCBGopY&google_cver=1&google_push=AQvitUIxYwDY0Arw24hYXaa8C3GP9_p5rZkWsnZRgnN83C7JmlboE2vVngt0LJGo7o6fcHE9yHPVYlFe5lsGxiQSQc7ebI2jaEE HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJydzknH_q4NVl0fxCBGopY&google_cver=1&google_push=AQvitUIxYwDY0Arw24hYXaa8C3GP9_p5rZkWsnZRgnN83C7JmlboE2vVngt0LJGo7o6fcHE9yHPVYlFe5lsGxiQSQc7ebI2jaEE&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHmx4LnnDUiwr-1b882MogAABHYAAAAB&google_push=AQvitUIxYwDY0Arw24hYXaa8C3GP9_p5rZkWsnZRgnN83C7JmlboE2vVngt0LJGo7o6fcHE9yHPVYlFe5lsGxiQSQc7ebI2jaEE&google_gid=CAESEJydzknH_q4NVl0fxCBGopY&google_cver=1

Request Chain 309

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 316

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=6a796079-b1e0-4400-90cb-e1c53ed31491

Request Chain 317

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=zCncd5gojn7Xfdt_my_GfMwviS3XLdl8yHogNxy8

Request Chain 318

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4188996197613463029

Request Chain 320

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MWM0MGNkZGUtZWE1Ny02NWY4LTU5NWItYTAyYTI5N2ZjOGRk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MWM0MGNkZGUtZWE1Ny02NWY4LTU5NWItYTAyYTI5N2ZjOGRk&google_tc=

Request Chain 321

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc= HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMdncsuQCf2I0fAsO3ORRyw&google_cver=1

Request Chain 322

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dapn%26i%3D%24UID HTTP 302
https://rtb.gumgum.com/usersync?b=apn&i=8439287491051979253

Request Chain 324

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=1&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28kTuky4lY8HOK-m1ApWGIbmgTrzC8ikGbZ-03SddKoCuE3tu_9czd0BeS9wzMiIoG%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28kTuky4lY8HOK-m1ApWGIbmgTrzC8ikGbZ-03SddKoCuE3tu_9czd0BeS9wzMiIoG%29

Request Chain 325

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=opx&i=88a7d659-cc97-48bb-8ec2-9da6871f99a7

Request Chain 327

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=oth&i=y-NPVSjp9E2pfvcJVntrR_lH92cASi6q4Cy8ky~A

Request Chain 328

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=vnt&i=409e7bf4-9ecb-11eb-957b-dfbe397b0a47

Request Chain 331

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_0c67d83c-34b4-40d7-9f8f-e53843cd4d6f&gdpr=1&gdpr_consent=&us_privacy= HTTP 302
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1

Request Chain 332

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://rtb.gumgum.com/usersync?b=idi&i=3ae97653-8e89-4a47-8e48-4ed55d65e5a2

Request Chain 333

https://sync.1rx.io/usersync2/floor6&gdpr=1&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4046246586 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4046246586 HTTP 302
https://sync.1rx.io/usersync/tradedesk/e108d097-6e57-45fe-ae30-e908027a76de HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-96f5bfbf-a74c-4a2a-b940-b545228bf75d-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-96f5bfbf-a74c-4a2a-b940-b545228bf75d-003 HTTP 302
https://rtb.gumgum.com/usersync?b=rhy&i=RX-96f5bfbf-a74c-4a2a-b940-b545228bf75d-003

Request Chain 334

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://rtb.gumgum.com/usersync?b=pln&i=kdD08RMqGqq0&ev=1&pid=558355

Request Chain 336

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://rtb.gumgum.com/usersync?b=mmh&i=6a796079-b1e0-4400-90cb-e1c53ed31491&gdpr=1&gdpr_consent=

Request Chain 337

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YHmx4QAAJ8GhbAAC HTTP 302
https://rtb.gumgum.com/usersync?b=atm&i=YHmx4QAAJ8GhbAAC&gdpr=1&gdpr_consent=&_test=YHmx4QAAJ8GhbAAC

Request Chain 338

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wYzY3ZDgzYy0zNGI0LTQwZDctOWY4Zi1lNTM4NDNjZDRkNmY=&gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wYzY3ZDgzYy0zNGI0LTQwZDctOWY4Zi1lNTM4NDNjZDRkNmY=&gdpr=1&gdpr_consent=&google_tc=

Request Chain 342

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=YHmx6MCo8YoAAK4nCJoAAAAA

Request Chain 343

https://p.rfihub.com/cm?pub=42796&in=1 HTTP 302
https://rtb.gumgum.com/usersync?b=zet&i=1870471594334026212

Request Chain 344

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=25HJhndzcYwQ1eV5GPkX&pi=gumgum&tc=1

Request Chain 350

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEE_x_4881QvM4MzN6jTZS9w&google_cver=1&google_push=AQvitUJvM9EDOMxpmCWFg45jcwLVw55uMGCiu-cqwioy2zwQf1P7kszHZLBs0fmYtK6Kv4YD-F23mQUljLTrWjzTQYB3dZkh_l8QXg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk1MTc4MzA3NTQ3OTg3Nzc4MA%3D%3D&google_push=AQvitUJvM9EDOMxpmCWFg45jcwLVw55uMGCiu-cqwioy2zwQf1P7kszHZLBs0fmYtK6Kv4YD-F23mQUljLTrWjzTQYB3dZkh_l8QXg

Request Chain 352

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGY5uv-Pe6QU1pgRJaAkohI&google_cver=1&google_push=AQvitUJpR-L38lR2yicG_WA6I96drtWldWPjRQq9DDuyvHBvrgKicklIkdK0NryRQG8bIpqNgGWUzxrpcnBwuXL9dKFQiq4t8s1pPw HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEGY5uv-Pe6QU1pgRJaAkohI&google_cver=1&google_push=AQvitUJpR-L38lR2yicG_WA6I96drtWldWPjRQq9DDuyvHBvrgKicklIkdK0NryRQG8bIpqNgGWUzxrpcnBwuXL9dKFQiq4t8s1pPw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUJpR-L38lR2yicG_WA6I96drtWldWPjRQq9DDuyvHBvrgKicklIkdK0NryRQG8bIpqNgGWUzxrpcnBwuXL9dKFQiq4t8s1pPw&google_hm=nIJFJRisQhSJbNz2dVmwIQ==

Request Chain 353

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEG3Me7BcUmW9a6lWc-pyPPM&google_cver=1&google_push=AQvitULxDnEYEtCFi8eVkgPyPcL3xUnpIOHVofHRXcvR1MJ9JnAZiI4WZQBWCByb71M5Fo55iGtlCr4td4bWf2gO81FGxh_oKIE_3w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDY1MTk3MjQ1NzM1NTMzMTAzMQ&google_push=AQvitULxDnEYEtCFi8eVkgPyPcL3xUnpIOHVofHRXcvR1MJ9JnAZiI4WZQBWCByb71M5Fo55iGtlCr4td4bWf2gO81FGxh_oKIE_3w

Request Chain 354

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJydzknH_q4NVl0fxCBGopY&google_cver=1&google_push=AQvitUK3Ac8daY1WfwCM3mdE2n9eiIhV-dKl4pFOEFmIQmOQEGgJU8z0FF4SFTSyp28M2GrrKt57gaebLDQ78R1m2p-BFSY6cYyy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHmx4LnnDUiwr-1b882MogAABHYAAAAB&google_push=AQvitUK3Ac8daY1WfwCM3mdE2n9eiIhV-dKl4pFOEFmIQmOQEGgJU8z0FF4SFTSyp28M2GrrKt57gaebLDQ78R1m2p-BFSY6cYyy&google_cver=1&google_gid=CAESEJydzknH_q4NVl0fxCBGopY

Request Chain 355

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOFXZSfRmxUlGh5rGenEfGA&google_cver=1&google_push=AQvitUKTAOUsnh7GF0aIvgSwxoO0ep24wbuKCZvmK8udyqpcwo3qFRTAuyDlviG6PTaaNXQvX3tJG5FgUFCcHQ1Yjl8IIZLphbSMIA HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AQvitUKTAOUsnh7GF0aIvgSwxoO0ep24wbuKCZvmK8udyqpcwo3qFRTAuyDlviG6PTaaNXQvX3tJG5FgUFCcHQ1Yjl8IIZLphbSMIA&google_gid=CAESEOFXZSfRmxUlGh5rGenEfGA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NjYxMzAyMDgxMTAwODQyMTUwMw%3D%3D&google_push=AQvitUKTAOUsnh7GF0aIvgSwxoO0ep24wbuKCZvmK8udyqpcwo3qFRTAuyDlviG6PTaaNXQvX3tJG5FgUFCcHQ1Yjl8IIZLphbSMIA

Request Chain 393

https://image8.pubmatic.com/AdServer/ImgSync?p=156400&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156400&gdpr=0&gdpr_consent=&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTRGQjhDMkYtN0VEQy00NjU3LTg4QUUtOTk3MTJGNzUzMDIy&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 395

https://image8.pubmatic.com/AdServer/ImgSync?p=156400&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156400&gdpr=0&gdpr_consent=&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEEwNDUwQjYtMjYwMy00OUJCLTg5NTItN0RERkRGNDYxMjZD&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 396

https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0 HTTP 302
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&tbid=29febbe1-38ac-44ef-abe5-ecf8b198d057-tuct7733763&query=taboola_hm%3D14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&isDirect=0

Request Chain 399

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fsync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc HTTP 302
https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=ioLkb2gVm30G&ev=1&orig=trc&pid=562107

Request Chain 400

https://ib.adnxs.com/getuidnb?https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc HTTP 302
https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8439287491051979253&orig=trc

Request Chain 401

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEEROkTe30F8xKQPl8mVNZU8&google_cver=1

Request Chain 403

https://sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=204218d8-8ce0-4c90-b6d4-4fad554bea8e-tuct7733763

Request Chain 404

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e108d097-6e57-45fe-ae30-e908027a76de

Request Chain 409

https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40 HTTP 302
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=36619118-3ae4-4ce9-a72a-39cf12fd7891

Request Chain 410

https://id5-sync.com/s/464/9.gif?puid=677568c6-7d8f-4d16-9de1-f9bb9e0b207a-tuct7733760&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BID5UID%7D HTTP 302
https://id5-sync.com/c/464/464/7/1.gif?puid=677568c6-7d8f-4d16-9de1-f9bb9e0b207a-tuct7733760&gdpr=1&gdpr_consent= HTTP 302
https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-ZHMOGDiJb7Xnh0lcnv60KakHBGSfylb9hUxbajxn6g&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F464%2F124%2F6%2F2.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_consent= HTTP 302
https://id5-sync.com/cq/464/124/6/2.gif?puid=3ae97653-8e89-4a47-8e48-4ed55d65e5a2&gdpr=1&gdpr_consent=&gdpr=1&gdpr_consent= HTTP 302
https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9MyZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY HTTP 303
https://cookie-matching.mediarithmics.com/v1/get_or_create?sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9MyZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&domid=1033 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9MyZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=1033&ops=apx HTTP 302
https://cookie-matching.mediarithmics.com/input?key=GOO&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9MyZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=1033&ops=apx&google_gid=CAESEIPmF2fbibNpo6SYfWnUnUc&google_cver=1 HTTP 303
https://ib.adnxs.com/getuid?https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=$UID&opid=apx&ops=&utidl=tech:goo:CAESEIPmF2fbibNpo6SYfWnUnUc&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9MyZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&action=GET_ID&etid=&domid=1033 HTTP 302
https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=8439287491051979253&opid=apx&ops=&utidl=tech:goo:CAESEIPmF2fbibNpo6SYfWnUnUc&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9MyZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&action=GET_ID&etid=&domid=1033 HTTP 303
https://id5-sync.com/qp/18.gif?puid=vec%3A16948312096&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9MyZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY HTTP 302
https://sync.crwdcntrl.net/map/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/464/19/4/4.gif?puid=${profile_id}&gdpr=1&gdpr_consent= HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/464/19/4/4.gif?puid=${profile_id}&gdpr=1&gdpr_consent= HTTP 302
https://id5-sync.com/c/464/19/4/4.gif?puid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent= HTTP 302
https://ads.creative-serving.com/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F101%2F3%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://ads.creative-serving.com/ul_cb/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F101%2F3%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://id5-sync.com/c/464/101/3/5.gif?puid=10b08820-2ebf-42f5-a303-105abc39eaf0&gdpr=1&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F108%2F2%2F6.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_consent= HTTP 302
https://id5-sync.com/c/464/108/2/6.gif?puid=3e0dbed1-9ecb-11eb-87f4-ba2ad3941b03&gdpr=1&gdpr_consent= HTTP 302
https://uipglob.semasio.net/id5/1/get?gdpr=1&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F1%2F7.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://uipglob.semasio.net/id5/1/get2?gdpr=1&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F1%2F7.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3D

Request Chain 411

https://s.c.appier.net/taboola HTTP 302
https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=GfBIiKp9BAO83JcP5LF5YA

Request Chain 413

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent= HTTP 302
https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=taboola&bsw_custom_parameter=9c824525-18ac-4214-896c-dcf67559b021 HTTP 302
https://x.bidswitch.net/sync?dsp_id=257&user_id=mkb1548e5c-56f1-4703-882a-4fce15c23aa0&expires=7&user_group=5&ssp=taboola&bsw_param=9c824525-18ac-4214-896c-dcf67559b021 HTTP 302
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=9c824525-18ac-4214-896c-dcf67559b021

Request Chain 420

https://sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=f431c12e-7b1d-4c2d-9b71-f1200d175dfd-tuct7733763

Request Chain 421

https://s.c.appier.net/taboola HTTP 302
https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=KX1oLaR9D86fR8tM5LF5YA

Request Chain 423

https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0 HTTP 302
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&tbid=f431c12e-7b1d-4c2d-9b71-f1200d175dfd-tuct7733763&query=taboola_hm%3D14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&isDirect=0

Request Chain 426

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fsync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc HTTP 302
https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=jrNNouYtWRbg&ev=1&orig=trc&pid=562107

Request Chain 427

https://ib.adnxs.com/getuidnb?https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc HTTP 302
https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8439287491051979253&orig=trc

Request Chain 428

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEEROkTe30F8xKQPl8mVNZU8&google_cver=1

Request Chain 429

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=b176f678-dbbb-4757-a026-7ac90ec11a86-tuct7733761:$UID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 430

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e108d097-6e57-45fe-ae30-e908027a76de

Request Chain 435

https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40 HTTP 302
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=36619118-3ae4-4ce9-a72a-39cf12fd7891

Request Chain 436

https://id5-sync.com/s/464/9.gif?puid=b176f678-dbbb-4757-a026-7ac90ec11a86-tuct7733761&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BID5UID%7D HTTP 302
https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9NiZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY HTTP 303
https://id5-sync.com/qp/18.gif?puid=vec%3A16948312096&sd=Y2FzY2FkZXNSZW1haW5pbmc9NiZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY HTTP 302
https://sync.crwdcntrl.net/map/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/464/19/5/3.gif?puid=${profile_id}&gdpr=1&gdpr_consent= HTTP 302
https://id5-sync.com/c/464/19/5/3.gif?puid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent= HTTP 302
https://ads.creative-serving.com/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F101%2F4%2F4.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://id5-sync.com/c/464/101/4/4.gif?puid=2200887c-a04f-4955-9e74-48a0a2b18a57&gdpr=1&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F108%2F3%2F5.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F108%2F3%2F5.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_consent= HTTP 302
https://id5-sync.com/c/464/108/3/5.gif?puid=3e0dbed1-9ecb-11eb-87f4-ba2ad3941b03&gdpr=1&gdpr_consent= HTTP 302
https://uipglob.semasio.net/id5/1/get?gdpr=1&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F2%2F6.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://uipglob.semasio.net/id5/1/get2?gdpr=1&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F2%2F6.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://id5-sync.com/c/464/112/2/6.gif?puid=688DBAFC0A814C2A&gdpr=1&gdpr_consent=

Request Chain 437

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent= HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=taboola HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=taboola HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=d5dad668-161c-4b6d-8c82-f0b2b189ac83&ssp=taboola HTTP 302
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=9c824525-18ac-4214-896c-dcf67559b021

439 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014 Show response
www.themoscowtimes.com/2019/11/01/ 48 KB
12 KB 156ms
86ms Document
text/html 95.215.189.12
PROCOLIX

General

Check archive.org

Show headers Download Go to

Full URL

https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.215.189.12 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host880.procolix.com

Software

Apache/2.4.25 (Debian) /

Resource Hash

c826b646487b548dd4738e5204795743214b02c6a25a5812601094ba55a0813f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.themoscowtimes.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Server: Apache/2.4.25 (Debian)
Strict-Transport-Security: max-age=15552000
X-Frame-Options: SAMEORIGIN
Cache-Control: no-cache, private
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11653
Connection: close
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK main.css
static.themoscowtimes.com/css/ 187 KB
187 KB 119ms
52ms Stylesheet
text/css 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to

Full URL

https://static.themoscowtimes.com/css/main.css?v=28

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

fcfb2967769ae00c7c9024bf6d7765adb7aa7bea15db5a9b3c3213ba45b92907

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Fri, 02 Apr 2021 15:18:39 GMT
Server: nginx/1.10.3
ETag: "606735cf-2ebf6"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: text/css
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 191478
X-Content-Type-Options: nosniff

GET
H2 200 tag.min.js Show response
get.s-onetag.com/de8d3c3f-602a-4921-94f6-6c06fb8d9728/ 35 KB
11 KB 78ms
26ms Script
text/javascript 143.204.90.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.s-onetag.com/de8d3c3f-602a-4921-94f6-6c06fb8d9728/tag.min.js
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.90.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-90-117.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6f6c910971dd5b42c99835ff5e3d6dcdba3eb9735368bfbefdeeab88c45d5abc

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 1SkQP0orxGbWmBZos0.OQF658a_AEtgy
content-encoding: gzip
last-modified: Tue, 02 Feb 2021 11:48:08 GMT
server: AmazonS3
age: 37549
etag: W/"5e568e0b6202c88bdf9b2d5ec871ffe4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Fri, 16 Apr 2021 05:23:24 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: T85jOsLK2KA7WxKgVPNp0uF8-jx9cAomUc89rEmclXEAXvA4tLKbDA==

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 33ms
13ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04b24cc75d726600ecd77219c27bcba8a1e4d100c3dd411a2ea30e0167b414ee

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:43 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 1902
etag: W/"1462b90a76cb55e61497af0c736a3b3a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 640e8f3bf96405e9-FRA
cf-request-id: 097cf7d978000005e91514d000000001
expires: Mon, 19 Apr 2021 15:48:43 GMT

GET
H2 200 chartbeat_mab.js Show response
static.chartbeat.com/js/ 22 KB
9 KB 99ms
32ms Script
application/x-javascript 2600:9000:2021:aa00:18:1fcd:34e:d2a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_mab.js
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2021:aa00:18:1fcd:34e:d2a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: bdbb3b88367e0dc7f2af34b3bb701fe2523c8653a48cdfd8aaf67c2d1e18b76d

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 15:50:19 GMT
content-encoding: gzip
last-modified: Wed, 02 Dec 2020 01:43:44 GMT
server: nginx
age: 86304
etag: W/"5fc6f150-5976"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 ce212714683674e5fb514cf3923f165d.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: g21nqw7XM4VZxClsNoyP3ny2JrjXGTGchtgE6ujdSu4MWweFUWBMzQ==
expires: Fri, 16 Apr 2021 15:50:19 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 63 KB
21 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

166e29274933338b6c358a2193b1d0a48717eff6a9709d349c3b5a15dd639dfd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "844 / 99 of 1000 / last-modified: 1618571277"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21120
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:43 GMT

GET
H/1.1 200
OK logo_1280.png
static.themoscowtimes.com/img/ 52 KB
52 KB 82ms
35ms Image
image/png 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.themoscowtimes.com/img/logo_1280.png

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

236ddfb4c7ba17cb430dd68df496bb75143ccfc0a178367056b35605ef0160a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Fri, 02 Apr 2021 15:18:39 GMT
Server: nginx/1.10.3
ETag: "606735cf-d003"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: image/png
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 53251
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK TASS_16968549.jpg
static.themoscowtimes.com/image/article_1360/3d/ 277 KB
278 KB 75ms
45ms Image
image/jpeg 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.themoscowtimes.com/image/article_1360/3d/TASS_16968549.jpg

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

0d41122e7848598a9f63ea742c7b68e796091751e86e98abc2677fdb3fbe04f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Fri, 01 Nov 2019 13:50:39 GMT
Server: nginx/1.10.3
ETag: "5dbc382f-4543a"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 283706
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 30ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/675D) /
Resource Hash: 501ed6f37588ea4083347c8c1b9fd9bfbc560f8f9977aa2847749e0977063f6c

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Apr 2021 22:47:45 GMT
Server: ECS (frb/675D)
Age: 368
Etag: "f8e2082c1f210ffae5a2de107bd73ffc+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28769

GET
H/1.1 200
OK 0001UY8M1.jpg
static.themoscowtimes.com/image/article_640/7b/ 31 KB
32 KB 69ms
46ms Image
image/jpeg 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.themoscowtimes.com/image/article_640/7b/0001UY8M1.jpg

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

b44742af8c52f0b50ce4fd4f914084f74ac6e2af31b873c0738fe05503b3687b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Thu, 16 Jul 2020 08:05:59 GMT
Server: nginx/1.10.3
ETag: "5f100a67-7c86"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 31878
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK 2a4468bdf8fb4c4587d6f589402b627c.jpg
static.themoscowtimes.com/image/article_640/f3/ 25 KB
26 KB 63ms
46ms Image
image/jpeg 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.themoscowtimes.com/image/article_640/f3/2a4468bdf8fb4c4587d6f589402b627c.jpg

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

e2e3ce39cb03dea908e48a0e8c9becfd77656bde2cf63df5050b42facf527731

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Mon, 30 Sep 2019 15:07:14 GMT
Server: nginx/1.10.3
ETag: "5d921a22-6565"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 25957
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK TASS7046517.jpg
static.themoscowtimes.com/image/article_640/b9/ 18 KB
19 KB 57ms
47ms Image
image/jpeg 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.themoscowtimes.com/image/article_640/b9/TASS7046517.jpg

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

e619a3d55c7136321f42abb8979c0e99160209aaf22abbbcba4f1001f6fb5baf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Fri, 26 Apr 2019 12:56:07 GMT
Server: nginx/1.10.3
ETag: "5cc2ffe7-4980"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 18816
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK a91fe7b.jpg
static.themoscowtimes.com/image/article_640/45/ 29 KB
29 KB 31ms
30ms Image
image/jpeg 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.themoscowtimes.com/image/article_640/45/a91fe7b.jpg

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

e0d4c8219773ccfec77e5eba0a4d6628119cdf77a20380694dbd71b18d43a734

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Thu, 21 Feb 2019 13:00:37 GMT
Server: nginx/1.10.3
ETag: "5c6ea0f5-7311"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 29457
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK GyfLy3HP_400x400.png
static.themoscowtimes.com/image/320/03/ 16 KB
17 KB 33ms
33ms Image
image/png 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.themoscowtimes.com/image/320/03/GyfLy3HP_400x400.png

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

a21374a3f8e02566ede77b6371937fcf2869587e01b38389552193a4ff9ef56c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Tue, 12 Nov 2019 10:43:09 GMT
Server: nginx/1.10.3
ETag: "5dca8cbd-40bf"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: image/png
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 16575
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK CWJdLmXk_400x400.png
static.themoscowtimes.com/image/320/3f/ 14 KB
14 KB 32ms
32ms Image
image/png 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.themoscowtimes.com/image/320/3f/CWJdLmXk_400x400.png

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

1c4c5f95ac39592247ba98f6be4c5124d948da7e1ec8210c0e26ec1ad0b9c87f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Tue, 12 Nov 2019 10:42:10 GMT
Server: nginx/1.10.3
ETag: "5dca8c82-3625"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: image/png
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 13861
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK LUWCANFI_400x400.jpg
static.themoscowtimes.com/image/320/36/ 8 KB
9 KB 34ms
33ms Image
image/jpeg 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.themoscowtimes.com/image/320/36/LUWCANFI_400x400.jpg

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

fc8910a12a56baa8d399a29ea83ff9d09e9326cd7a38be03892a0333df79c931

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Tue, 12 Nov 2019 10:43:20 GMT
Server: nginx/1.10.3
ETag: "5dca8cc8-212c"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 8492
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK apple-icon-180x180.png
static.themoscowtimes.com/image/320/b5/ 33 KB
33 KB 36ms
36ms Image
image/png 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.themoscowtimes.com/image/320/b5/apple-icon-180x180.png

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

cbcac3c98cf9658fbaa2ccbd75656668ed9338059ce94fac4b50c48c10f3e90e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Mon, 07 Sep 2020 14:43:37 GMT
Server: nginx/1.10.3
ETag: "5f564719-8272"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: image/png
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 33394
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK icon-180x180.png
static.themoscowtimes.com/image/320/0a/ 43 KB
44 KB 37ms
36ms Image
image/png 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.themoscowtimes.com/image/320/0a/icon-180x180.png

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

269eb85c158413a8e1c036fc2f3aa2360f35cdc4999234028be80b94e9ec2389

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Tue, 12 Nov 2019 10:43:15 GMT
Server: nginx/1.10.3
ETag: "5dca8cc3-ac6c"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: image/png
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 44140
X-Content-Type-Options: nosniff

GET
H2 200 jquery-2.2.0.min.js Show response
code.jquery.com/ 84 KB
29 KB 25ms
9ms Script
application/javascript 2001:4de0:ac18::1:a:2a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.0.min.js
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:43 GMT
content-encoding: gzip
last-modified: Fri, 08 Jan 2016 20:03:15 GMT
server: nginx
etag: W/"56901603-14e55"
vary: Accept-Encoding
x-hw: 1618588123.dop150.fr8.t,1618588123.cds239.fr8.hc,1618588123.cds235.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29875

GET
H/1.1 200
OK Timeago.js Show response
static.themoscowtimes.com/vendor/jquery/ 7 KB
7 KB 83ms
33ms Script
application/javascript 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to

Full URL

https://static.themoscowtimes.com/vendor/jquery/Timeago.js

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

51d2ca3e2554c558c0638095a604a4a3cdc1a914ca9a5f0ace149245b76804c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Mon, 20 Apr 2020 08:53:55 GMT
Server: nginx/1.10.3
ETag: "5e9d6323-1a99"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 6809
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK Lightbox.js Show response
static.themoscowtimes.com/vendor/jquery/ 5 KB
6 KB 45ms
32ms Script
application/javascript 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to

Full URL

https://static.themoscowtimes.com/vendor/jquery/Lightbox.js

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

f8ca71efa8f9823626b975330f1cd7dde8163230fba36ba1ccf8bf9182ea46cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Fri, 02 Dec 2016 06:20:54 GMT
Server: nginx/1.10.3
ETag: "584112c6-1597"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 5527
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK fitvids.js Show response
static.themoscowtimes.com/vendor/jquery/ 3 KB
3 KB 31ms
30ms Script
application/javascript 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to

Full URL

https://static.themoscowtimes.com/vendor/jquery/fitvids.js

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

206bf243e0b1ba7ef7435675de712d76c920dc8b2f1c6799f1ba89d2986e2e20

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Thu, 17 Jan 2019 14:30:47 GMT
Server: nginx/1.10.3
ETag: "5c409197-a54"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 2644
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK 2.029e1553.chunk.js Show response
static.themoscowtimes.com/js/react/newsletters/ 184 KB
184 KB 31ms
30ms Script
application/javascript 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to

Full URL

https://static.themoscowtimes.com/js/react/newsletters/2.029e1553.chunk.js

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

1cfee043979f75654901789b9c10ded17e85982acd6a66e21614c36949d85fc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Fri, 02 Apr 2021 15:18:39 GMT
Server: nginx/1.10.3
ETag: "606735cf-2de41"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 187969
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK main.4cf539d3.chunk.js Show response
static.themoscowtimes.com/js/react/newsletters/ 11 KB
12 KB 47ms
44ms Script
application/javascript 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to

Full URL

https://static.themoscowtimes.com/js/react/newsletters/main.4cf539d3.chunk.js

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

d5295c97529e9d7a0304c2e17eae16173ea2417661479ff80b35da151390fbbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Fri, 02 Apr 2021 15:18:39 GMT
Server: nginx/1.10.3
ETag: "606735cf-2d47"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 11591
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK init.js Show response
static.themoscowtimes.com/js/react/newsletters/ 2 KB
2 KB 53ms
29ms Script
application/javascript 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to

Full URL

https://static.themoscowtimes.com/js/react/newsletters/init.js

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

e2f8cd876768e15cdc9167bdff85d98e23c6e419c33df986cb91678613e542e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Fri, 02 Apr 2021 15:18:39 GMT
Server: nginx/1.10.3
ETag: "606735cf-728"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 1832
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK Yellow.js Show response
static.themoscowtimes.com/vendor/yellow/ 27 KB
27 KB 71ms
30ms Script
application/javascript 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to

Full URL

https://static.themoscowtimes.com/vendor/yellow/Yellow.js

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

c623e82418aeacccf4b6feed6c69d7aeab0f81ae791e91eb448b8f61a50671c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Thu, 03 Jan 2019 16:54:46 GMT
Server: nginx/1.10.3
ETag: "5c2e3e56-6c05"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 27653
X-Content-Type-Options: nosniff

GET
H2 200 all.css
use.fontawesome.com/releases/v5.13.0/css/ 57 KB
14 KB 72ms
23ms Stylesheet
text/css 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.13.0/css/all.css
Requested by: Host: static.themoscowtimes.com
URL: https://static.themoscowtimes.com/css/main.css?v=28
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:43 GMT
content-encoding: gzip
last-modified: Mon, 23 Mar 2020 16:09:20 GMT
server: NetDNA-cache/2.2
etag: W/"76cb46c10b6c0293433b371bae2414b2"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT

GET
H2 200 v4-shims.css
use.fontawesome.com/releases/v5.13.0/css/ 26 KB
5 KB 88ms
39ms Stylesheet
text/css 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.13.0/css/v4-shims.css
Requested by: Host: static.themoscowtimes.com
URL: https://static.themoscowtimes.com/css/main.css?v=28
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: c0ded025aa80c10d37920521c8de04536a6145d0e42eb4186c57b412fa50eb45

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:43 GMT
content-encoding: gzip
last-modified: Mon, 23 Mar 2020 16:09:22 GMT
server: NetDNA-cache/2.2
etag: W/"fb073a92592d70e5aa6e3cce1cf93a11"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT

GET
H2 200 css
fonts.googleapis.com/ 16 KB
1 KB 15ms
15ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900|Merriweather:300,300i,400,900

Requested by

Host: static.themoscowtimes.com
URL: https://static.themoscowtimes.com/css/main.css?v=28

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1b74fc3666be448b57191d1b21d896316748bd0b311eb01e344f2f90d8237954

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 16 Apr 2021 15:48:43 GMT
server: ESF
date: Fri, 16 Apr 2021 15:48:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Apr 2021 15:48:43 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 94 KB
34 KB 20ms
19ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TR8JKK

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

67f7af60a47f69ba625ec318b5865d6d9ba65ffa9294acddc2b1091ab64a9723

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:43 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35059
x-xss-protection: 0
last-modified: Fri, 16 Apr 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Apr 2021 15:48:43 GMT

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
15 KB 66ms
32ms Script
application/x-javascript 2600:9000:2021:aa00:18:1fcd:34e:d2a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2021:aa00:18:1fcd:34e:d2a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ec93813683cccb74a7896a34a2ed1b2163288620f6959ae06de3ded30cf518b9

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:16:10 GMT
content-encoding: gzip
last-modified: Fri, 02 Apr 2021 00:04:46 GMT
server: nginx
age: 1953
etag: W/"60665f9e-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 ce212714683674e5fb514cf3923f165d.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: PdGJJf62pD8w3ZbIZ_0jyrlr6YDaukfXG2UXE8YSOQMf-AcjjXhgyg==
expires: Sat, 17 Apr 2021 15:16:10 GMT

GET
DATA 200
OK truncated
/ 987 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c4c9a02233263c1f9adbb3aee8afc6df58f639da4301ea1001eabad848caf216

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
16 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900|Merriweather:300,300i,400,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.themoscowtimes.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Apr 2021 21:15:49 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
age: 325974
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
expires: Tue, 12 Apr 2022 21:15:49 GMT

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.13.0/webfonts/ 78 KB
78 KB 75ms
23ms Font
font/woff2 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.13.0/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.13.0/css/all.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

Request headers

Origin: https://www.themoscowtimes.com
Referer: https://use.fontawesome.com/releases/v5.13.0/css/all.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:43 GMT
last-modified: Mon, 23 Mar 2020 16:08:17 GMT
server: NetDNA-cache/2.2
etag: "b15db15f746f29ffa02638cb455b8ec0"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT
accept-ranges: bytes
content-length: 79444

GET
H2 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900|Merriweather:300,300i,400,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.themoscowtimes.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Apr 2021 21:15:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:50 GMT
server: sffe
age: 325995
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15724
x-xss-protection: 0
expires: Tue, 12 Apr 2022 21:15:28 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 16 KB
16 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900|Merriweather:300,300i,400,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.themoscowtimes.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 19:15:25 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
age: 246798
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
expires: Wed, 13 Apr 2022 19:15:25 GMT

GET
H2 200 fa-brands-400.woff2
use.fontawesome.com/releases/v5.13.0/webfonts/ 75 KB
75 KB 114ms
63ms Font
font/woff2 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.13.0/webfonts/fa-brands-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.13.0/css/all.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 5d9190292acdd48ba0fc35080f7e7448f3cdf0d79199a4d23f0f49b5341fdf29

Request headers

Origin: https://www.themoscowtimes.com
Referer: https://use.fontawesome.com/releases/v5.13.0/css/all.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:43 GMT
last-modified: Mon, 23 Mar 2020 16:10:04 GMT
server: NetDNA-cache/2.2
etag: "a06da7f0950f9dd366fc9db9d56d618a"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT
accept-ranges: bytes
content-length: 76612

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900|Merriweather:300,300i,400,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.themoscowtimes.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Apr 2021 21:15:49 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
age: 325974
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
expires: Tue, 12 Apr 2022 21:15:49 GMT

GET
H2 200 u-4n0qyriQwlOrhSvowK_l521wRZWMf6.woff2
fonts.gstatic.com/s/merriweather/v22/ 19 KB
19 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l521wRZWMf6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900|Merriweather:300,300i,400,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de878ac09635910d6fdc776b259330509502e11a42aee1881a73a59d491e0000

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.themoscowtimes.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Apr 2021 10:03:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:07:17 GMT
server: sffe
age: 452702
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19128
x-xss-protection: 0
expires: Mon, 11 Apr 2022 10:03:41 GMT

GET
H2 200 u-4n0qyriQwlOrhSvowK_l52_wFZXMf6lvg.woff2
fonts.gstatic.com/s/merriweather/v22/ 14 KB
14 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l52_wFZXMf6lvg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900|Merriweather:300,300i,400,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b95428478853497b174deac5c6435723f377c236d067f621d3c14ce3200d2d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.themoscowtimes.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Apr 2021 10:06:19 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:10:10 GMT
server: sffe
age: 452544
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14712
x-xss-protection: 0
expires: Mon, 11 Apr 2022 10:06:19 GMT

GET
H2 200 u-4n0qyriQwlOrhSvowK_l52_wFZWMf6.woff2
fonts.gstatic.com/s/merriweather/v22/ 19 KB
19 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l52_wFZWMf6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900|Merriweather:300,300i,400,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5c9e4876832936836619c0b253bd8fd6c739560a6d5f287f51ac71b2edf7ae9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.themoscowtimes.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Apr 2021 10:03:39 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:10:05 GMT
server: sffe
age: 452704
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19056
x-xss-protection: 0
expires: Mon, 11 Apr 2022 10:03:39 GMT

GET
H2 200 / Show response
onetag-geo.s-onetag.com/ 24 B
437 B 140ms
56ms Fetch
application/json 13.33.139.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://onetag-geo.s-onetag.com/
Requested by: Host: get.s-onetag.com
URL: https://get.s-onetag.com/de8d3c3f-602a-4921-94f6-6c06fb8d9728/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-101.cph50.r.cloudfront.net
Software: /
Resource Hash: 06e73cdd74774a1d60c2570e0df7ee94b53077d478b1a0aad86ac5ad04f4e0af

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 09:38:36 GMT
via: 1.1 81f038b63d8af92c2b360530d51919c2.cloudfront.net (CloudFront), 1.1 f02d12ca65f35faca412663f5188aecd.cloudfront.net (CloudFront)
age: 22207
x-amzn-requestid: 55aaa227-baf7-47db-b7b1-43692b6be20c
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: MUC50-C1, CPH50-C2
x-amz-apigw-id: d3ssfFqVCYcF4iQ=
content-length: 24
x-amz-cf-id: x5i-ehs5cC70M0Pzyuxz5aTja3FxyJEHE-Opxd0ONXIz4d5PkH1nzw==

GET
H2 200 beacon.min.js Show response
signal-beacon.s-onetag.com/ 31 KB
10 KB 166ms
43ms Script
application/javascript 13.33.139.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://signal-beacon.s-onetag.com/beacon.min.js
Requested by: Host: get.s-onetag.com
URL: https://get.s-onetag.com/de8d3c3f-602a-4921-94f6-6c06fb8d9728/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-117.cph50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 86fcf33dad06e2c94c8b6d0800075eeb09a286c01837329da371da7d859dabf8

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: FxELgS0AF3DM.nbOOvZ9uVTuXEGtZU5d
content-encoding: gzip
etag: W/"213fdcebf159b76b249f26984c224a68"
last-modified: Tue, 23 Mar 2021 13:58:10 GMT
server: AmazonS3
age: 74542
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 0561454d7fe07544e19cf11609a0f13a.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Thu, 15 Apr 2021 19:06:22 GMT
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: xvDhDxM8NDNmr1kRQvaS20EiZJrN13DWJiglzCvW7ZSjPzFEb7AOkQ==

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900|Merriweather:300,300i,400,900

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.themoscowtimes.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Apr 2021 21:15:48 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 325975
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Tue, 12 Apr 2022 21:15:48 GMT

GET
H3-29 200 u-440qyriQwlOrhSvowK_l5-fCZM.woff2
fonts.gstatic.com/s/merriweather/v22/ 19 KB
19 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-fCZM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900|Merriweather:300,300i,400,900

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e19e5fec549d0d871301c8196f4a954abe8d6913464a1ac511f81ef71529f89b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.themoscowtimes.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 02:03:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:09:53 GMT
server: sffe
age: 135941
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19300
x-xss-protection: 0
expires: Fri, 15 Apr 2022 02:03:02 GMT

GET
H2 200 pubads_impl_2021041301.js Show response
securepubads.g.doubleclick.net/gpt/ 295 KB
104 KB 88ms
32ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041301.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

sffe /

Resource Hash

31e420b79e7760a7860ed2fb595c4f11b498559791571fed7eb22be20c7fa5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Apr 2021 08:38:34 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106168
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:43 GMT

GET
H/1.1 200
OK main.js Show response
static.themoscowtimes.com/js/ 40 KB
40 KB 37ms
37ms Script
application/javascript 95.215.189.11
PROCOLIX

General

Check archive.org

Show headers Download Go to

Full URL

https://static.themoscowtimes.com/js/main.js?v=28

Requested by

Host: static.themoscowtimes.com
URL: https://static.themoscowtimes.com/vendor/yellow/Yellow.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.215.189.11 , Netherlands, ASN51758 (PROCOLIX, NL),

Reverse DNS

host879.procolix.com

Software

nginx/1.10.3 /

Resource Hash

52b5333331d3d0a43ed43e779f2885d37d0ac62af22b15988a4fda90bee8a6ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Referrer-Policy: no-referrer
Last-Modified: Fri, 02 Apr 2021 15:18:39 GMT
Server: nginx/1.10.3
ETag: "606735cf-9f96"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 40854
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK widget_iframe.63899b173766ee6f8a729a72b542b0fb.html Show response
platform.twitter.com/widgets/ Frame ABC9 319 KB
103 KB 6ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.63899b173766ee6f8a729a72b542b0fb.html?origin=https%3A%2F%2Fwww.themoscowtimes.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668A) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.themoscowtimes.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 40767
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 16 Apr 2021 15:48:43 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Thu, 15 Apr 2021 22:44:33 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/668A)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TR8JKK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 6914
date: Fri, 16 Apr 2021 13:53:29 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19463
expires: Fri, 16 Apr 2021 15:53:29 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 92 KB
24 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9ddca568ff519cd935a816baec6f7bfce459656ec5022ec2ba6a6225891022eb

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23960
x-fb-rlafr: 0
pragma: public
x-fb-debug: rfxSy5ZLkwIwAbGAVqk7X7bvO5w2yvcamGmGUGnYDwGk/T4G3HTG9ZeA3AqAPVI1gFCr0Hs51yy2FkEgs4LK3A==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Fri, 16 Apr 2021 15:48:43 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK ede2b9c6411f6d0ebc48cb31e.js Show response
chimpstatic.com/mcjs-connected/js/users/239926d40266233686ee429be/ 50 B
577 B 66ms
23ms Script
application/javascript 184.30.17.156
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://chimpstatic.com/mcjs-connected/js/users/239926d40266233686ee429be/ede2b9c6411f6d0ebc48cb31e.js
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 184.30.17.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-17-156.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency: 98
Date: Fri, 16 Apr 2021 15:48:43 GMT
Last-Modified: Mon, 28 Sep 2020 12:02:51 GMT
Server: AmazonS3
x-amz-request-id: A4606814F9780D65
X-EdgeConnect-MidMile-RTT: 0
ETag: "104d46a3208b40e8ded389332f5a78a3"
Content-Type: application/javascript
Cache-Control: max-age=30
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 50
x-amz-id-2: QvHUUfFtnDQmdDj7epA/qBFLTlWY/vEEaLIZhMCUtzqBsQtiVZjqC0n1w/xss8u/1coxsOlg8zs=
Expires: Fri, 16 Apr 2021 15:49:13 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
169 B 317ms
105ms Image
image/gif 34.207.42.216
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=themoscowtimes.com&p=%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&u=LdUkWBTBqJjDRymda&d=themoscowtimes.com&g=66129&g0=News&g1=VTimes&n=1&f=00001&c=0&x=0&m=0&y=3685&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=674&t=C0nJ46BlBer8Ru2K5C3xFQBB2JMAn&V=126&i=%E2%80%98Putin%E2%80%99s%20Chef%E2%80%99%20Ordered%20to%20Pay%20for%20Mass%20Child%20Poisonings%20-%20The%20Moscow%20Times&tz=-120&sn=1&sv=D1i2Gc_m_k9BWTrPeBa8QAuDi7DG&sd=1&im=067b3fff&_
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.207.42.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-207-42-216.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 / Show response
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 240 B
501 B 221ms
205ms XHR
application/json 2a04:4e42:3::714
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=themoscowtimes.com&domain=themoscowtimes.com&path=%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Requested by: Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:3::714 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 85a38b47afff1513e6700d9b09bc952dc7579b48e06edf7da60485b8e48e0072

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:43 GMT
content-encoding: gzip
age: 0
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-cache: MISS
content-type: application/json
access-control-allow-origin: *
expires: Wed, 14 Apr 2021 15:48:43 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
x-cache-hits: 0
accept-ranges: bytes
x-timer: S1618588124.767190,VS0,VE200
content-length: 180
via: 1.1 varnish (Varnish/6.0), 1.1 varnish
x-served-by: cache-fra19136-FRA

GET
H/1.1 200
OK widget.js Show response
static.vidazoo.com/basev/widgets/ 45 KB
16 KB 98ms
24ms Script
application/javascript 69.16.175.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://static.vidazoo.com/basev/widgets/widget.js?widgetId=5e427f7da537320004d34f1a&widgetPosition=video-below-content&_=1618588123595
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-2.2.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: /
Resource Hash: d0f6b3479d68fe4535d9aa3dc5cf3f72c0c5f12c9698a4c83218b2b6901c7a73

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 08 Oct 2020 10:46:18 GMT
ETag: "1602153978"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Cache-Control: max-age=47362
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Access-Control-Allow-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Content-Length: 15782
X-HW: 1618588123.dop246.fr8.t,1618588123.cds207.fr8.shn,1618588123.dop246.fr8.t,1618588123.cds235.fr8.c

GET
H2 200 / Show response
onetag-geo.s-onetag.com/ 24 B
428 B 57ms
57ms Fetch
application/json 13.33.139.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://onetag-geo.s-onetag.com/
Requested by: Host: signal-beacon.s-onetag.com
URL: https://signal-beacon.s-onetag.com/beacon.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-101.cph50.r.cloudfront.net
Software: /
Resource Hash: 06e73cdd74774a1d60c2570e0df7ee94b53077d478b1a0aad86ac5ad04f4e0af

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 09:38:36 GMT
via: 1.1 81f038b63d8af92c2b360530d51919c2.cloudfront.net (CloudFront), 1.1 f02d12ca65f35faca412663f5188aecd.cloudfront.net (CloudFront)
age: 22207
x-amzn-requestid: 55aaa227-baf7-47db-b7b1-43692b6be20c
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: MUC50-C1, CPH50-C2
x-amz-apigw-id: d3ssfFqVCYcF4iQ=
content-length: 24
x-amz-cf-id: QSbhnFGGVeLjgPA0M5tB3b7-jxNrjbUv4y8PcWW_0OJg5KHfY7Ec2w==

GET
H3-29 200 342433566951762 Show response
connect.facebook.net/signals/config/ 261 KB
73 KB 107ms
107ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/342433566951762?v=2.9.39&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

94f5cda81f68f1844062663655ea584aafcb3e86e5eb6c668220b9d1ed32e39c

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: Zk0uJoDLgbI1/amhyUuL+bPG7Hbzk/W8HXwIu+mFui/AUbbQi1hoL4XlYkBohrwn1kr8ODslXCXjDe7Vxhwnqw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
date: Fri, 16 Apr 2021 15:48:43 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
541 B 34ms
14ms XHR
application/json 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 16 Apr 2021 15:48:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.themoscowtimes.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 16ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.themoscowtimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 16 Apr 2021 15:48:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.themoscowtimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 16 Apr 2021 15:48:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 122 KB
21 KB 1404ms
1372ms XHR
text/plain 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1632832089829992&correlator=1936976744759564&output=ldjh&impl=fifs&eid=31060313%2C31060784%2C31060400%2C31060708%2C31060830&vrg=2021041301&ptt=17&sc=1&sfv=1-0-38&ecs=20210416&iu_parts=21704504769%2CTMT%2Cbillboard_top%2Csidebar_home%2Csidebar_top%2Cbillboard_bottom%2Cbillboard_bottom_2%2Cvideo-in-article-content&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5%2C%2F0%2F1%2F6%2C%2F0%2F1%2F7&prev_iu_szs=728x90%7C970x90%7C980x120%7C970x250%2C300x250%7C336x280%2C300x250%7C336x280%7C300x600%2C728x90%7C970x90%7C980x120%7C970x250%2C728x90%7C970x90%7C980x120%7C970x250%2C728x90%7C970x90%7C980x120%7C970x250&cookie_enabled=1&bc=31&abxe=1&lmt=1618588123&dt=1618588123829&dlt=1618588123221&idt=586&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C-9%2C1158%2C-9%2C-9%2C-9&adys=12%2C-9%2C331%2C-9%2C-9%2C-9&adks=118446099%2C2416679599%2C236420964%2C1528615819%2C2558784702%2C3391782540&ucis=1%7C2%7C3%7C4%7C5%7C6&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x90%7C0x-1%7C336x250%7C0x-1%7C0x-1%7C0x-1&msz=1600x90%7C0x-1%7C336x250%7C0x-1%7C0x-1%7C0x-1&ga_vid=1288556040.1618588124&ga_sid=1618588124&ga_hid=1126298364&ga_fc=false&fws=4%2C2%2C4%2C2%2C2%2C2&ohw=1600%2C0%2C336%2C0%2C0%2C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

88faf43a729635ca3952b53a6cb08a748335a3beee4cd49b860d799205dac5d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:45 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21921
x-xss-protection: 0
google-lineitem-id: 5307164598,5307164598,5307164598,5307164598,-1,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138304378621,138304378627,138304207033,138303854969,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.themoscowtimes.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
368dc34c4e2602c35f583ea099c55052.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 46ms
14ms Other
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://368dc34c4e2602c35f583ea099c55052.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041301.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 6ms
6ms Other
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041301.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
285 B 15ms
13ms XHR
application/json 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 16 Apr 2021 15:48:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.themoscowtimes.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

GET
H2 200 settings Show response
syndication.twitter.com/ Frame ABC9 183 B
411 B 1205ms
141ms Fetch
application/json 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=76829e67b2d2319ff1d5fa409e338dde1e72dcbf

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.63899b173766ee6f8a729a72b542b0fb.html?origin=https%3A%2F%2Fwww.themoscowtimes.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ced34f591157438ef47695f979ac95f8758408e8d9b88e63aee8b382ec975785

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time: 115
date: Fri, 16 Apr 2021 15:48:45 GMT
content-encoding: gzip
last-modified: Fri, 16 Apr 2021 15:48:45 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 0d2bf6c66b33682ea53043fc90e98442
strict-transport-security: max-age=631138519
content-length: 152

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
93 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j89&tid=UA-4186815-1&cid=1288556040.1618588124&jid=1703711535&gjid=860339599&_gid=522753629.1618588124&_u=YChAgAABAAQCAE~&z=1593927699

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 16 Apr 2021 15:48:43 GMT
content-type: text/plain
access-control-allow-origin: https://www.themoscowtimes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j89&a=1126298364&t=pageview&_s=1&dl=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&ul=en-us&de=UTF-8&dt=%E2%80%98Putin%E2%80%99s%20Chef%E2%80%99%20Ordered%20to%20Pay%20for%20Mass%20Child%20Poisonings%20-%20The%20Moscow%20Times&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YChAgAABAAQC~&jid=1703711535&gjid=860339599&cid=1288556040.1618588124&tid=UA-4186815-1&_gid=522753629.1618588124&gtm=2wg472TR8JKK&z=773173679

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 20705
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 EU Show response
onetag-geo-grouping.s-onetag.com/regionalbloc/ 1 KB
843 B 76ms
24ms Fetch
application/json 143.204.90.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://onetag-geo-grouping.s-onetag.com/regionalbloc/EU
Requested by: Host: signal-beacon.s-onetag.com
URL: https://signal-beacon.s-onetag.com/beacon.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.90.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-90-104.fra50.r.cloudfront.net
Software: restify /
Resource Hash: 6088012dda2274a27fa40ed153d9e3a6c96a22af1b177f8a2916368eb3e88bb0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 04:46:55 GMT
content-encoding: gzip
server: restify
age: 39708
vary: Accept-Encoding,origin
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: https://www.themoscowtimes.com
access-control-expose-headers: api-version, content-length, content-md5, content-type, date, request-id, response-time
cache-control: max-age=86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: Aq0nAqysK_8F_v7XJEQkF5pxRilRGQW5aKvht-Gen7t3dtTlGTEHxw==
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)

GET
H/1.1 200
OK vpt.js Show response
static.vidazoo.com/basev/ 40 KB
11 KB 23ms
23ms Script
application/javascript 69.16.175.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://static.vidazoo.com/basev/vpt.js
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/widgets/widget.js?widgetId=5e427f7da537320004d34f1a&widgetPosition=video-below-content&_=1618588123595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: /
Resource Hash: bd97fb5dbd58e2c01a0bebc290daff9b869759dabc0555b55275600aa3978feb

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 08:20:14 GMT
ETag: "1618388414"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Cache-Control: max-age=47544
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Access-Control-Allow-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Content-Length: 10345
X-HW: 1618588123.dop246.fr8.t,1618588123.cds207.fr8.shn,1618588123.dop246.fr8.t,1618588123.cds235.fr8.c

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 29ms
29ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-4186815-1&cid=1288556040.1618588124&jid=1703711535&_u=YChAgAABAAQCAE~&z=209788609

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 32ms
32ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-4186815-1&cid=1288556040.1618588124&jid=1703711535&_u=YChAgAABAAQCAE~&z=209788609

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
181 B 6ms
6ms Ping
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7efaghb800sIctOC

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 16 Apr 2021 15:48:43 GMT
content-type: text/plain
access-control-allow-origin: https://www.themoscowtimes.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H/1.1 200
OK js Show response
servergen.vidazoo.com/widgets/5e427f7da537320004d34f1a/ 13 KB
14 KB 575ms
110ms Script
text/javascript 54.243.166.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://servergen.vidazoo.com/widgets/5e427f7da537320004d34f1a/js?widgetId=5e427f7da537320004d34f1a&widgetPosition=video-below-content&_=1618588123595
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/widgets/widget.js?widgetId=5e427f7da537320004d34f1a&widgetPosition=video-below-content&_=1618588123595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.243.166.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-166-109.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: b4a111f60e55c25e8d591fec55aa38ddc231018234a8099eca9178cbe77cc145

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:44 GMT
Via: 1.1 vegur
Server: Cowboy
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
Content-Length: 13654

GET
H2 200 / Show response
onetag-geo.s-onetag.com/ 24 B
429 B 41ms
41ms Fetch
application/json 13.33.139.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://onetag-geo.s-onetag.com/
Requested by: Host: signal-beacon.s-onetag.com
URL: https://signal-beacon.s-onetag.com/beacon.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-101.cph50.r.cloudfront.net
Software: /
Resource Hash: 06e73cdd74774a1d60c2570e0df7ee94b53077d478b1a0aad86ac5ad04f4e0af

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 09:38:36 GMT
via: 1.1 81f038b63d8af92c2b360530d51919c2.cloudfront.net (CloudFront), 1.1 f02d12ca65f35faca412663f5188aecd.cloudfront.net (CloudFront)
age: 22208
x-amzn-requestid: 55aaa227-baf7-47db-b7b1-43692b6be20c
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: MUC50-C1, CPH50-C2
x-amz-apigw-id: d3ssfFqVCYcF4iQ=
content-length: 24
x-amz-cf-id: gLFsNaXGy7GCZSNwnz1WqZsrvs5SdZWq9KbPu9zn-lQZlt9kJKV7MA==

GET
H2 200 / Show response
onetag-geo.s-onetag.com/ 24 B
428 B 40ms
40ms Fetch
application/json 13.33.139.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://onetag-geo.s-onetag.com/
Requested by: Host: signal-beacon.s-onetag.com
URL: https://signal-beacon.s-onetag.com/beacon.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-101.cph50.r.cloudfront.net
Software: /
Resource Hash: 06e73cdd74774a1d60c2570e0df7ee94b53077d478b1a0aad86ac5ad04f4e0af

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 09:38:36 GMT
via: 1.1 81f038b63d8af92c2b360530d51919c2.cloudfront.net (CloudFront), 1.1 f02d12ca65f35faca412663f5188aecd.cloudfront.net (CloudFront)
age: 22208
x-amzn-requestid: 55aaa227-baf7-47db-b7b1-43692b6be20c
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: MUC50-C1, CPH50-C2
x-amz-apigw-id: d3ssfFqVCYcF4iQ=
content-length: 24
x-amz-cf-id: XOTIjFpdldgJtUGnhlO0-IUnLiZlPIUj7NmRi8GezzkFhH6999oFgA==

GET
H2 200 EU Show response
onetag-geo-grouping.s-onetag.com/regionalbloc/ 1 KB
834 B 28ms
28ms Fetch
application/json 143.204.90.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://onetag-geo-grouping.s-onetag.com/regionalbloc/EU
Requested by: Host: signal-beacon.s-onetag.com
URL: https://signal-beacon.s-onetag.com/beacon.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.90.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-90-104.fra50.r.cloudfront.net
Software: restify /
Resource Hash: 6088012dda2274a27fa40ed153d9e3a6c96a22af1b177f8a2916368eb3e88bb0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 04:46:55 GMT
content-encoding: gzip
server: restify
age: 39709
vary: Accept-Encoding,origin
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: https://www.themoscowtimes.com
access-control-expose-headers: api-version, content-length, content-md5, content-type, date, request-id, response-time
cache-control: max-age=86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: R5q3X9rlJQ7U9_uoFYmwFgJxVmPDN8r-6o-6xJoDYjNsaAnW-9s9PA==
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)

GET
H2 200 / Show response
onetag-geo.s-onetag.com/ 24 B
428 B 40ms
40ms Fetch
application/json 13.33.139.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://onetag-geo.s-onetag.com/
Requested by: Host: signal-beacon.s-onetag.com
URL: https://signal-beacon.s-onetag.com/beacon.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-101.cph50.r.cloudfront.net
Software: /
Resource Hash: 06e73cdd74774a1d60c2570e0df7ee94b53077d478b1a0aad86ac5ad04f4e0af

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 09:38:36 GMT
via: 1.1 81f038b63d8af92c2b360530d51919c2.cloudfront.net (CloudFront), 1.1 f02d12ca65f35faca412663f5188aecd.cloudfront.net (CloudFront)
age: 22208
x-amzn-requestid: 55aaa227-baf7-47db-b7b1-43692b6be20c
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: MUC50-C1, CPH50-C2
x-amz-apigw-id: d3ssfFqVCYcF4iQ=
content-length: 24
x-amz-cf-id: y8GQgfMMwyHAEomWZ5i1YuVbiJPYLv96SX9lcnuMAJMca-wxGlhi2g==

POST
H3-29 200 /
www.facebook.com/tr/ 0
17 B 7ms
6ms Ping
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryQ5hyu8TiugJgzbOQ

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 16 Apr 2021 15:48:44 GMT
content-type: text/plain
access-control-allow-origin: https://www.themoscowtimes.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H/1.1 200
OK cms Show response
cms.vidazoo.com/api/ 9 KB
10 KB 338ms
107ms XHR
application/json 54.175.245.12
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cms.vidazoo.com/api/cms?limit=5&filter=%7B%22categories%22:[%22news%22],%22crawlerId%22:%225d87960e54e5830004201dad%22%7D&sort=%7B%22name%22:%22date%22,%22dir%22:-1%7D&user=551424a21b1b1f08006fb6f9
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/widgets/widget.js?widgetId=5e427f7da537320004d34f1a&widgetPosition=video-below-content&_=1618588123595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.175.245.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-175-245-12.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: 47465b002b7907cbc9b8f4ac7a52c173ff4b3eca3e3ec3536b6122d512aae50a

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:44 GMT
Via: 1.1 vegur
Server: Cowboy
Allow: POST, GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, x-accounts
Content-Length: 9515

GET
H/1.1 200
OK css
servergen.vidazoo.com/widgets/5e427f7da537320004d34f1a/ 0
421 B 107ms
107ms Stylesheet
text/css 54.243.166.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://servergen.vidazoo.com/widgets/5e427f7da537320004d34f1a/css?widgetId=5e427f7da537320004d34f1a&widgetPosition=video-below-content&_=1618588123595
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/widgets/widget.js?widgetId=5e427f7da537320004d34f1a&widgetPosition=video-below-content&_=1618588123595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.243.166.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-166-109.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:44 GMT
Via: 1.1 vegur
Server: Cowboy
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
Content-Length: 0

POST
H/1.1 200
OK json Show response
servergen.vidazoo.com/campaigns/551424a21b1b1f08006fb6f9/5e427f7ba537320004d34f17/ 3 KB
3 KB 112ms
112ms XHR
application/json 54.243.166.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://servergen.vidazoo.com/campaigns/551424a21b1b1f08006fb6f9/5e427f7ba537320004d34f17/json
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/vpt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.243.166.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-166-109.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: 054a80ae5dfa9d7ebbb86365e934451ce8624cd21de69ec8904763d7220e43d6

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Fri, 16 Apr 2021 15:48:44 GMT
Content-Encoding: gzip
Server: Cowboy
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.themoscowtimes.com
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
Content-Length: 2164
Via: 1.1 vegur

GET
H/1.1 200
OK sbt.js Show response
static.vidazoo.com/basev/1.0.533/ 562 KB
118 KB 241ms
241ms Script
application/javascript 69.16.175.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://static.vidazoo.com/basev/1.0.533/sbt.js
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/vpt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: /
Resource Hash: 56074b01ddd34894d1228a2da710440444bb3d37f66523af25ae3bdb0f7fd55d

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Apr 2021 13:25:08 GMT
ETag: "1618233908"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Cache-Control: max-age=78258
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Access-Control-Allow-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Content-Length: 119849
X-HW: 1618588123.dop246.fr8.t,1618588123.cds207.fr8.shn,1618588125.dop246.fr8.t,1618588125.cds264.fr8.c

GET
H/1.1 200
OK horizon_tweet.9a1486c56ce45426b4b402a38772a4d2.js Show response
platform.twitter.com/js/ 7 KB
3 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_tweet.9a1486c56ce45426b4b402a38772a4d2.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67F3) /
Resource Hash: d18c6d6e59f6af6b08174e8d3d0ed661b985715fe3949c4170a0af1546995b79

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Apr 2021 22:44:20 GMT
Server: ECS (frb/67F3)
Age: 57400
Etag: "c1cb24c0b21170a6db999d2be82f0bbc+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2443

GET
H/1.1 200
OK Tweet.html Show response
platform.twitter.com/embed/ Frame 0420 487 B
971 B 6ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668C) /
Resource Hash: f76b46135fa81747d8b937a43278410e8d9e322e78190b1cd17cf838d9766dec

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.themoscowtimes.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 572
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Fri, 16 Apr 2021 15:48:45 GMT
Etag: "1f717826186d7d667fa54f112bd59463"
Last-Modified: Tue, 13 Apr 2021 22:45:14 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/668C)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 487

GET
H/1.1 200
OK embed.runtime.ec8286a6a4887df701ad.js Show response
platform.twitter.com/embed/ Frame 0420 8 KB
4 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.runtime.ec8286a6a4887df701ad.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674B) /
Resource Hash: 6eecd264fecac0f3baa1c6514ba5c2b44557158f352515de6e803656ed979948

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 22:45:09 GMT
Server: ECS (frb/674B)
Age: 57400
Etag: "d0f950617c832801769c1a1d900ee8c4+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 3349

GET
H/1.1 200
OK embed.modules.5e1e58de5d2ab2585a55.js Show response
platform.twitter.com/embed/ Frame 0420 899 KB
283 KB 15ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.modules.5e1e58de5d2ab2585a55.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668B) /
Resource Hash: 144bf8fa1ed44cf8536d60c5ff4a34d5482161a976b3b100663b6a165f27beec

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 22:45:09 GMT
Server: ECS (frb/668B)
Age: 57400
Etag: "75c0956acff8ca9c225a5f679a47b3c9+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 288930

GET
H/1.1 200
OK embed.i18n.f23123f5b7a17d3dda19.js Show response
platform.twitter.com/embed/ Frame 0420 145 B
649 B 24ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.i18n.f23123f5b7a17d3dda19.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668A) /
Resource Hash: 29e81df2e6a12f9a88533c12d164d616714579f8e1b9f059dba1e9f5c56a8ead

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Tue, 13 Apr 2021 22:45:09 GMT
Server: ECS (frb/668A)
Age: 57400
Etag: "e88050c3ed3ac1ac3ce267320efc5b61"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 145

GET
H/1.1 200
OK embed.Tweet.5f40fc76d9343cf40dc4.js Show response
platform.twitter.com/embed/ Frame 0420 15 KB
6 KB 26ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.Tweet.5f40fc76d9343cf40dc4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668A) /
Resource Hash: b26d782d43592764b4638a4b605300848539a14adb2495340f5ac12c0e6aee51

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 22:45:09 GMT
Server: ECS (frb/668A)
Age: 57400
Etag: "5f7961988151bd1b93987c4ac7cf30f0+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5589

GET
H/1.1 200
OK embed.vendors~ondemand.horizon-web.en-js.61cdf1774587c1f95e99.js Show response
platform.twitter.com/embed/ Frame 0420 20 KB
7 KB 7ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.en-js.61cdf1774587c1f95e99.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.ec8286a6a4887df701ad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6731) /
Resource Hash: d27910197214323c01182b91f3674aafd20260f85ab8ef54b6358be6e453ca8e

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 22:45:09 GMT
Server: ECS (frb/6731)
Age: 57400
Etag: "e6d6ea6fcbde58bba05b838806bfda83+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 6780

GET
H/1.1 200
OK embed.ondemand.i18n.en-js.80e9a53ba16ffec58718.js Show response
platform.twitter.com/embed/ Frame 0420 4 KB
2 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.80e9a53ba16ffec58718.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.ec8286a6a4887df701ad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67A7) /
Resource Hash: ba5d4ad2291eb8531da85d9f1f58db9e7e78bae8515efb10c52ad65cc3deaec6

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 22:45:09 GMT
Server: ECS (frb/67A7)
Age: 57400
Etag: "f534e52205cb13fc9f6142e55e126a87+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 1760

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.Tweet.f32716689b77a8ca288c.js Show response
platform.twitter.com/embed/ Frame 0420 1 MB
155 KB 8ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.Tweet.f32716689b77a8ca288c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.ec8286a6a4887df701ad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6713) /
Resource Hash: 5cf118e6f30d488d438172ad5d9b103700dfef7681c1dc405674d21d295d3d37

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 22:45:09 GMT
Server: ECS (frb/6713)
Age: 57400
Etag: "c2267538527090017864a47157d7e684+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 158067

GET
H/1.1 200
OK embed.vendors~loader.UserAvatar~ondemand.Tweet.7abb172d79a1b5b37ef8.js Show response
platform.twitter.com/embed/ Frame 0420 25 KB
9 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~loader.UserAvatar~ondemand.Tweet.7abb172d79a1b5b37ef8.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.ec8286a6a4887df701ad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6772) /
Resource Hash: ac0271c0baa09b72774a933539b0a0c6dc0497a2ccc9ff2f7a045b4ee0222316

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 22:45:09 GMT
Server: ECS (frb/6772)
Age: 57400
Etag: "8f3c1c4901ad01cef053f8435a1cfba3+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 8237

GET
H/1.1 200
OK embed.vendors~ondemand.Tweet.3521a48f2517aec4f13c.js Show response
platform.twitter.com/embed/ Frame 0420 366 KB
88 KB 8ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.3521a48f2517aec4f13c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.ec8286a6a4887df701ad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6795) /
Resource Hash: 815b535e0883ba9b247dc7f4c38b1c191ec799fa44b587d86126a5722405da36

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 22:45:09 GMT
Server: ECS (frb/6795)
Age: 57400
Etag: "a3a2de92018dac5fc543e7ed9ed48415+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 89825

GET
H/1.1 200
OK embed.ondemand.Tweet.1056e74a66175c01f38c.js Show response
platform.twitter.com/embed/ Frame 0420 57 KB
14 KB 8ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Tweet.1056e74a66175c01f38c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.ec8286a6a4887df701ad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674D) /
Resource Hash: 240c0dd6c0dc6775702a4c436f4e1db94c533e7e83ce346fd93bf26b7d2f56df

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 22:45:09 GMT
Server: ECS (frb/674D)
Age: 57400
Etag: "10da95d5bf7da792a8e44a6fdb33a484+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14140

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3F09 0
0 61ms
60ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstsBoL0nDY-5Q5hn1Tb2OqJRw76_eQCFWbXlj0NTMVuE7V7CECecsIGztcXOTlxypkjWOrAK4Mp3MU6z8GtNDiwZ-khRMeriUoC8FFCPtE0pizHNYQJ9RdvzmkGioyluKqH7HZkll-3YZfkn2Od99vZMUbfNN4vpva-0TcotZgTRNnB_OnXPWroIunDvg-Damdw_ylYJpJ_YA1w0FLyPcnfPZDBDmPHcj_koQbr0ogLt7NqIlBTIUZ3pam_9OHNOgj4_8eulk5Qatw_oMNDQeJml-9acF16iVoW_J3HAZColOVhT2i0geFQrdasDXTvEM5MeSsC&sai=AMfl-YRwe4u1NNLdj8Wm4LR-FtDQpg5g6Q_cP9EJobMWTywvpqLbU4sFAI9FiEp5kafNX508zw4b8SQ-FbcPNhdMf8P9qGUJF3yl9TLeHMNRkttUOx_DKfDr28gjPgCVOKC0&sig=Cg0ArKJSzOjHCRXwVvmUEAE&urlfix=1&adurl=

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 16 Apr 2021 15:48:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 16 Apr 2021 15:48:45 GMT

GET
H2 200 t.js Show response
likevertising.com/ Frame 3F09 18 KB
18 KB 215ms
114ms Script
application/javascript 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/t.js?i=b2q9ssvr0rctu7elxrne&cb=1823481618588125269
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: 149e3210759592a2b5e193db3b86614cb476c8a7f166d7aac16356534e0587fa

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:45 GMT
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: Pt8-iS0BFzCVt4jlKDyyWUuT8yFrex2XxUpyVZec7bDGCQFnVOpS_g==
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3F09 118 KB
36 KB 27ms
25ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423651533291"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:45 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame F48C 0
0 68ms
67ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvXQrsUMov3XaPKDIbEjVAbQorU2pbTBKsgfN54hEruVQD55SfDfZt5heX6xjfY8GeyFdVp0Pebt3VgVMiRRR4pcQeIcWVEIGphNh0f_8Ctdu9qGINbO-Ka6pu0mYObbJe6hlJNNPIqN7WwHmK2DgtIyW3Bn0ahiLuax04Ce_AW1RM31AihosNQRNveBpUE3_I9FieNvz9zCx08e-Mzt7Ez_QBh5kU95qRWcUi1HorUQKOQABJeA8IRwirJlzkKZsELU4ZPmuyZc8XBZTktTSgpzNW1jreRQFrafu1TBiDP93MsqWJoLPG341Iw_97wpCWUs48A700&sai=AMfl-YQw-YRbWeDAi3ULw5CDH3wH1MR1u4BWXEJWPQTPjDXtbFP630KpksBjHlRtMXUB84fu8E7BdHAR-ODS9si5ghloHNyPCh4xYTa3gDHh0cnFy-GETKxLx48U_dPP-OjV&sig=Cg0ArKJSzFxymzmQykoiEAE&urlfix=1&adurl=

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 16 Apr 2021 15:48:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 16 Apr 2021 15:48:45 GMT

GET
H2 200 t.js Show response
likevertising.com/ Frame F48C 18 KB
18 KB 194ms
98ms Script
application/javascript 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/t.js?i=ozq8lklz3e1znpqig3c&cb=3407401618588125274
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: 4db939cb249bb33bd5237ca03db7ea12e346b4fd1d2a88b63db040a03b40bde6

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:45 GMT
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: -qV1_zLcUsSbhiLa1ZZqua06Y7l_JoSTkFY_atruKQBU_ppXdWHOig==
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F48C 118 KB
36 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423651533291"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:45 GMT

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423639646658"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28266
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:45 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 9 KB
7 KB 22ms
18ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021041301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7cfcec57fec243f2ce36a29c4b5c0bd8398516274104bfaea61ea815371ae4f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 16 Apr 2021 15:48:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7106
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3F09 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 233da459a004b049e5403a8a857e8d53937ceb746a89875dd075e515ca55b1f5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:45 GMT

GET
DATA 200
OK truncated
/ Frame F48C 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b4dbcd16c1aa3c0409a55b05b6689099bd86ab707df2a1e0e87186ef089b11d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK / Show response
pl.vidazoo.com/pix/ 7 B
635 B 1429ms
169ms XHR
application/json 34.226.165.133
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pl.vidazoo.com/pix/?trace=5YR12aOOZZxhAo5yKGm0mKnhCSnBXAFd5UH9haGtPRnBfBVtnQzo8Pyg5DyQBQVtxQwIgIDMUBCBAAFd7QWcYMzQcBzYcFTcfQX5%2FdGpDSBYGW09%2FWm83bG5RSAAfRRUuNiotETMMR3RcAld4V29nERIsJQ1DFRUiCipvHT8bAy5GFTojEyAiP3VAUW9fG014WXZhbWhYOyAJVAsiTnp8bXRLXmMS&_=1618588125521
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/1.0.533/sbt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.165.133 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-226-165-133.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: 010f48523b8a9f1fb0f56721e6177fdbfcfc7bbd4e117ad2180d1c73f8c9d113

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:46 GMT
Via: 1.1 vegur
Server: Cowboy
Access-Control-Allow-Methods: GET, HEAD, OPTIONS, POST
P3p: CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
Access-Control-Allow-Origin: https://www.themoscowtimes.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 7

GET
H/1.1 200
OK milkshake_default.js Show response
static.vidazoo.com/basev/skins/milkshake_default/ 71 KB
21 KB 22ms
22ms Script
application/javascript 69.16.175.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://static.vidazoo.com/basev/skins/milkshake_default/milkshake_default.js
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/1.0.533/sbt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: /
Resource Hash: 50e0396cf1a13445d813fff90d50fc912e259aecd3dd0715436473e5e70fe532

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Apr 2020 12:23:25 GMT
ETag: "1586175805"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Cache-Control: max-age=11389
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Access-Control-Allow-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Content-Length: 20005
X-HW: 1618588123.dop246.fr8.t,1618588123.cds207.fr8.shn,1618588125.dop246.fr8.t,1618588125.cds264.fr8.c

GET
BLOB 200
OK 4671c67a-5302-40ae-afdf-00dd69c791af
https://www.themoscowtimes.com/ 1 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.themoscowtimes.com/4671c67a-5302-40ae-afdf-00dd69c791af
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee441245ef85f538030acf5e534d1cf2664c18289cec8cc0d84656ffb0e0a95d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 1205

GET
H/1.1 206
Partial Content blank.mp4
static.vidazoo.com/basev/ 891 B
2 KB 22ms
22ms Media
video/mp4 69.16.175.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://static.vidazoo.com/basev/blank.mp4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: /
Resource Hash: c957adaf4326a8636ad68fc78acb194b96b34bbeba09daf6b36c74975ac37d21

Request headers

Referer: https://www.themoscowtimes.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Date: Fri, 16 Apr 2021 15:48:45 GMT
Content-Range: bytes 0-890/891
Last-Modified: Mon, 06 Apr 2020 12:07:11 GMT
ETag: "1586174831"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Cache-Control: max-age=65338
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: video/mp4
Access-Control-Allow-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Content-Length: 891
X-HW: 1618588123.dop246.fr8.t,1618588123.cds207.fr8.shn,1618588125.dop246.fr8.t,1618588125.cds264.fr8.c

GET
BLOB 200
OK fe5935c4-eb5f-4b07-8ad5-c69f04192ff5
https://www.themoscowtimes.com/ 2 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.themoscowtimes.com/fe5935c4-eb5f-4b07-8ad5-c69f04192ff5
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 49f1a2c2a58efaebd1f9e0143e9cb03766cb05b386a36e330e4684dc35ee1401

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 1583

GET
H2 200 tweet Show response
cdn.syndication.twimg.com/ Frame 0420 2 KB
2 KB 191ms
162ms XHR
application/json 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweet?features=tfw_experiments_cookie_expiration%3A1209600%3Btfw_horizon_tweet_embed_9555%3Ahte&id=1189908746912387072&lang=en

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.5e1e58de5d2ab2585a55.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f / Express

Resource Hash

19134276a40d0a715959e6ef1d34e8d4dd7499b7ce09b00b42624939a87b9473

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding: gzip
etag: W/"780-phqqlRMaiGDz9Zr3XQo6g+417JU"
x-powered-by: Express
access-control-allow-methods: GET
strict-transport-security: max-age=631138519
x-xss-protection: 0
x-response-time: 142
server: tsa_f
x-frame-options: SAMEORIGIN
date: Fri, 16 Apr 2021 15:48:45 GMT
vary: Origin, Accept-Encoding
x-tw-cdn: VZ, VZ
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=60
access-control-allow-credentials: true
x-connection-hash: dc8d40cfb76ffd4b1b09f50058bb702c
x-content-type-options: nosniff
access-contol-allow-origin: platform.twitter.com

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 6353 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Fri, 16 Apr 2021 15:45:22 GMT
expires: Sat, 16 Apr 2022 15:45:22 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 203
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 39C6 63 KB
21 KB 34ms
34ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: likevertising.com
URL: https://likevertising.com/t.js?i=ozq8lklz3e1znpqig3c&cb=3407401618588125274

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

sffe /

Resource Hash

391a7bcc289c1f27081705dad73d67abf9d809c5acb1be3fd53695c629c2f659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "844 / 583 of 1000 / last-modified: 1618571343"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21140
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:45 GMT

GET
H2 200 async_usersync Show response
likevertising.com/ Frame B1F9 9 KB
9 KB 104ms
103ms Document
text/html 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/async_usersync?i=ozq8lklz3e1znpqig3c&a=3f438269c50c900a489ac681b8b2a85d5&cb=1289791618588125757
Requested by: Host: likevertising.com
URL: https://likevertising.com/t.js?i=ozq8lklz3e1znpqig3c&cb=3407401618588125274
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: 435fce0c565a910b4c89789482dbd05452bd867bf5a497a253b4d74f65cc8793

Request headers

:method: GET
:authority: likevertising.com
:scheme: https
:path: /async_usersync?i=ozq8lklz3e1znpqig3c&a=3f438269c50c900a489ac681b8b2a85d5&cb=1289791618588125757
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=91e754520e1497f480e43cfdd3325113b3d74d87
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

content-type: text/html; charset=UTF-8
date: Fri, 16 Apr 2021 15:48:45 GMT
x-cache: Miss from cloudfront
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: yN2uxmDFEprLvf0GhNIVUAjpZWC60lemnrUx3P9UjatVoVHJpwo6uA==

GET
H2 200 async_usersync Show response
likevertising.com/ Frame 09EE 9 KB
9 KB 97ms
97ms Document
text/html 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/async_usersync?i=ozq8lklz3e1znpqig3c&a=6edc5c89447c574ef4cea93f1f2f891a7&cb=6250641618588125759
Requested by: Host: likevertising.com
URL: https://likevertising.com/t.js?i=ozq8lklz3e1znpqig3c&cb=3407401618588125274
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: 435fce0c565a910b4c89789482dbd05452bd867bf5a497a253b4d74f65cc8793

Request headers

:method: GET
:authority: likevertising.com
:scheme: https
:path: /async_usersync?i=ozq8lklz3e1znpqig3c&a=6edc5c89447c574ef4cea93f1f2f891a7&cb=6250641618588125759
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=91e754520e1497f480e43cfdd3325113b3d74d87
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

content-type: text/html; charset=UTF-8
date: Fri, 16 Apr 2021 15:48:45 GMT
x-cache: Miss from cloudfront
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: 58FWYkkqPIPb5CbVkWvix6M4GrUWGggNbos9x3A5_ngepHEfI34PLg==

GET
H2 200 usersync Show response
likevertising.com/ Frame 96FD 9 KB
9 KB 97ms
96ms Document
text/html 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/usersync?i=ozq8lklz3e1znpqig3c&a=0663c4e8643197170d2aea8d47191c277&cb=7319591618588125763
Requested by: Host: likevertising.com
URL: https://likevertising.com/t.js?i=ozq8lklz3e1znpqig3c&cb=3407401618588125274
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: 435fce0c565a910b4c89789482dbd05452bd867bf5a497a253b4d74f65cc8793

Request headers

:method: GET
:authority: likevertising.com
:scheme: https
:path: /usersync?i=ozq8lklz3e1znpqig3c&a=0663c4e8643197170d2aea8d47191c277&cb=7319591618588125763
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=91e754520e1497f480e43cfdd3325113b3d74d87
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

content-type: text/html; charset=UTF-8
date: Fri, 16 Apr 2021 15:48:45 GMT
x-cache: Miss from cloudfront
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: T2_8P9eFc3pLzpR14234B_8TGh1vEY4Bbf05voTZTI5pnZ13IFy5kQ==

GET
H2 200 usync Show response
likevertising.com/ Frame 3ADC 2 KB
1 KB 98ms
98ms Document
text/html 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/usync?i=ozq8lklz3e1znpqig3c&a=212f87a9373ade82747a9703475edc409&cb=4518051618588125764
Requested by: Host: likevertising.com
URL: https://likevertising.com/t.js?i=ozq8lklz3e1znpqig3c&cb=3407401618588125274
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: ebb9ccd7e633b6add76b5839940681d91b486e8e37f8e9a4709f15904b768175

Request headers

:method: GET
:authority: likevertising.com
:scheme: https
:path: /usync?i=ozq8lklz3e1znpqig3c&a=212f87a9373ade82747a9703475edc409&cb=4518051618588125764
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=91e754520e1497f480e43cfdd3325113b3d74d87
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Fri, 16 Apr 2021 15:48:45 GMT
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: hpuhRUkPPQn0fh_od9OS7dOFZawnvuNdMmcvuyvLe_rvE-ceg9BMxA==

GET
H2 200 usersync Show response
likevertising.com/ Frame 209B 2 KB
1 KB 97ms
97ms Document
text/html 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/usersync?i=ozq8lklz3e1znpqig3c&a=87a35e76bc314113496756222bdcb5fa5&cb=6581331618588125765
Requested by: Host: likevertising.com
URL: https://likevertising.com/t.js?i=ozq8lklz3e1znpqig3c&cb=3407401618588125274
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: 234d48220a4763b35e1ad644dba7c68f5119ce179153535f60a20297f3558caa

Request headers

:method: GET
:authority: likevertising.com
:scheme: https
:path: /usersync?i=ozq8lklz3e1znpqig3c&a=87a35e76bc314113496756222bdcb5fa5&cb=6581331618588125765
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=91e754520e1497f480e43cfdd3325113b3d74d87
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Fri, 16 Apr 2021 15:48:45 GMT
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: uJwL6nj2LK85pGtLcsN29YAn4-gyH5BFOBbP8YyBkJtlnulSYfTcSQ==

GET
H2 200 usync Show response
likevertising.com/ Frame CC12 2 KB
2 KB 94ms
94ms Document
text/html 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/usync?i=ozq8lklz3e1znpqig3c&a=4f4a4c72e5d91df7438c43d8a6ef40cd1&cb=7651761618588125766
Requested by: Host: likevertising.com
URL: https://likevertising.com/t.js?i=ozq8lklz3e1znpqig3c&cb=3407401618588125274
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: faa29af882ddfc0fc714ab1287771fe2d94452b0ed1d6c5d8fc830312860f52e

Request headers

:method: GET
:authority: likevertising.com
:scheme: https
:path: /usync?i=ozq8lklz3e1znpqig3c&a=4f4a4c72e5d91df7438c43d8a6ef40cd1&cb=7651761618588125766
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=91e754520e1497f480e43cfdd3325113b3d74d87
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

content-type: text/html; charset=UTF-8
content-length: 1875
date: Fri, 16 Apr 2021 15:48:45 GMT
x-cache: Miss from cloudfront
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: XiFvHmU0Ee56eUobCylG2OAQn7kAuhiu9op30fq8Z30og3FK2GpuJg==

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 88A1 63 KB
21 KB 39ms
37ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: likevertising.com
URL: https://likevertising.com/t.js?i=b2q9ssvr0rctu7elxrne&cb=1823481618588125269

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

sffe /

Resource Hash

391a7bcc289c1f27081705dad73d67abf9d809c5acb1be3fd53695c629c2f659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "844 / 673 of 1000 / last-modified: 1618571343"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21140
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:45 GMT

GET
H2 200 stats Show response
likevertising.com/ Frame BED4 2 KB
2 KB 104ms
104ms Document
text/html 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/stats?i=b2q9ssvr0rctu7elxrne&a=42995271e73e9db492ff35b40498d85b5&cb=7250621618588125779
Requested by: Host: likevertising.com
URL: https://likevertising.com/t.js?i=b2q9ssvr0rctu7elxrne&cb=1823481618588125269
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: d7032bca089ded934885262dd86ef3b6381b6a039f00f7644b8699864e995374

Request headers

:method: GET
:authority: likevertising.com
:scheme: https
:path: /stats?i=b2q9ssvr0rctu7elxrne&a=42995271e73e9db492ff35b40498d85b5&cb=7250621618588125779
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=91e754520e1497f480e43cfdd3325113b3d74d87
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

content-type: text/html; charset=UTF-8
content-length: 1874
date: Fri, 16 Apr 2021 15:48:45 GMT
x-cache: Miss from cloudfront
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: qEbxhwp9Pqx5Esn1JYPS8HwE3stgqVr84I0ORG7-Vu1cfxqgMXxSyw==

GET
H2 200 counter Show response
likevertising.com/ Frame D4DD 2 KB
2 KB 99ms
98ms Document
text/html 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/counter?i=b2q9ssvr0rctu7elxrne&a=798b3c9db127d443eca7398dcf6ff2539&cb=9925431618588125781
Requested by: Host: likevertising.com
URL: https://likevertising.com/t.js?i=b2q9ssvr0rctu7elxrne&cb=1823481618588125269
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: d471fca96620458724db33f0271e221a6117003d4ffb473a472046cff5eae2b8

Request headers

:method: GET
:authority: likevertising.com
:scheme: https
:path: /counter?i=b2q9ssvr0rctu7elxrne&a=798b3c9db127d443eca7398dcf6ff2539&cb=9925431618588125781
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=91e754520e1497f480e43cfdd3325113b3d74d87
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

content-type: text/html; charset=UTF-8
content-length: 1632
date: Fri, 16 Apr 2021 15:48:45 GMT
x-cache: Miss from cloudfront
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: SS4drfRsDjVMOT4d6gU2L13c8CUUk034hieXChJCy3EJTUs7rCY-nQ==

GET
H2 200 stat Show response
likevertising.com/ Frame E8AD 9 KB
9 KB 99ms
98ms Document
text/html 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/stat?i=b2q9ssvr0rctu7elxrne&a=381b3593439a32d7eb976a934b5655d61&cb=5515571618588125783
Requested by: Host: likevertising.com
URL: https://likevertising.com/t.js?i=b2q9ssvr0rctu7elxrne&cb=1823481618588125269
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: 6ae86cd94a73128274286ed932f05602f19ee7ad9d1af92d4a3b58f9774a9bfc

Request headers

:method: GET
:authority: likevertising.com
:scheme: https
:path: /stat?i=b2q9ssvr0rctu7elxrne&a=381b3593439a32d7eb976a934b5655d61&cb=5515571618588125783
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=91e754520e1497f480e43cfdd3325113b3d74d87
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

content-type: text/html; charset=UTF-8
date: Fri, 16 Apr 2021 15:48:45 GMT
x-cache: Miss from cloudfront
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: grPpN4oL9xVarCId1sMnoDxKSOZX7xBBbvWiHXdAMa7pc8Ze7Lq5sw==

GET
H2 200 usersync Show response
likevertising.com/ Frame 4125 9 KB
9 KB 94ms
92ms Document
text/html 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/usersync?i=b2q9ssvr0rctu7elxrne&a=56a2b13f3aa682806e16e152c8c768697&cb=2070681618588125785
Requested by: Host: likevertising.com
URL: https://likevertising.com/t.js?i=b2q9ssvr0rctu7elxrne&cb=1823481618588125269
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: 6ae86cd94a73128274286ed932f05602f19ee7ad9d1af92d4a3b58f9774a9bfc

Request headers

:method: GET
:authority: likevertising.com
:scheme: https
:path: /usersync?i=b2q9ssvr0rctu7elxrne&a=56a2b13f3aa682806e16e152c8c768697&cb=2070681618588125785
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=91e754520e1497f480e43cfdd3325113b3d74d87
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

content-type: text/html; charset=UTF-8
date: Fri, 16 Apr 2021 15:48:45 GMT
x-cache: Miss from cloudfront
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: P4iswb1ctNkKJKXmyuLft7cjbq--AvlqZ2l684Ve2MMZrInbkPcbSQ==

GET
H2 200 counter Show response
likevertising.com/ Frame 5D7A 9 KB
9 KB 99ms
99ms Document
text/html 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/counter?i=b2q9ssvr0rctu7elxrne&a=71fe11d01084140e99d087fe51ae4cfc5&cb=7702561618588125786
Requested by: Host: likevertising.com
URL: https://likevertising.com/t.js?i=b2q9ssvr0rctu7elxrne&cb=1823481618588125269
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: 6ae86cd94a73128274286ed932f05602f19ee7ad9d1af92d4a3b58f9774a9bfc

Request headers

:method: GET
:authority: likevertising.com
:scheme: https
:path: /counter?i=b2q9ssvr0rctu7elxrne&a=71fe11d01084140e99d087fe51ae4cfc5&cb=7702561618588125786
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=91e754520e1497f480e43cfdd3325113b3d74d87
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

content-type: text/html; charset=UTF-8
date: Fri, 16 Apr 2021 15:48:45 GMT
x-cache: Miss from cloudfront
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: 9bn63q92FDpYcoK4NWqWvSqX1A9Er57sEZaKFvn4XweYBKgy3dteGg==

GET
H2 200 sync Show response
likevertising.com/ Frame 105F 2 KB
2 KB 127ms
127ms Document
text/html 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://likevertising.com/sync?i=b2q9ssvr0rctu7elxrne&a=6965507efc6b22ad0bb46f9e614d09d69&cb=7024631618588125787
Requested by: Host: likevertising.com
URL: https://likevertising.com/t.js?i=b2q9ssvr0rctu7elxrne&cb=1823481618588125269
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: 3fd54b4388f4d46c57f1ea0452307f0b54841d4e3ca1320a0408da973765acdc

Request headers

:method: GET
:authority: likevertising.com
:scheme: https
:path: /sync?i=b2q9ssvr0rctu7elxrne&a=6965507efc6b22ad0bb46f9e614d09d69&cb=7024631618588125787
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=91e754520e1497f480e43cfdd3325113b3d74d87
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

content-type: text/html; charset=UTF-8
content-length: 1677
date: Fri, 16 Apr 2021 15:48:45 GMT
x-cache: Miss from cloudfront
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: OlWw0PTf3Hg6DFjvWimICVmXDfQmDTxnyPH9A4fE_hvI3gOqJUXQ7Q==

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
application/x-font-ttf

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e38335b8da3a11b4a278e7572f99a3990da81b9764b7526bd7b69ec0c6a57c84

Request headers

Origin: https://www.themoscowtimes.com
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/x-font-ttf;charset=utf-8

GET
H3-29 200 u-4l0qyriQwlOrhSvowK_l5-eR7lXff4jvw.woff2
fonts.gstatic.com/s/merriweather/v22/ 19 KB
19 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4l0qyriQwlOrhSvowK_l5-eR7lXff4jvw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900|Merriweather:300,300i,400,900

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09be9cbb415140e78ac6b11f26a83d9b4aeabc54995b11f04eac9b248ff312df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.themoscowtimes.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 10:24:20 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:06:17 GMT
server: sffe
age: 105865
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19096
x-xss-protection: 0
expires: Fri, 15 Apr 2022 10:24:20 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame F48C 0
0 114ms
58ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvEngt7u4zZtep62XaSqqMewDY4eZj27w9JW7u83X-U1XFrvZGzlY_STJ_jSOVkEKO23Y3ceq8EW4NYWdPBvc5Qi6Szmq6pR74OVH4DqrYXUNVAmbw6wCo7BtolTvySngMKjXlv1f7QKxXNIgFxYPvD0aCk6PtRUZ5WG4nsiEK5TKr1pt1_FEI_YGdUaXNLQgsJrbxP3ABPypoScLMnuTCz9K2-JA6_oe-u9yzQbOTiAckHwkrEVjiFMN5eACWLoDxqmFg7HV4SzbQ4QLCeq6irOCVRZceLtBnWmiDDM4GzFH7auceWv4MJP2t0R4okKnFw6g4dJ7HNSg&sai=AMfl-YR6hYIZx9r7K0u2yd-AQ14p-iailJETQIiXOI1TEx8TG88HS4gJDaIXQ4dx2NfslI2S8XLfpNq4u_UXrCVP3_Dzk_PJvfHsHCUqULPQgiq-7pEeypkZSZjM157VauDk&sig=Cg0ArKJSzPHR86GuRcoqEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 16 Apr 2021 15:48:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 16 Apr 2021 15:48:45 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3F09 0
0 111ms
58ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu7QSpt2pvgPvcBUOlC-a_r6Py6ybghl_Q_uGeTiRcNTD17-MkEdUIhTFPT24BX-UdBCMEkHKdrF-FLp9FXDhA2OsDca5F_rSEbzzDUTp6Kcpy8gcAC45ak5XYiYo7KaRFzOZEPYiZdqtt3f4QEcEV8L4y2wrWC2Hew4HDu3ROhSOgWL0JQxS7OkWvDROsnC9GCwlhOzosL_gMA3X73e1nrMeORs09kEzNzDg8FIKmXmGoGmMpT9xV06UgRmn2CXt8w-GT4SVc2cEjkM3nz6ekebtV4_2GjJd9FLrN8NgcSy_66wXMGx4AlCcleG8yEOzZQoIFPYK4&sai=AMfl-YQblHLWBGbcaO9K0BEbl4zKQJNVLmR-USlJUocvDP0oFKlPoNJZKFVKGi6H7PbXU0yPVL4SMJy2aM0F70omVhiwU7YN3OHWwBj0_ZPfq9dRJ322CUWrHlGmkWB9jB-3&sig=Cg0ArKJSzJNNeRYRLqSOEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 16 Apr 2021 15:48:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 16 Apr 2021 15:48:45 GMT

GET
H2 206 5e56a0d85173f1c571d9efdd361d227d386c728b_540p.mp4
inventory.vidazoo.com/551424a21b1b1f08006fb6f9/5e56a0d85173f1c571d9efdd361d227d386c728b/ 3 MB
0 539ms
461ms Media
video/mp4 2a02:26f0:6c00::210:ba12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://inventory.vidazoo.com/551424a21b1b1f08006fb6f9/5e56a0d85173f1c571d9efdd361d227d386c728b/5e56a0d85173f1c571d9efdd361d227d386c728b_540p.mp4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.themoscowtimes.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
x-amz-request-id: PMGZGVC9AJ9ZVD7R
Content-Range: bytes 0-5177943/5177944
Content-Length: 5177944
x-amz-id-2: z2V8Ufb7fHcEsV3FHygst2/TvgKNS9ZFWaR/+VW3twsgjcZ+pB0q/3m6B7C7KR+TegcIFTlIX4I=
last-modified: Mon, 10 Aug 2020 19:32:04 GMT
server: AmazonS3
etag: "e1ebf32eaad3b61dd72d9cbe06b3a323"
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: video/mp4
access-control-allow-origin: *
access-control-expose-headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
cache-control: public, max-age=28217569
accept-ranges: bytes
access-control-allow-headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
expires: Wed, 09 Mar 2022 06:01:35 GMT

GET
H2 200 pxl.jpg
likevertising.com/ Frame F48C 597 B
830 B 69ms
67ms Image
image/jpeg 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://likevertising.com/pxl.jpg?i=ozq8lklz3e1znpqig3c&s=775&p=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&rstk=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&h=5137861618588125903
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: af64a6f3ffc388b91cd70eae25893f7bea7e8e7d84d2c2b41c378cfbe13651ff

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:45 GMT
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
content-length: 597
x-amz-cf-id: CrVwwXk2M40R0iW3ENyq025s9mtrssszkoYhAwHScw9_uidKJBMA6w==
x-cache: Miss from cloudfront
content-type: image/jpeg; charset=UTF-8

GET
H/1.1 200
OK embed.vendors~loaders.video.VideoPlayerDefaultUI.99e0a74f7de7e6a11ba5.js Show response
platform.twitter.com/embed/ Frame 0420 116 KB
27 KB 7ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~loaders.video.VideoPlayerDefaultUI.99e0a74f7de7e6a11ba5.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.ec8286a6a4887df701ad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C2) /
Resource Hash: 43fec5b24303c81dfde89f375b2e3fe133801987af0dc8c9dffefbf293708d94

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 22:45:09 GMT
Server: ECS (frb/67C2)
Age: 57400
Etag: "43089d32ada3bfedaee60e52139ce504+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 27232

GET
H2 200 jot
syndication.twitter.com/i/ Frame 0420 43 B
384 B 136ms
136ms Image
image/gif 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1618588126001%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%22ff2e7cf%3A1618526400629%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MoscowTimes%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22MoscowTimes%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%225fe8eff%3A1618352504577%22%2C%22item_ids%22%3A%5B%221189908746912387072%22%5D%2C%22item_details%22%3A%7B%221189908746912387072%22%3A%7B%22item_type%22%3A0%7D%7D%7D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 110
pragma: no-cache
last-modified: Fri, 16 Apr 2021 15:48:46 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 0d2bf6c66b33682ea53043fc90e98442
x-transaction: 00b6ffc80076b180
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK embed.vendors~loaders.video.PlayerHls13.c1ff98cb19b0cce6b70c.js Show response
platform.twitter.com/embed/ Frame 0420 243 KB
72 KB 9ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~loaders.video.PlayerHls13.c1ff98cb19b0cce6b70c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.ec8286a6a4887df701ad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6712) /
Resource Hash: 92b6bddd3c046df7bafcae95b7d8a813a46718276ef34e14459560246b4394bc

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MoscowTimes&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1189908746912387072&lang=en&origin=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&sessionId=76829e67b2d2319ff1d5fa409e338dde1e72dcbf&siteScreenName=MoscowTimes&theme=light&widgetsVersion=ff2e7cf%3A1618526400629&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 22:45:09 GMT
Server: ECS (frb/6712)
Age: 57401
Etag: "4a5afe3bcba77206868befeab2d122f8+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 72693

GET
H2 200 jLus_qXIQevJxFWg.jpg
pbs.twimg.com/ext_tw_video_thumb/1189906731922530304/pu/img/ Frame 0420 95 KB
95 KB 252ms
114ms Image
image/jpeg 2600:1480:3000:e5::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/ext_tw_video_thumb/1189906731922530304/pu/img/jLus_qXIQevJxFWg.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1480:3000:e5:: , United States, ASN33905 (AKAMAI-AMS, NL),

Reverse DNS

Software

tsa_devel /

Resource Hash

bf311ee2e1200ea59413c6baef19303d40e28b876533efe89954938139627db5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
akamai-request-bc: [a=2.19.98.28,b=365111014,c=g,n=NL__SCHIPHOL,o=20940],[c=c,n=NL__AMSTERDAM,o=20940],[c=w,n=US_VA_ASHBURN,o=20940],[c=w,n=US_VA_ASHBURN,o=20940]
x-client-network: EIP
x-cache: "HIT"
server-timing: x-cache;"HIT", x-tw-cdn;"AK"
content-length: 96824
last-modified: Thu, 31 Oct 2019 14:05:26 GMT
server: tsa_devel
date: Fri, 16 Apr 2021 15:48:46 GMT
x-tw-cdn: "AK"
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 8a037e1f96f0757c6370f19adc7f8c3afb8e8b52da7b0d61cd11683007cb0129
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 pxl.jpg
likevertising.com/ Frame 3F09 597 B
831 B 71ms
70ms Image
image/jpeg 13.33.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://likevertising.com/pxl.jpg?i=b2q9ssvr0rctu7elxrne&s=775&p=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&rstk=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&h=3994801618588126065
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-84.cph50.r.cloudfront.net
Software: /
Resource Hash: af64a6f3ffc388b91cd70eae25893f7bea7e8e7d84d2c2b41c378cfbe13651ff

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
via: 1.1 0627ff40b5d116e8aeb618dfe60b85fa.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
content-length: 597
x-amz-cf-id: BR8zSWlrbuiWSrtha5XqBjMm7Q1zl75nwISlTeH5oR1gcT6vuuyR9A==
x-cache: Miss from cloudfront
content-type: image/jpeg; charset=UTF-8

GET
H3-29 200 pubads_impl_2021041501.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 39C6 299 KB
105 KB 37ms
31ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

sffe /

Resource Hash

21684099693050fe6fecb937bb35c94dac2dc990158ed38a53d44ae28fd9c6e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 15 Apr 2021 08:41:55 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107555
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:46 GMT

GET
H3-29 200 pubads_impl_2021041501.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 88A1 299 KB
105 KB 43ms
42ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

sffe /

Resource Hash

21684099693050fe6fecb937bb35c94dac2dc990158ed38a53d44ae28fd9c6e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 15 Apr 2021 08:41:55 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107555
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:46 GMT

GET
H2 200 281p18uE_normal.jpg
pbs.twimg.com/profile_images/1371959957428518912/ Frame 0420 2 KB
2 KB 44ms
16ms Image
image/jpeg 2600:1480:3000:e5::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1371959957428518912/281p18uE_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1480:3000:e5:: , United States, ASN33905 (AKAMAI-AMS, NL),

Reverse DNS

Software

tsa_devel /

Resource Hash

4dd894d760ed3ea63feaff1bb0ce045df654338d73cd22664d1007441117b3ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
x-client-network: EIP
x-cache: "HIT"
server-timing: x-cache;"HIT", x-tw-cdn;"AK"
content-length: 2035
last-modified: Tue, 16 Mar 2021 22:59:58 GMT
server: tsa_devel
date: Fri, 16 Apr 2021 15:48:46 GMT
x-tw-cdn: "AK"
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 1acd6038baccae292a8e98520b2d8cb25ccec430f8e70b4583656339f416ce89
akamai-request-bc: [a=2.19.98.28,b=365111015,c=g,n=NL__SCHIPHOL,o=20940]

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame 09EE 302 KB
88 KB 101ms
60ms Script
application/javascript 2606:4700:20::681a:b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: likevertising.com
URL: https://likevertising.com/async_usersync?i=ozq8lklz3e1znpqig3c&a=6edc5c89447c574ef4cea93f1f2f891a7&cb=6250641618588125759
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2520
content-type: application/javascript
x-amz-request-id: 9Y8FFSFYNCFVKG4W
x-amz-id-2: ZIEnlR2uRhqCrkFfkAr1Rgkcn73IMsFPoWCmH30Bvz5uLUOlQgD6TL6xLO89pyRolHlo+CTzgIw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IHHDEIYFb%2BIR91muJX%2FQPjlOxJEj9kLOvROkx%2FV8%2FK4XBHrKW0iXbkqWL%2FMnlLAacbgbv%2BIJD1jq%2BTzP4tnqJVpkyvRhcZBq2WvNVeXopL6SPjJqWZEjs%2BC3"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 097cf7e402000064792909a000000001
cf-ray: 640e8f4ccb276479-FRA

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame 96FD 302 KB
88 KB 61ms
60ms Script
application/javascript 2606:4700:20::681a:b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: likevertising.com
URL: https://likevertising.com/usersync?i=ozq8lklz3e1znpqig3c&a=0663c4e8643197170d2aea8d47191c277&cb=7319591618588125763
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2520
content-type: application/javascript
x-amz-request-id: 9Y8FFSFYNCFVKG4W
x-amz-id-2: ZIEnlR2uRhqCrkFfkAr1Rgkcn73IMsFPoWCmH30Bvz5uLUOlQgD6TL6xLO89pyRolHlo+CTzgIw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bcqhCyQ3HkH4nlupxs7Nm1CKWaKgHKWGcNtPSOsLUQv6p7DqX2wV0Sk07Rx6hi01V%2FSs5NgjTL61XAqFBTGZ%2Bl3vHMBL6iJG14JZl28OZuQuhCZSI4hLrxYS"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 097cf7e4090000647938983000000001
cf-ray: 640e8f4cdb296479-FRA

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame B1F9 302 KB
88 KB 38ms
38ms Script
application/javascript 2606:4700:20::681a:b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: likevertising.com
URL: https://likevertising.com/async_usersync?i=ozq8lklz3e1znpqig3c&a=3f438269c50c900a489ac681b8b2a85d5&cb=1289791618588125757
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2520
content-type: application/javascript
x-amz-request-id: 9Y8FFSFYNCFVKG4W
x-amz-id-2: ZIEnlR2uRhqCrkFfkAr1Rgkcn73IMsFPoWCmH30Bvz5uLUOlQgD6TL6xLO89pyRolHlo+CTzgIw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HfEdm5z38NSfYNUjT1uYMQqPP6cnL0P2EkpdEyNBJk6JYzF%2BOEDzHlJd9rPDfPx9i2ONRYAwoNKEfDGKlxmsMbZ2eRjLKSI2S8SBXMfYVt5Ctb%2Fq9wBjG8oj"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 097cf7e4120000647933a51000000001
cf-ray: 640e8f4ceb3a6479-FRA

GET
H2 200 async.js Show response
cdn.adtrue.com/rtb/ Frame CC12 7 KB
3 KB 59ms
26ms Script
application/x-javascript 2606:4700:10::6816:3181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/rtb/async.js
Requested by: Host: likevertising.com
URL: https://likevertising.com/usync?i=ozq8lklz3e1znpqig3c&a=4f4a4c72e5d91df7438c43d8a6ef40cd1&cb=7651761618588125766
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f979285e29b7738e79983b46d15f2c865f36ca1033937b4fd938af11798ef40f

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 16 Nov 2020 01:20:45 GMT
server: cloudflare
age: 13097544
etag: W/"5fb1d3ed-1c9f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 640e8f4d2eded6d1-FRA
cf-request-id: 097cf7e43b0000d6d1103f7000000001
expires: Thu, 11 Nov 2021 01:36:22 GMT

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame 209B 22 KB
6 KB 137ms
78ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=8135&uref=https%3A%2F%2Fwww.themoscowtimes.com%2F
Requested by: Host: likevertising.com
URL: https://likevertising.com/usersync?i=ozq8lklz3e1znpqig3c&a=87a35e76bc314113496756222bdcb5fa5&cb=6581331618588125765
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4d5e8667edc2c8b5f448fdd68f3305b070e34b7ef53bd3c2ae60c5c0d4d6985b

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 6324
expires: Fri, 16 Apr 2021 15:48:46 GMT

GET
H/1.1 200
OK fpi.js Show response
ap.lijit.com/www/delivery/ Frame 3ADC 5 KB
3 KB 82ms
28ms Script
text/javascript 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/www/delivery/fpi.js?z=689163&width=300&height=250
Requested by: Host: likevertising.com
URL: https://likevertising.com/usync?i=ozq8lklz3e1znpqig3c&a=212f87a9373ade82747a9703475edc409&cb=4518051618588125764
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: 53d3b513684b230591b0203df937048eb52f4e03e470ecf1ac2bf2477476da70

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:46 GMT
Content-Encoding: gzip
Server: nginx
ETag: W/"60468d89-1540"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap4ams1
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame 4125 302 KB
88 KB 46ms
44ms Script
application/javascript 2606:4700:20::681a:b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: likevertising.com
URL: https://likevertising.com/usersync?i=b2q9ssvr0rctu7elxrne&a=56a2b13f3aa682806e16e152c8c768697&cb=2070681618588125785
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2520
content-type: application/javascript
x-amz-request-id: 9Y8FFSFYNCFVKG4W
x-amz-id-2: ZIEnlR2uRhqCrkFfkAr1Rgkcn73IMsFPoWCmH30Bvz5uLUOlQgD6TL6xLO89pyRolHlo+CTzgIw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=accpwOM%2F1PeJa75O905GyI2jE07ZEPgKdKR%2F8nCnGamiUAX3Rb0PDPLdz9Ob3eDwa4J6XRHtJQt5bhNx4fZCZ%2Byfu8vCM0Vy6nvB9jEtwm0QsSmr%2B57WkN%2BA"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 097cf7e484000064794c96d000000001
cf-ray: 640e8f4d9b5e6479-FRA

GET
H/1.1 200
OK fpi.js Show response
ap.lijit.com/www/delivery/ Frame D4DD 5 KB
3 KB 28ms
27ms Script
text/javascript 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/www/delivery/fpi.js?z=689161&width=728&height=90
Requested by: Host: likevertising.com
URL: https://likevertising.com/counter?i=b2q9ssvr0rctu7elxrne&a=798b3c9db127d443eca7398dcf6ff2539&cb=9925431618588125781
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: 53d3b513684b230591b0203df937048eb52f4e03e470ecf1ac2bf2477476da70

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:46 GMT
Content-Encoding: gzip
Server: nginx
ETag: W/"60468d89-1540"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap4ams1
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame E8AD 302 KB
88 KB 35ms
35ms Script
application/javascript 2606:4700:20::681a:b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: likevertising.com
URL: https://likevertising.com/stat?i=b2q9ssvr0rctu7elxrne&a=381b3593439a32d7eb976a934b5655d61&cb=5515571618588125783
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2520
content-type: application/javascript
x-amz-request-id: 9Y8FFSFYNCFVKG4W
x-amz-id-2: ZIEnlR2uRhqCrkFfkAr1Rgkcn73IMsFPoWCmH30Bvz5uLUOlQgD6TL6xLO89pyRolHlo+CTzgIw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=V7nCLUVyASmsiQn5nxGDuzkyZbh11JK%2BZaMIpCT3P8l85W0gSDjifsDAYVulv0Dxi3qKA7lvloMQmGH%2BJOHftwZJBxUgg61BzeLIuMkqjD4p4%2FkoyiyC8Bnh"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 097cf7e48e0000647933a55000000001
cf-ray: 640e8f4dab636479-FRA

GET
H2 200 async.js Show response
cdn.adtrue.com/rtb/ Frame BED4 7 KB
3 KB 26ms
14ms Script
application/x-javascript 2606:4700:10::6816:3181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/rtb/async.js
Requested by: Host: likevertising.com
URL: https://likevertising.com/stats?i=b2q9ssvr0rctu7elxrne&a=42995271e73e9db492ff35b40498d85b5&cb=7250621618588125779
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f979285e29b7738e79983b46d15f2c865f36ca1033937b4fd938af11798ef40f

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 16 Nov 2020 01:20:45 GMT
server: cloudflare
age: 13097544
etag: W/"5fb1d3ed-1c9f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 640e8f4dcfb6d6d1-FRA
cf-request-id: 097cf7e49e0000d6d15e2ff000000001
expires: Thu, 11 Nov 2021 01:36:22 GMT

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame 5D7A 302 KB
88 KB 41ms
40ms Script
application/javascript 2606:4700:20::681a:b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: likevertising.com
URL: https://likevertising.com/counter?i=b2q9ssvr0rctu7elxrne&a=71fe11d01084140e99d087fe51ae4cfc5&cb=7702561618588125786
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2520
content-type: application/javascript
x-amz-request-id: 9Y8FFSFYNCFVKG4W
x-amz-id-2: ZIEnlR2uRhqCrkFfkAr1Rgkcn73IMsFPoWCmH30Bvz5uLUOlQgD6TL6xLO89pyRolHlo+CTzgIw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xTl6QJrzWMEFFb1NDtlPCHXmoRC2plErXxG3jeE3T323o6a%2FP51E9YSLccIeEeCMQwr1KRdIxR1Q%2FwH67%2FQt1Ib6Gaj374I87%2BYb87G7gbal0YwT%2FywgVaY8"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 097cf7e49e000064792c16a000000001
cf-ray: 640e8f4dcb686479-FRA

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame 105F 14 KB
4 KB 46ms
46ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=8136&uref=https%3A%2F%2Fwww.themoscowtimes.com%2F
Requested by: Host: likevertising.com
URL: https://likevertising.com/sync?i=b2q9ssvr0rctu7elxrne&a=6965507efc6b22ad0bb46f9e614d09d69&cb=7024631618588125787
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: feea4902784ecb3c8c5e08477106ca21ec77628933e61f6f69456f97d20e4d73

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 3703
expires: Fri, 16 Apr 2021 15:48:46 GMT

GET
H2 200 9DYQy1d-3EXDH0CA.m3u8 Show response
video.twimg.com/ext_tw_video/1189906731922530304/pu/pl/ Frame 0420 504 B
598 B 148ms
117ms XHR
application/x-mpegurl 2606:2800:233:1ab3:789:1032:20e3:21
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://video.twimg.com/ext_tw_video/1189906731922530304/pu/pl/9DYQy1d-3EXDH0CA.m3u8?tag=10

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.vendors~loaders.video.PlayerHls13.c1ff98cb19b0cce6b70c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:1ab3:789:1032:20e3:21 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FC9) /

Resource Hash

ad0042f76152083de3af1551a514fcf81eea46a8035bcc01ce0bcb661a8b3e86

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 790
content-length: 261
x-response-time: 11
surrogate-key: ext_tw_video ext_tw_video/bucket/1 ext_tw_video/1189906731922530304
last-modified: Thu, 31 Oct 2019 14:05:26 GMT
server: ECAcc (frc/8FC9)
x-tw-cdn: VZ, VZ
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0801fc47d13ae16652db74e33be66b2c
accept-ranges: bytes

GET
H3-29 200 wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js Show response
pagead2.googlesyndication.com/bg/ Frame 6353 14 KB
6 KB 24ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c24a517cf3dc453e6046e54ec1f6944bd762da6fc68447fcfa84c374723bbb09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 11:40:22 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 08 Apr 2021 09:18:00 GMT
server: sffe
age: 14904
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5710
x-xss-protection: 0
expires: Sat, 16 Apr 2022 11:40:22 GMT

GET
H2 200 integrator.js Show response
adservice.google.be/adsid/ Frame 88A1 107 B
799 B 126ms
47ms Script
application/javascript 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.be/adsid/integrator.js?domain=www.themoscowtimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 88A1 107 B
122 B 27ms
23ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.themoscowtimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 88A1 95 KB
21 KB 799ms
799ms XHR
text/plain 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3024109584693496&correlator=3215523070703584&output=ldjh&impl=fifs&eid=31060520%2C31060836%2C31060505%2C31060830&vrg=2021041501&ptt=17&sc=1&sfv=1-0-38&ecs=20210416&iu_parts=21671350435%2C970x90-themoscowtimes.com&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&cookie=ID%3D874c323e0f5ed1d9-222d7cb122bb000b%3AT%3D1618588123%3AS%3DALNI_MaMGR_NE8BUyOqu8O2xow4Jlgo_lw&cdm=www.themoscowtimes.com&bc=31&abxe=1&lmt=1618588126&dt=1618588126526&dlt=1618588125773&idt=728&ea=0&frm=23&biw=1600&bih=1200&isw=970&ish=90&oid=3&adxs=315&adys=12&adks=3938885534&ucis=45uw9i6pfew7&ifi=1&ifk=877855214&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&top=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x90&msz=970x-1&ga_vid=1288556040.1618588124&ga_sid=1618588127&ga_hid=1797172209&ga_fc=true&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

589512bb483d4e5cf52a2c41ddc93cbfd4cedc5049f695a500b0cf0594f40a55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21225
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.themoscowtimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 88A1 0
0 30ms
16ms Other
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ Frame 88A1 0
0 7ms
6ms Other
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 jLus_qXIQevJxFWg.jpg
pbs.twimg.com/ext_tw_video_thumb/1189906731922530304/pu/img/ Frame 0420 95 KB
95 KB 18ms
17ms Image
image/jpeg 2600:1480:3000:e5::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/ext_tw_video_thumb/1189906731922530304/pu/img/jLus_qXIQevJxFWg.jpg

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.5e1e58de5d2ab2585a55.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1480:3000:e5:: , United States, ASN33905 (AKAMAI-AMS, NL),

Reverse DNS

Software

tsa_devel /

Resource Hash

bf311ee2e1200ea59413c6baef19303d40e28b876533efe89954938139627db5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
akamai-request-bc: [a=2.19.98.28,b=365111844,c=g,n=NL__SCHIPHOL,o=20940]
x-client-network: EIP
x-cache: "HIT"
server-timing: x-cache;"HIT", x-tw-cdn;"AK"
content-length: 96824
last-modified: Thu, 31 Oct 2019 14:05:26 GMT
server: tsa_devel
date: Fri, 16 Apr 2021 15:48:46 GMT
x-tw-cdn: "AK"
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 8a037e1f96f0757c6370f19adc7f8c3afb8e8b52da7b0d61cd11683007cb0129
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK sync Show response
ap.lijit.com/ Frame 3ADC 87 KB
20 KB 34ms
32ms Script
text/javascript 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/sync
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/www/delivery/fpi.js?z=689163&width=300&height=250
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: bf7c9484fdc988e2ee44d62563d76afcd64cd75e1c9aae4c2fd195d9ba4fe649

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:46 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Mar 2021 20:48:41 GMT
Server: nginx
ETag: W/"60468da9-15bdc"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=86400, must-revalidate
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap4ams1
Expires: Sat, 17 Apr 2021 15:48:46 GMT

GET
H2 200 impress Show response
exchange.adtrue.com/delivery/ Frame C1DB 4 KB
4 KB 857ms
172ms Script
application/javascript 52.37.176.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.adtrue.com/delivery/impress?pzoneid=17495&ref=https%3A%2F%2Fwww.themoscowtimes.com%2F&cb=1995951483&timeZone=2&adWidth=300&adHeight=250&loc=https://www.themoscowtimes.com/
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.37.176.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-37-176-195.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 226215b1b2658cf385937e2935524a1a926c0f8ca7ff6ce21b09ef7f3de61f20

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
server: nginx
x-adtrue-instance: java2
content-length: 3900
content-type: application/javascript

GET
H2 200 integrator.js Show response
adservice.google.be/adsid/ Frame 39C6 107 B
165 B 45ms
44ms Script
application/javascript 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.be/adsid/integrator.js?domain=www.themoscowtimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 39C6 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.themoscowtimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 39C6 45 KB
15 KB 374ms
372ms XHR
text/plain 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2048651245875461&correlator=432968212885754&output=ldjh&impl=fifs&eid=31060836%2C21068030%2C31060505%2C31060830&vrg=2021041501&ptt=17&sc=1&sfv=1-0-38&ecs=20210416&iu_parts=21671350435%2C300x250-themoscowtimes.com&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cookie=ID%3D874c323e0f5ed1d9-222d7cb122bb000b%3AT%3D1618588123%3AS%3DALNI_MaMGR_NE8BUyOqu8O2xow4Jlgo_lw&cdm=www.themoscowtimes.com&bc=31&abxe=1&lmt=1618588126&dt=1618588126612&dlt=1618588125752&idt=851&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=1158&adys=491&adks=2351213819&ucis=ncispbwxddck&ifi=1&ifk=1552140174&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&top=https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x-1&ga_vid=1288556040.1618588124&ga_sid=1618588127&ga_hid=974567510&ga_fc=true&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

fbfe3872ec0d5db828d9df036e6f454ff7917b3d4607a6c7659795f1d296bd87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15638
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.themoscowtimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 39C6 0
0 53ms
14ms Other
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ Frame 39C6 0
0 7ms
6ms Other
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK sync Show response
ap.lijit.com/ Frame D4DD 87 KB
20 KB 31ms
30ms Script
text/javascript 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/sync
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/www/delivery/fpi.js?z=689161&width=728&height=90
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: bf7c9484fdc988e2ee44d62563d76afcd64cd75e1c9aae4c2fd195d9ba4fe649

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:46 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Mar 2021 20:48:41 GMT
Server: nginx
ETag: W/"60468da9-15bdc"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=86400, must-revalidate
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap4ams1
Expires: Sat, 17 Apr 2021 15:48:46 GMT

GET
H2 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame 209B 363 KB
104 KB 68ms
45ms Script
application/javascript 2606:4700:3032::ac43:9028
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=8135&uref=https%3A%2F%2Fwww.themoscowtimes.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:9028 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13649e86c57b7a7d0c4c09829cd7d0f712150630f8269cae779e50cd6e650b90

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2170
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6D986B55663EEBF3
x-amz-id-2: ZhEiJOSoqiVZrX4wxw8sIKmhRs9/fBzKhQKpIUcozojKoLGYPxcreZbT4qPKiESDAw6Bn5s30vk=
last-modified: Mon, 25 Jan 2021 09:50:58 GMT
server: cloudflare
etag: W/"6d6061f12d5d98b0f63e4b52058a31b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PeKa6CXxQsrM1msHLMBt8BMAGXL97MeuPc6anCV58XUBgfL%2FxG%2BWs0R7m%2FJgoA5mcWE2fhZpXI3aJw6eJOiBxb6hly22yj4ksP3EFrFjhOIrVj2mHsZ0TSwANqbK"}]}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 097cf7e5e80000d6b179216000000001
cf-ray: 640e8f4fdc57d6b1-FRA

GET
H2 200 1Cy6kQzGzqRySy7_.m3u8 Show response
video.twimg.com/ext_tw_video/1189906731922530304/pu/pl/320x568/ Frame 0420 4 KB
4 KB 134ms
131ms XHR
application/x-mpegurl 2606:2800:233:1ab3:789:1032:20e3:21
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://video.twimg.com/ext_tw_video/1189906731922530304/pu/pl/320x568/1Cy6kQzGzqRySy7_.m3u8

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.vendors~loaders.video.PlayerHls13.c1ff98cb19b0cce6b70c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:1ab3:789:1032:20e3:21 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8EA6) /

Resource Hash

52240fd3f8a38102f34a3615b3b4d3349e200ae56de1535e93bfcd5897b81290

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time: 12
date: Fri, 16 Apr 2021 15:48:46 GMT
x-content-type-options: nosniff
surrogate-key: ext_tw_video ext_tw_video/bucket/1 ext_tw_video/1189906731922530304
last-modified: Thu, 31 Oct 2019 14:05:26 GMT
server: ECAcc (frc/8EA6)
age: 0
x-tw-cdn: VZ, VZ
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: bb9a5aa343aa28d78931a6a986429ec9
accept-ranges: bytes
content-length: 4273

GET
H2 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame 105F 363 KB
103 KB 39ms
39ms Script
application/javascript 2606:4700:3032::ac43:9028
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=8136&uref=https%3A%2F%2Fwww.themoscowtimes.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:9028 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13649e86c57b7a7d0c4c09829cd7d0f712150630f8269cae779e50cd6e650b90

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2170
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6D986B55663EEBF3
x-amz-id-2: ZhEiJOSoqiVZrX4wxw8sIKmhRs9/fBzKhQKpIUcozojKoLGYPxcreZbT4qPKiESDAw6Bn5s30vk=
last-modified: Mon, 25 Jan 2021 09:50:58 GMT
server: cloudflare
etag: W/"6d6061f12d5d98b0f63e4b52058a31b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5jnW7UqltemmIKasf5fB5PtuGDhUEGYTc%2BK9Hndz%2BVEE76ekigNks%2FId9o43bM%2F1yP5pcnGv74kXSDSiCGHTgP1%2BjG%2BfNTWZtupYgHbH55dd2lwLOyQR%2Fqq5v4vT"}]}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 097cf7e5fb0000d6b11a8e3000000001
cf-ray: 640e8f4ffc80d6b1-FRA

GET
H2 200 jot
syndication.twitter.com/i/ Frame 0420 43 B
124 B 146ms
145ms Image
image/gif 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1618588126720%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22FCP%22%2C%22component%22%3A%22performance%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%22ff2e7cf%3A1618526400629%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.themoscowtimes.com%2F2019%2F11%2F01%2Fputins-chef-ordered-to-pay-for-mass-child-poisonings-a68014%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MoscowTimes%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22MoscowTimes%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%225fe8eff%3A1618352504577%22%2C%22item_ids%22%3A%5B%221189908746912387072%22%5D%2C%22item_details%22%3A%7B%221189908746912387072%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22duration_ms%22%3A1467.2349989414215%7D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Fri, 16 Apr 2021 15:48:46 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 0d2bf6c66b33682ea53043fc90e98442
x-transaction: 00fbe623005170c8
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 impress Show response
exchange.adtrue.com/delivery/ Frame 9BF7 4 KB
4 KB 716ms
173ms Script
application/javascript 52.37.176.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.adtrue.com/delivery/impress?pzoneid=17496&ref=https%3A%2F%2Fwww.themoscowtimes.com%2F&cb=3576286728&timeZone=2&adWidth=728&adHeight=90&loc=https://www.themoscowtimes.com/
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.37.176.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-37-176-195.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 19d369fff4dc6ddd8e43c287f018fbf87cd4ae2f987080df89dea5967f2838f6

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
server: nginx
x-adtrue-instance: java1
content-length: 3897
content-type: application/javascript

GET
H/1.1 200
OK adcfg Show response
ap.lijit.com/ Frame 3ADC 159 B
550 B 22ms
21ms Script
application/x-javascript 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/adcfg?zoneid=689163&tid=ad0ef7864a8e4987a0dc0c26dbde381e31caded6&mode=1&dmn=www.themoscowtimes.com
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: bc851c1efeade4bb2301d396a9b8039ca6e8d749448e736a95b536cdc113eb6f

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:46 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 146

GET
H/1.1 200
OK adcfg Show response
ap.lijit.com/ Frame D4DD 158 B
551 B 30ms
30ms Script
application/x-javascript 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/adcfg?zoneid=689161&tid=703a9f368af14c7ba6da67210e6ac0dadcfdb5ab&mode=1&dmn=www.themoscowtimes.com
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: d3dd865323c201438cf1e462ea95d396040dfec452af5eee4d06cbb674560f92

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:47 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 147

GET
H2 200 VSUTrmM5kpc7z1BB.ts Show response
video.twimg.com/ext_tw_video/1189906731922530304/pu/vid/0/3000/320x568/ Frame 0420 134 KB
134 KB 118ms
118ms XHR
video/mp2t 2606:2800:233:1ab3:789:1032:20e3:21
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://video.twimg.com/ext_tw_video/1189906731922530304/pu/vid/0/3000/320x568/VSUTrmM5kpc7z1BB.ts

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.vendors~loaders.video.PlayerHls13.c1ff98cb19b0cce6b70c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:1ab3:789:1032:20e3:21 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F89) /

Resource Hash

a0d03fcb6ba9620bad7d15b2753634da75f5f0f05880214fce8eef58b7e4832f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time: 24
date: Fri, 16 Apr 2021 15:48:47 GMT
x-content-type-options: nosniff
surrogate-key: ext_tw_video ext_tw_video/bucket/1 ext_tw_video/1189906731922530304
last-modified: Thu, 31 Oct 2019 14:05:26 GMT
server: ECAcc (frc/8F89)
age: 790
x-tw-cdn: VZ, VZ
content-type: video/MP2T
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d285bd327d36286266cfe24891c40fce
accept-ranges: bytes
content-length: 137052

GET
H3-29 200 container.html Show response
4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CA3E 6 KB
3 KB 20ms
7ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Fri, 16 Apr 2021 15:48:46 GMT
expires: Sat, 16 Apr 2022 15:48:46 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 39C6 73 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423639646658"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28266
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:47 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 39C6 9 KB
7 KB 26ms
25ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021041501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

982f686f07949acdf888adbb3f7dc03c5e7f7f872050e26fd63b829558fcfab9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6904
x-xss-protection: 0

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3F09 42 B
64 B 40ms
39ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuBuPWpVvsxKY4d-Q0D5WPYjbhzq4jOJc5OQK3RVZYA_2rByGjLrq4G2o22Au62HagJZ1BSq-G_Tc4IeWswbm20oDVvf6popHu40tQoYvftzEEiSR2b&sig=Cg0ArKJSzJ3QdDQ8QzwOEAE&id=lidar2&mcvt=1467&p=12,315,102,1285&mtos=1467,1467,1467,1467,1467&tos=1467,0,0,0,0&v=20210414&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=118446099&rs=4&met=ie&la=1&cr=0&osd=1&vs=4&rst=1618588125277&dlt=0&rpt=444&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 209B 144 B
1 KB 125ms
85ms XHR
application/json 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

f580e982f0b9ec2b77290e1aa76cbe4c8e899b83b863879f400ae59525243e6e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:47 GMT
X-Proxy-Origin: 185.210.217.100; 185.210.217.100; 824.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.121:80
AN-X-Request-Uuid: 89b8c99d-64e9-490e-bed9-10a6395335b5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://likevertising.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 209B 1 KB
2 KB 256ms
189ms XHR
application/json 185.86.138.16
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 16c2aed31243c793c22d6be005e51be8bd7fde767b0631f28e8fe93d21e93509

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 4%3b10%3b57
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://likevertising.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 209B 241 B
2 KB 189ms
110ms XHR
application/json 213.19.162.41
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=298380&zone_id=1600878&size_id=15&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fwww.themoscowtimes.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=6e95295d-b692-453c-bc9a-24ab8378b972&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.3573344432928167
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.41 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 045c245562a1fb9cb5406707572169842f07eea7e77dce8b685278032bfe881c

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:47 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://likevertising.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 209B 0
117 B 140ms
80ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://likevertising.com
date: Fri, 16 Apr 2021 15:48:47 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 105F 1 KB
2 KB 244ms
192ms XHR
application/json 185.86.138.16
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: f2329169cc897e07ade7859b20f9978e8d64c8ff0107325b0a2c7ee26079aeef

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 4%3b8%3b105
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://likevertising.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 105F 0
61 B 132ms
89ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://likevertising.com
date: Fri, 16 Apr 2021 15:48:47 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 105F 240 B
2 KB 199ms
122ms XHR
application/json 213.19.162.41
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=298380&zone_id=1600890&size_id=2&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fwww.themoscowtimes.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=b4c83876-e66f-4ac1-bc4f-c12a251b4c37&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.24954905014427875
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.41 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 816e1fea1ea61c26a50a428fe90311d1adecccfef1476c3b576fd849c3090d3a

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:47 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://likevertising.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 105F 143 B
1 KB 159ms
119ms XHR
application/json 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

221cfa2c28e19dfc3e5f702869367ff858ef501c3972709c752a11b34989d842

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:47 GMT
X-Proxy-Origin: 185.210.217.100; 185.210.217.100; 824.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.237:80
AN-X-Request-Uuid: a99428a6-ea4f-4f17-be7e-dc9bdc06faf7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://likevertising.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK addelivery Show response
ap.lijit.com/ Frame 3ADC 261 B
983 B 109ms
108ms Script
application/x-javascript 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/addelivery?zoneid=689163&tid=a_689163_775f7e51fd00474d895321c21d7dfabf&cb=undefined&mode=1&flv=0.0.0&ifr=true&od=www.themoscowtimes.com&time=15%3A48%3A47&fd=1&be=sf&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&orig_loc=http%3A%2F%2Fhttps%3A%2F%2Fwww.themoscowtimes.com%2F&abf=true&dpz=false&cv=undefined&dop=0&ndw=1&spif=true&btid=a_689163_775f7e51fd00474d895321c21d7dfabf
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: f4c2c2f15edfc1ca4de9bdd4f50fb3a181137581ac709683ae20b899ce91565f

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:47 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 213

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 39C6 17 KB
6 KB 19ms
14ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:47 GMT

GET
H3-29 200 container.html Show response
f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7A40 6 KB
3 KB 23ms
8ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Fri, 16 Apr 2021 15:48:46 GMT
expires: Sat, 16 Apr 2022 15:48:46 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 88A1 73 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423639646658"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28266
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:47 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 88A1 9 KB
7 KB 17ms
17ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021041501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77a53736739b915cf6bfa2a4f93c7f56d76fd59b66a5a430de546e25c1d88189

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6913
x-xss-protection: 0

GET
H/1.1 200
OK addelivery Show response
ap.lijit.com/ Frame D4DD 261 B
981 B 100ms
75ms Script
application/x-javascript 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/addelivery?zoneid=689161&tid=a_689161_a0918f25319c4164a737a8b93f33d456&cb=undefined&mode=1&flv=0.0.0&ifr=true&od=www.themoscowtimes.com&time=15%3A48%3A47&fd=1&be=sf&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&orig_loc=http%3A%2F%2Fhttps%3A%2F%2Fwww.themoscowtimes.com%2F&abf=true&dpz=false&cv=undefined&dop=0&ndw=1&spif=true&btid=a_689163_775f7e51fd00474d895321c21d7dfabf
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: 0d6c2837f525e0bb49bcb02b858bfedbb6c1dd97a6f561949e0ad430f33bafa9

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:47 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 211

GET
H2 200 prebid.js Show response
cdn.adtrue.com/pb/ Frame C1DB 257 KB
82 KB 35ms
35ms Script
application/x-javascript 2606:4700:10::6816:3181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/pb/prebid.js
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/delivery/impress?pzoneid=17495&ref=https%3A%2F%2Fwww.themoscowtimes.com%2F&cb=1995951483&timeZone=2&adWidth=300&adHeight=250&loc=https://www.themoscowtimes.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4259dbb0191c97a891b857a18b128a117310364e59726cff9eb639dcd22023b

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 21 Aug 2020 05:31:13 GMT
server: cloudflare
age: 5125242
etag: W/"5f3f5c21-405dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 640e8f559cacd6d1-FRA
cf-request-id: 097cf7e9830000d6d141854000000001
expires: Fri, 11 Feb 2022 08:08:05 GMT

GET
H2 200 ga.js Show response
cdn-adtrue.com/track/ Frame C1DB 502 B
989 B 34ms
16ms Script
application/x-javascript 2606:4700:e0::ac40:6f08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-adtrue.com/track/ga.js
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/delivery/impress?pzoneid=17495&ref=https%3A%2F%2Fwww.themoscowtimes.com%2F&cb=1995951483&timeZone=2&adWidth=300&adHeight=250&loc=https://www.themoscowtimes.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6f08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 708b3c51b04e3743f0b3495d8435b8b2c4fffd49a9d4efeb0cdfbe6b1113c4ff

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1226723
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 097cf7e99600004e7a261cc000000001
last-modified: Fri, 02 Apr 2021 11:02:09 GMT
server: cloudflare
etag: W/"6066f9b1-1f6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XJNXDF8pSRuzDIssogsOTaY0zuMywZV6RIWfI9goVR0Exa7jtQp69Y5DsvHbV99kmo7KxmCP9VfrPbwdbs8HaHXBZwi2XAdojdhPlo3LHpKqIyZAUmMuFJ%2FZlg%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 640e8f55bb2f4e7a-FRA
expires: Mon, 28 Mar 2022 11:03:24 GMT

GET
H2 200 prebid.js Show response
cdn.adtrue.com/pb/ Frame 9BF7 257 KB
82 KB 25ms
25ms Script
application/x-javascript 2606:4700:10::6816:3181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/pb/prebid.js
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/delivery/impress?pzoneid=17496&ref=https%3A%2F%2Fwww.themoscowtimes.com%2F&cb=3576286728&timeZone=2&adWidth=728&adHeight=90&loc=https://www.themoscowtimes.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4259dbb0191c97a891b857a18b128a117310364e59726cff9eb639dcd22023b

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 21 Aug 2020 05:31:13 GMT
server: cloudflare
age: 5125242
etag: W/"5f3f5c21-405dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 640e8f55acb0d6d1-FRA
cf-request-id: 097cf7e9850000d6d1efbeb000000001
expires: Fri, 11 Feb 2022 08:08:05 GMT

GET
H2 200 ga.js Show response
cdn-adtrue.com/track/ Frame 9BF7 502 B
534 B 35ms
20ms Script
application/x-javascript 2606:4700:e0::ac40:6f08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-adtrue.com/track/ga.js
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/delivery/impress?pzoneid=17496&ref=https%3A%2F%2Fwww.themoscowtimes.com%2F&cb=3576286728&timeZone=2&adWidth=728&adHeight=90&loc=https://www.themoscowtimes.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6f08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 708b3c51b04e3743f0b3495d8435b8b2c4fffd49a9d4efeb0cdfbe6b1113c4ff

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1226723
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 097cf7e99700004e7a3028e000000001
last-modified: Fri, 02 Apr 2021 11:02:09 GMT
server: cloudflare
etag: W/"6066f9b1-1f6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZTDWMj78yLdZoY7w1j%2Fa2l01iv4mA%2BtCRUBAmJHh5kbXSVZOENfJG9jdMZpeKnHN6TQW1h1Y2vOc3n0HqB%2FTRgQ6cNoa7LTj%2BvlNb%2BC%2Bnlyp8m6%2FCKgQi1qXEw%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 640e8f55bb324e7a-FRA
expires: Mon, 28 Mar 2022 11:03:24 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 88A1 17 KB
6 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:47 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CA3E 0
0 40ms
35ms Fetch
text/html 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cu0iC3rF5YLz8J7K5lQeh1IaYC9i2g6liv9ebyswNv-EeEAEg1ubFWGC5-MeA3AGgAYeDv_cDyAEC4AIAqAMByAOZBKoEzAJP0HIq7oSL955l2E1Hxy1JSn3OtnQaJETn-zWl9usfPxiM47SmqAeVMw_guf9Q6j2OrZw-hH8sxRGLXHTFuMIox1Dcr7AvJ6uGuj03hKhble1inUvcUfEKkoagVs2Tv0_yrTWwocH8erwpAdvPjpzTdFbrejKeqyQQE0a4fg94XXiNk9g-FeeAmoc_83cvIXkdUmKHwIpK0fJq4Qw70oO-AsIbJSui-8Hcj4i8LGNASNldiSWZqzEVLSXMlNEj5Hmf331r2K3L-alcbFGP9qWOeqkhl3TOytyjQNDi4WK5b0vpHgrB3sBdwc0HSQyFFPyPOla2nyVgvT6jJf8EuQra70eqiOx_-8gSz24-5Rh0ooN4fh8PrGRnMaJvu9Ml_Rh_aW7i_LZ8yg_oAE7O6pO6j0RW8ZeG8_LMPd7UmHgfomqKMqbBcGfhDufgIsAE3qqt9LwD4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBgKAB6a7_oUBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEOeDCNIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tODc2NDg4MzUzNDM2Njg4N4AKA8gLAdgTDLIXGgoYCAASFHB1Yi0yMTI4NzU3MTY3ODEyNjYz&sigh=v3EeDkOtjw4
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s02-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210414/r20110914/ Frame CA3E 17 KB
7 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/abg_lite_fy2019.js

Requested by

Host: 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
URL: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

76d293cad87de584b5105472b9672fb1460dcf35f82079e274e44a47860bf700

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:47:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7113
x-xss-protection: 0
server: cafe
etag: 11066897925667386271
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Apr 2021 15:47:47 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame CA3E 2 KB
1 KB 17ms
12ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/window_focus_fy2019.js

Requested by

Host: 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
URL: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:45:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Apr 2021 15:45:50 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CA3E 118 KB
36 KB 19ms
16ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
URL: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423651533291"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:47 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame CA3E 13 KB
5 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
URL: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5602
x-xss-protection: 0
server: cafe
etag: 7525161794280374107
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Apr 2021 15:48:33 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame CA3E 25 KB
10 KB 17ms
12ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
URL: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95f66b0fd918f7a6d36f22a9ac49210439d74085bf0fedd1dec6061918f20c1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 11:42:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14782
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10490
x-xss-protection: 0
server: cafe
etag: 4192951226220979311
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Apr 2021 11:42:25 GMT

GET
H3-29 200 13222739555059648383
tpc.googlesyndication.com/simgad/ Frame CA3E 37 KB
37 KB 18ms
13ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13222739555059648383?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qk85ZpjwA6IXT-ojaPvcK3IONZ-Kg

Requested by

Host: 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
URL: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e98e0e8a43924175523851a91db3bc4908827f65a5a83252c56401d70d8560e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 02:03:59 GMT
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 03:43:17 GMT
server: sffe
age: 135888
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37991
x-xss-protection: 0
expires: Fri, 15 Apr 2022 02:03:59 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 1AE9 12 KB
5 KB 14ms
6ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Fri, 16 Apr 2021 15:45:22 GMT
expires: Sat, 16 Apr 2022 15:45:22 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 205
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pa_backupads_lib.js Show response
projectagoralibs.com/libs/ Frame 842B 4 KB
2 KB 58ms
37ms Script
application/javascript 2606:4700:e6::ac40:ce03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=8135&uref=https%3A%2F%2Fwww.themoscowtimes.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ce03 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32da83762f5b3767f23a6760d121590fc7eb9f3ec8027ea7dd00d21d2f1fe7b0

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2461
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 9DB6F29C93290A96
x-amz-id-2: smen8jySdsd4AujDn3B4ucWjVUiGc8ht7RHzxsFJTxwWckWkguL9DrRr9SztX81tRaS79iryEvE=
last-modified: Tue, 27 Oct 2020 14:01:47 GMT
server: cloudflare
etag: W/"388809d00c3186d72408292dde1dfc83"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WHT1l%2FPZUIOOL8bhRGrUbQL%2BtJ56tmQHWFtPHpgo%2FzijNvmQFO%2Bf5ch6nzJ3T4Wny0yIqpKwYQOWVfSBtW6j2SADkyvRMnl0KqlD18tI%2FZdLjcseABD2LcUuSlZ4g%2BXm5w%3D%3D"}]}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 097cf7ea0500004e25bb9af000000001
cf-ray: 640e8f566e504e25-FRA

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 209B 0
103 B 194ms
45ms Image
text/plain 52.210.215.45
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiYmYzODc1NDUtOTJhZi00MWJmLWE3MjgtZTEyYWQ0OWFhZTc1IiwiaG9zdG5hbWUiOiJsaWtldmVydGlzaW5nLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IkFQUE5FWFVTIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiJ9LHsiYmlkZGVyIjoiUlVCSUNPTiJ9LHsiYmlkZGVyIjoiUFVCTUFUSUMifV0sInJlc3BvbnNlcyI6W10sIndpbm5lcnMiOltdfX0seyJwbGFjZW1lbnRDb2RlIjoiMTg2MDQzNTZfdGhlbW9zY293dGltZXMuY29tX3Jvc18zMDB4MjUwIiwic2l6ZXMiOlt7IndpZHRoIjowLCJoZWlnaHQiOjB9XSwiZXZlbnRzIjp7InJlcXVlc3RzIjpbXSwicmVzcG9uc2VzIjpbeyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIiwicGxhY2VtZW50Q29kZSI6IjE4NjA0MzU2X3RoZW1vc2Nvd3RpbWVzLmNvbV9yb3NfMzAweDI1MCIsImlkIjoiOTA0NDM0NTVhZjljNWEiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MCwic2l6ZSI6eyJ3aWR0aCI6MCwiaGVpZ2h0IjowfSwidGltZVRvUmVzcG9uZCI6Mjg5LCJhZnRlclRpbWVvdXQiOmZhbHNlfSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIiLCJwbGFjZW1lbnRDb2RlIjoiMTg2MDQzNTZfdGhlbW9zY293dGltZXMuY29tX3Jvc18zMDB4MjUwIiwiaWQiOiI5MDQ0MzQ1NWFmOWM1YSIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLCJzaXplIjp7IndpZHRoIjowLCJoZWlnaHQiOjB9LCJ0aW1lVG9SZXNwb25kIjoyODksImFmdGVyVGltZW91dCI6ZmFsc2V9XSwid2lubmVycyI6W119fV19&id=bf387545-92af-41bf-a728-e12ad49aae75&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.215.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-215-45.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Fri, 16 Apr 2021 15:48:47 GMT
Server: nginx

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame C1DB 82 KB
32 KB 48ms
46ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NPLC9ST

Requested by

Host: cdn-adtrue.com
URL: https://cdn-adtrue.com/track/ga.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ae2a6611d80fa794f7523cda36bea85c2e092ec86fca5c27e65873887dcbac51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32733
x-xss-protection: 0
last-modified: Fri, 16 Apr 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Apr 2021 15:48:47 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame 9BF7 82 KB
32 KB 20ms
16ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NPLC9ST

Requested by

Host: cdn-adtrue.com
URL: https://cdn-adtrue.com/track/ga.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e52032c3555eb886be3d5b4a298dc5c6b054b3cfef5f02bb9a8c2a39737df84a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32732
x-xss-protection: 0
last-modified: Fri, 16 Apr 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Apr 2021 15:48:47 GMT

GET
H2 200 pa_backupads_lib.js Show response
projectagoralibs.com/libs/ Frame E226 4 KB
2 KB 315ms
12ms Script
application/javascript 2606:4700:e6::ac40:ce03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=8136&uref=https%3A%2F%2Fwww.themoscowtimes.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ce03 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32da83762f5b3767f23a6760d121590fc7eb9f3ec8027ea7dd00d21d2f1fe7b0

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2462
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 9DB6F29C93290A96
x-amz-id-2: smen8jySdsd4AujDn3B4ucWjVUiGc8ht7RHzxsFJTxwWckWkguL9DrRr9SztX81tRaS79iryEvE=
last-modified: Tue, 27 Oct 2020 14:01:47 GMT
server: cloudflare
etag: W/"388809d00c3186d72408292dde1dfc83"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=O%2B3UfmOW0HUt1hwQdxT7v4hh5v7u4UVi4gB%2Flfv1EP67EyZ89wbJMFKroDTXyD%2Fcbo1wJvRcKwDuzLJ%2Bo9c9nYI7F7Dqzz7dZnMvJ3zCa8DQHQu7Ouk6q2cD%2BIhFq%2B5jJw%3D%3D"}]}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 097cf7eb5900004e2577868000000001
cf-ray: 640e8f588aca4e25-FRA

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 105F 0
103 B 147ms
36ms Image
text/plain 52.210.215.45
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiMWJiNmU1MzQtYmFmNC00ZDQzLTg3ZDYtODRmYjMxYzg1YWRhIiwiaG9zdG5hbWUiOiJsaWtldmVydGlzaW5nLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IlBVQk1BVElDIn0seyJiaWRkZXIiOiJSVUJJQ09OIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9XSwicmVzcG9uc2VzIjpbXSwid2lubmVycyI6W119fSx7InBsYWNlbWVudENvZGUiOiIxODYwNDU3OV90aGVtb3Njb3d0aW1lcy5jb21fcm9zXzcyOHg5MCIsInNpemVzIjpbeyJ3aWR0aCI6MCwiaGVpZ2h0IjowfV0sImV2ZW50cyI6eyJyZXF1ZXN0cyI6W10sInJlc3BvbnNlcyI6W3siYmlkZGVyIjoiU01BUlRBRFNFUlZFUiIsInBsYWNlbWVudENvZGUiOiIxODYwNDU3OV90aGVtb3Njb3d0aW1lcy5jb21fcm9zXzcyOHg5MCIsImlkIjoiOWYyN2Y3Y2NiODUwOWQiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MCwic2l6ZSI6eyJ3aWR0aCI6MCwiaGVpZ2h0IjowfSwidGltZVRvUmVzcG9uZCI6MzE3LCJhZnRlclRpbWVvdXQiOmZhbHNlfSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIiLCJwbGFjZW1lbnRDb2RlIjoiMTg2MDQ1NzlfdGhlbW9zY293dGltZXMuY29tX3Jvc183Mjh4OTAiLCJpZCI6IjlmMjdmN2NjYjg1MDlkIiwic3RhdHVzIjoiVkFMSUQiLCJjcG0iOjAsInNpemUiOnsid2lkdGgiOjAsImhlaWdodCI6MH0sInRpbWVUb1Jlc3BvbmQiOjMxNywiYWZ0ZXJUaW1lb3V0IjpmYWxzZX1dLCJ3aW5uZXJzIjpbXX19XX0%3D&id=1bb6e534-baf4-4d43-87d6-84fb31c85ada&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.215.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-215-45.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Fri, 16 Apr 2021 15:48:47 GMT
Server: nginx

GET
H/1.1 200
OK Cookie set beacon Show response
gslbeacon.lijit.com/ Frame D3DD 6 KB
2 KB 95ms
25ms Document
text/html 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: 52c562fcfd70fadc11dd311842104c77fe483a09f613c4413cf26c9be4cae81d

Request headers

Host: gslbeacon.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://likevertising.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D; ljt_reader=299a355a50ea533dacb39a5e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://likevertising.com/

Response headers

Server: nginx
Date: Fri, 16 Apr 2021 15:48:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJxdkLERwDAIA3dxncJggyCr5bJ7Yp8bVL4OhNDTpN3iEo5piqvpxkQCC90rj4qQytY7KdKJ6QDOAUnNxZmJOvErUZVgTwoZlDImsRHTvvI%2BJVI%2FnQ0Zm1F%2FGOQ3yW8mtUbzFtxhTfR%2BrnBXPQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Sat, 16-Apr-2022 15:48:47 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=299a355a50ea533dacb39a5e;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Sat, 16-Apr-2022 15:48:47 GMT;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap4ams1

GET
H/1.1 200
OK containertag Show response
ap.lijit.com/ Frame 3ADC 60 KB
6 KB 85ms
83ms Script
application/json 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/containertag?containerId=18&zoneId=689163&v=2
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b0546d3225bd563ce090f4ca843f6b08475fb632441b02a6a46732bde2c62bd5

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:47 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: raptor
Vary: Accept-Encoding
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap4ams1
Content-Type: application/json
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 200
OK impression
vap4ams1.lijit.com/addelivery/ Frame 3ADC 43 B
567 B 86ms
22ms Image
image/gif 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vap4ams1.lijit.com/addelivery/impression?bannerid=0&campaignid=232&zoneid=689163&tid=a_689163_775f7e51fd00474d895321c21d7dfabf
Requested by: Host: likevertising.com
URL: https://likevertising.com/usync?i=ozq8lklz3e1znpqig3c&a=212f87a9373ade82747a9703475edc409&cb=4518051618588125764
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:47 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2 200 31b4ea2bd2a51d39610fc8aa214e4119.js Show response
www.gstatic.com/mysidia/ Frame 7A40 6 KB
3 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/31b4ea2bd2a51d39610fc8aa214e4119.js?tag=client_fast_engine_2019

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1152be785978aa809034ab61de86ce4d03c5a301c95e96995e336d2462832a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 02:11:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 01:23:38 GMT
server: sffe
age: 49029
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2779
x-xss-protection: 0
expires: Thu, 15 Jul 2021 02:11:38 GMT

GET
H2 200 099008b8d5d5347913645b07fc749d45.js Show response
www.gstatic.com/mysidia/ Frame 7A40 6 KB
3 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/099008b8d5d5347913645b07fc749d45.js?tag=gpa/maximal_v1_och_tag

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a0918d3ae6fcc311deeeb0b5a6f56f0ba635c5c5cd54d3a96515d06b21c18df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 02:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 01:23:38 GMT
server: sffe
age: 46455
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2674
x-xss-protection: 0
expires: Thu, 15 Jul 2021 02:54:32 GMT

GET
H2 200 e91d763233dfa13a1924fbe91cfd4845.js Show response
www.gstatic.com/mysidia/ Frame 7A40 8 KB
4 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e91d763233dfa13a1924fbe91cfd4845.js?tag=pingback

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bedddb3e8da114412602440e01aa8122a149527f3f30859c276f5efa31ecb7e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 06:51:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Apr 2021 02:07:20 GMT
server: sffe
age: 118627
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3798
x-xss-protection: 0
expires: Wed, 14 Jul 2021 06:51:40 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 7A40 2 KB
531 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c6a305cd9f8592bbd50ddd47eb5af53952b97937e9b0c4df40498f7140ff8a49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 16 Apr 2021 14:14:26 GMT
server: ESF
date: Fri, 16 Apr 2021 15:48:47 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Apr 2021 15:48:47 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame 7A40 1 KB
909 B 7ms
6ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1464
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Apr 2021 15:24:24 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210414/r20110914/ Frame 7A40 17 KB
7 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/abg_lite_fy2019.js

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

76d293cad87de584b5105472b9672fb1460dcf35f82079e274e44a47860bf700

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:47:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7113
x-xss-protection: 0
server: cafe
etag: 11066897925667386271
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Apr 2021 15:47:47 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame 7A40 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/window_focus_fy2019.js

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:45:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Apr 2021 15:45:50 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7A40 118 KB
36 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423651533291"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:47 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame 7A40 13 KB
5 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5602
x-xss-protection: 0
server: cafe
etag: 7525161794280374107
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Apr 2021 15:48:33 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 7A40 0
0 19ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQvkdveO0tuidfg3dScTT9cjAiTLPQYH_pYAqTBnutFPm3Xn3QdqUrd8l4p6l1PTVMs4_sV90oI-T2RD_2qj-mivRqkiA
Requested by: Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 a0b5068ca1fc7f6ff765c7833258ec42.js Show response
www.gstatic.com/mysidia/ Frame 7A40 25 KB
10 KB 33ms
14ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a0b5068ca1fc7f6ff765c7833258ec42.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

789a93f4315357995e96053e32ee793d6b12f592fad617bb04f795c750f0c3bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 09:54:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Apr 2021 02:07:20 GMT
server: sffe
age: 194087
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10491
x-xss-protection: 0
expires: Tue, 13 Jul 2021 09:54:01 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame C1DB 0
61 B 95ms
92ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://likevertising.com
date: Fri, 16 Apr 2021 15:48:47 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame C1DB 0
147 B 75ms
25ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.4.0&cb=67028224022
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://likevertising.com
date: Fri, 16 Apr 2021 15:48:47 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C1DB 143 B
1 KB 129ms
129ms XHR
application/json 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

05e364a9bf80ba03a10b6e316484199e8bedb1432571e2b6d188f2a228e0dbd1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:47 GMT
X-Proxy-Origin: 185.210.217.100; 185.210.217.100; 824.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.232:80
AN-X-Request-Uuid: 4ee3c057-738b-45d0-a994-700321316b5a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://likevertising.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 9BF7 0
147 B 58ms
25ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.4.0&cb=58256908942
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://likevertising.com
date: Fri, 16 Apr 2021 15:48:47 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 9BF7 143 B
1 KB 42ms
41ms XHR
application/json 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

d0115f43d423baff8b4aaf4fec35829d2d0a178f9e4fa279947294235f94e1c3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:47 GMT
X-Proxy-Origin: 185.210.217.100; 185.210.217.100; 824.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.79:80
AN-X-Request-Uuid: 29fc6f5e-9ff3-4226-89d7-28ed194caf34
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://likevertising.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 9BF7 0
61 B 101ms
99ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://likevertising.com
date: Fri, 16 Apr 2021 15:48:47 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame F971 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.themoscowtimes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.themoscowtimes.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Fri, 16 Apr 2021 15:45:22 GMT
expires: Sat, 16 Apr 2022 15:45:22 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 205
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK containertag Show response
ap.lijit.com/ Frame D4DD 25 KB
5 KB 33ms
32ms Script
application/json 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/containertag?containerId=18&zoneId=689161&v=2
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: 30c373979a20335662f1e5ee46de18248ab5bbf8df28351ec7567857e2c0de95

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:47 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: raptor
Vary: Accept-Encoding
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap4ams1
Content-Type: application/json
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 200
OK impression
vap4ams1.lijit.com/addelivery/ Frame D4DD 43 B
567 B 31ms
31ms Image
image/gif 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vap4ams1.lijit.com/addelivery/impression?bannerid=0&campaignid=232&zoneid=689161&tid=a_689161_a0918f25319c4164a737a8b93f33d456
Requested by: Host: likevertising.com
URL: https://likevertising.com/counter?i=b2q9ssvr0rctu7elxrne&a=798b3c9db127d443eca7398dcf6ff2539&cb=9925431618588125781
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:47 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/themoscowtimes300x250gr-r18604356/ Frame 842B 72 KB
20 KB 218ms
168ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/themoscowtimes300x250gr-r18604356/loader.js
Requested by: Host: likevertising.com
URL: https://likevertising.com/usersync?i=ozq8lklz3e1znpqig3c&a=87a35e76bc314113496756222bdcb5fa5&cb=6581331618588125765
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: obaker.93.1.2-11.42.4 /
Resource Hash: f584e227bb22bc5ea65c85d5435faaedfdeab76f07b3d8dbfd46241bf313c503

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 5h2g_Fc8.YknClrjxuLZJ3oMAqwo_4lf
content-encoding: gzip
etag: "c8240115f44b260a8825054a2722238923709901"
age: 0
via: 1.1 varnish
x-cache: MISS
x-from-cache: 1
content-length: 19802
x-amz-id-2: N0NzfKyipI3D/BRHpgcIGpKcW44EJuzkn4xCFC9o1ahSedhPfIUo8zWcNLpbcLVs68Gj1bWVOmQ=
x-served-by: cache-hhn11576-HHN
last-modified: Fri, 16 Apr 2021 15:48:48 UTC
server: obaker.93.1.2-11.42.4
x-timer: S1618588128.056845,VS0,VE116
date: Fri, 16 Apr 2021 15:48:48 GMT
vary: Accept-Encoding, Accept-Encoding
x-amz-request-id: 8G039CW7XVD0A72Y
access-control-allow-origin: *
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 5
x-cache-hits: 0

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 946F 143 B
226 B 8ms
5ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
URL: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm0oVV-hyFRrDzUAxUJKOTTqJLm3iHdocjyjxsIZtxVKWT87z6nnHlhod8mATw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 16 Apr 2021 15:41:26 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 441
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0F83 1 KB
749 B 9ms
8ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
URL: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 15 Apr 2021 16:59:40 GMT
expires: Fri, 16 Apr 2021 16:59:40 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 82147
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame CA3E 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb3a63fe7130145a8ad84d687cbd37bc9a5fe1863547cfa43ae18a18d218f7c7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 passback.js Show response
cdn.adtrue.com/rtb/ Frame 96D9 753 B
706 B 21ms
20ms Script
application/x-javascript 2606:4700:10::6816:3181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/rtb/passback.js
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43bda1428a5263bac1077be4600446811177d2517529640d7cf560363d67a629

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 28 Oct 2020 03:26:52 GMT
server: cloudflare
age: 14210987
etag: W/"5f98e4fc-2f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 640e8f58f9d4d6d1-FRA
cf-request-id: 097cf7eb9a0000d6d15e376000000001
expires: Fri, 29 Oct 2021 04:19:01 GMT

GET
H2 200 passback.js Show response
cdn.adtrue.com/rtb/ Frame 1E36 753 B
511 B 14ms
14ms Script
application/x-javascript 2606:4700:10::6816:3181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/rtb/passback.js
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43bda1428a5263bac1077be4600446811177d2517529640d7cf560363d67a629

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 28 Oct 2020 03:26:52 GMT
server: cloudflare
age: 14210987
etag: W/"5f98e4fc-2f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 640e8f5909eed6d1-FRA
cf-request-id: 097cf7eba30000d6d13b8fe000000001
expires: Fri, 29 Oct 2021 04:19:01 GMT

GET
H/1.1 204
No Content t.dhj Show response
pxdrop.lijit.com/1/d/ Frame 3ADC 0
225 B 96ms
31ms Script
text/plain 104.111.233.227
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pxdrop.lijit.com/1/d/t.dhj?dmn=likevertising.com&GDPR_v2=
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.233.227 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-227.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Expires: Fri, 16 Apr 2021 15:48:48 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame 3ADC
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=1512&partner_device_id=299a355a50ea533dacb39a5e&gdpr=1&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=299a355a50ea533dacb39a5e&gdpr=1&gdpr_consent=

95 B
417 B

33ms
30ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=299a355a50ea533dacb39a5e&gdpr=1&gdpr_consent=

Requested by

Host: likevertising.com
URL: https://likevertising.com/usync?i=ozq8lklz3e1znpqig3c&a=212f87a9373ade82747a9703475edc409&cb=4518051618588125764

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Jetty(9.4.28.v20200408) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

Redirect headers

date: Fri, 16 Apr 2021 15:48:48 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=299a355a50ea533dacb39a5e&gdpr=1&gdpr_consent=
alt-svc: clear
content-length: 0

GET
H/1.1 200
OK pixel
ps.eyeota.net/ Frame 3ADC 0
344 B 109ms
27ms Image
text/plain 52.57.150.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/pixel?gdpr=1&gdpr_consent=&pid=51md42u&t=gif
Requested by: Host: likevertising.com
URL: https://likevertising.com/usync?i=ozq8lklz3e1znpqig3c&a=212f87a9373ade82747a9703475edc409&cb=4518051618588125764
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.57.150.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:48 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame 3ADC
Redirect Chain

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=299a355a50ea533dacb39a5e/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent=
https://bcp.crwdcntrl.net/5/ct=y/c=5436/tp=SVRN/tpid=299a355a50ea533dacb39a5e/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=5001&3pid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=5001&3pid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent=&dnr=1

0
433 B

31ms
24ms

Image
text/plain

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=5001&3pid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent=&dnr=1
Requested by: Host: likevertising.com
URL: https://likevertising.com/usync?i=ozq8lklz3e1znpqig3c&a=212f87a9373ade82747a9703475edc409&cb=4518051618588125764
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=5001&3pid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent=&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 200
OK ct
ap.lijit.com/data/ Frame 3ADC 43 B
206 B 34ms
33ms Image
image/gif 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/data/ct?tid=a_689163_775f7e51fd00474d895321c21d7dfabf&zoneid=689163&cid=18&geo=BE&all_tags=185%2C203%2C205%2C234%2C248%2C383%2C388%2C429%2C458%2C462%2C465%2C490%2C501%2C503%2C512%2C515%2C519%2C520%2C523%2C539%2C541%2C543%2C561%2C563%2C565%2C576%2C578%2C580%2C582%2C584%2C586%2C589%2C590&tss=385%2C386%2C387%2C395&fired_tags=519%2C520%2C541%2C590&count=4&status=8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C1%2C1%2C8%2C8%2C1%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C1&elapsed_ms=395
Requested by: Host: likevertising.com
URL: https://likevertising.com/usync?i=ozq8lklz3e1znpqig3c&a=212f87a9373ade82747a9703475edc409&cb=4518051618588125764
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
X-Sovrn-Pod: ad_ap4ams1
X-Powered-By: raptor
Content-Length: 43
Content-Type: image/gif

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ Frame C1DB 124 KB
47 KB 23ms
21ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0DTZ6LRDBJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPLC9ST

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

52d25c4237f98a7d62122bd3b2283327fee2a92c74890c93947a79be363523c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48537
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:48 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame C1DB 48 KB
19 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPLC9ST

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 6919
date: Fri, 16 Apr 2021 13:53:29 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19463
expires: Fri, 16 Apr 2021 15:53:29 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ Frame 9BF7 124 KB
47 KB 31ms
17ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0DTZ6LRDBJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPLC9ST

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

006b08251b456d4a65d0b2793ec71cc23e12d5e6dad4df5341fdff17823ed5be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48540
x-xss-protection: 0
expires: Fri, 16 Apr 2021 15:48:48 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame 9BF7 48 KB
19 KB 21ms
8ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPLC9ST

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 6919
date: Fri, 16 Apr 2021 13:53:29 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19463
expires: Fri, 16 Apr 2021 15:53:29 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/themoscowtimes728x90gr-r18604579/ Frame E226 72 KB
20 KB 41ms
29ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/themoscowtimes728x90gr-r18604579/loader.js
Requested by: Host: likevertising.com
URL: https://likevertising.com/sync?i=b2q9ssvr0rctu7elxrne&a=6965507efc6b22ad0bb46f9e614d09d69&cb=7024631618588125787
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: obaker.93.1.2-11.42.4 /
Resource Hash: 2278b4952dfb077203cf3b42c4d3a4057e43d959969fdeffedd82e543a5b65ae

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: enlQAi.acZVpxgCahJvVlKx1nMhLfNn.
content-encoding: gzip
etag: "e6f7ca43037cf8ddb674f9521c0d2a62c4c792bb"
age: 8378
via: 1.1 varnish
x-cache: HIT
x-from-cache: 1
content-length: 19803
x-amz-id-2: LE4GF3ahtyNzJ1NPV4s922s08lN9akQzZlitI8wEn6P/amEhbb/G0ELBXJCnF3UhkASxwvIYofw=
x-served-by: cache-hhn11576-HHN
last-modified: Fri, 16 Apr 2021 11:29:42 UTC
server: obaker.93.1.2-11.42.4
x-timer: S1618588128.280826,VS0,VE1
date: Fri, 16 Apr 2021 15:48:48 GMT
vary: Accept-Encoding, Accept-Encoding
x-amz-request-id: JJYBRRFA0Y55VKMZ
access-control-allow-origin: *
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 5
x-cache-hits: 1

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 7A40 16 KB
17 KB 83ms
13ms Image
image/jpeg 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQiOuh39w51G7JppWibVCfZv_exC37vntAjTph0ROUOtb3T23Q&usqp=CAI

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7f1349509e18e2f9ff0df26840e00db8fd57e491645cf68a4fdc40de3bbc2b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 10:10:11 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Feb 2021 18:46:52 GMT
server: sffe
age: 20317
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16710
x-xss-protection: 0
expires: Sat, 16 Apr 2022 10:10:11 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 7A40 15 KB
15 KB 76ms
0ms Image
image/jpeg 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcSLDVVk5nDwASwajzpxzsG3weOUglS31cxgMKbJCKvzUejLYTA&usqp=CAI

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b694c3a5374a00e2825acd4d93b1cfbc8202c7d833ce8e4686718dabf1b1c83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Apr 2021 06:31:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 03 Mar 2021 05:56:40 GMT
server: sffe
age: 551829
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15419
x-xss-protection: 0
expires: Sun, 10 Apr 2022 06:31:39 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 7A40 13 KB
13 KB 81ms
5ms Image
image/jpeg 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQH0yScJGSk9WN0lhFlFrJkvJbHPefPfn1Z2bVoeQaIZx-x69Q&usqp=CAI

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df016c1d21dba18b07c7638870a068d0b1b406dfa4fb9c4f1b981417102f42f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 23:30:23 GMT
x-content-type-options: nosniff
last-modified: Fri, 08 Jan 2021 17:01:33 GMT
server: sffe
age: 231505
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12863
x-xss-protection: 0
expires: Wed, 13 Apr 2022 23:30:23 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 7A40 18 KB
18 KB 87ms
8ms Image
image/jpeg 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcSMmylJ6p0ZjYk_JLW-S2XNxuKRU21WOSLOwX7Mdq2sqxbaWq1q&usqp=CAI

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f2a9e15643ba8fc8e43b9fe5ff841e47d2feadf6275ef6213466ba0364c8939

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 10:16:51 GMT
x-content-type-options: nosniff
last-modified: Fri, 12 Mar 2021 12:09:57 GMT
server: sffe
age: 19917
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18429
x-xss-protection: 0
expires: Sat, 16 Apr 2022 10:16:51 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 7A40 19 KB
19 KB 76ms
0ms Image
image/jpeg 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcR1TiNk1VJNkLoXO1iWKc0VA6gGAe_RvxHxhkb4GX4rmpnQQy9m&usqp=CAI

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3404f491fdeedb4a0be2540d9e5e7d51404da2c6192c1679913f8d173072506f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 04:36:16 GMT
x-content-type-options: nosniff
last-modified: Sat, 09 Jan 2021 03:21:10 GMT
server: sffe
age: 126752
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19219
x-xss-protection: 0
expires: Fri, 15 Apr 2022 04:36:16 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 7A40 9 KB
10 KB 91ms
14ms Image
image/jpeg 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcSyShvEZPSUanfit8xw62cB-vLquKYvnlFK5Ic0yNWtvt3i948&usqp=CAI

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac88c195fc33160b67275394bee5ed2f27424a1b4ef898b9b32481d1ba0e032f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 05:26:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 09 Jan 2021 02:40:19 GMT
server: sffe
age: 123756
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9719
x-xss-protection: 0
expires: Fri, 15 Apr 2022 05:26:12 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 7A40 12 KB
12 KB 92ms
15ms Image
image/jpeg 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQajl-uEb1od5yo_kFUQEzDtnpDheF0tPWdlH84GbMpPmoR2f-F&usqp=CAI

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

247bece669e3e2f136a5a39bcb2c47fc5480ad81164d8f7a145cbedae920a7f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 03:05:37 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Mar 2021 00:30:46 GMT
server: sffe
age: 132191
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12594
x-xss-protection: 0
expires: Fri, 15 Apr 2022 03:05:37 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 7A40 12 KB
12 KB 78ms
4ms Image
image/jpeg 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcR3A8cwAOWtFRQVzSieYf1JfRlwN4_b82PAENIWmBGG2Z5YaF2r&usqp=CAI

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5ad22a7636f665f8d8a07aeeeff6602919fbcd0f6ce0eb496549ee3419dcaa5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 07:38:13 GMT
x-content-type-options: nosniff
last-modified: Sat, 09 Jan 2021 11:21:23 GMT
server: sffe
age: 288635
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11937
x-xss-protection: 0
expires: Wed, 13 Apr 2022 07:38:13 GMT

GET
H3-29

200

7928391831661038378
tpc.googlesyndication.com/simgad/ Frame 7A40
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD7zaG5ShCwCRiwCTIIX_q0MeQbSKQ
https://tpc.googlesyndication.com/simgad/7928391831661038378

40 KB
40 KB

13ms
7ms

Image
image/png

2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7928391831661038378

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b847a22a157c0783821b26e1e2798ca192f3a1374f06eaf7573a6be55ec503b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 10:02:46 GMT
x-content-type-options: nosniff
age: 20762
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40972
x-xss-protection: 0
last-modified: Mon, 11 Feb 2019 17:48:00 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Apr 2022 10:02:46 GMT

Redirect headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 17:54:49 GMT
x-content-type-options: nosniff
server: cafe
age: 78839
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/7928391831661038378
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 15 May 2021 17:54:49 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame D3DD 43 B
146 B 125ms
24ms Image
image/gif 3.124.165.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=fmx&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.165.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame D3DD 0
0 551ms
21ms Image
text/html 185.33.221.88
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame D3DD
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=299a355a50ea533dacb39a5e&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=3&3pid=386f6079-b1e0-4500-bd85-33a681cdb9d6&gdpr=1&gdpr_consent=

43 B
2 KB

25ms
23ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=3&3pid=386f6079-b1e0-4500-bd85-33a681cdb9d6&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date: Fri, 16 Apr 2021 15:50:00 GMT
Server: MT3 3660 495c301 master cdg-pixel-x10
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ce.lijit.com/merge?pid=3&3pid=386f6079-b1e0-4500-bd85-33a681cdb9d6&gdpr=1&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 16 Apr 2021 15:49:59 GMT

GET
H2

204

no_match_opted_out
um.simpli.fi/ Frame D3DD
Redirect Chain

https://um.simpli.fi/lj_match?r=1618588127882&gdpr=1&gdpr_consent=
https://um.simpli.fi/no_match_opted_out

0
272 B

25ms
23ms

Image
text/plain

169.50.137.190
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/no_match_opted_out

Requested by

Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.190 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

be.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 16 Apr 2021 15:48:48 GMT
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS

Redirect headers

date: Fri, 16 Apr 2021 15:48:48 GMT
x-content-type-options: nosniff
server: nginx
location: /no_match_opted_out
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Thu, 15 Apr 2021 15:48:48 GMT

GET
H/1.1 204
No Content sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame D3DD 0
239 B 468ms
106ms Image
image/gif 8.43.72.97
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 636a4452fa95aad32992c06634d4089f
Content-Type: image/gif

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame D3DD
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=Mjk5YTM1NWE1MGVhNTMzZGFjYjM5YTVl

170 B
243 B

151ms
34ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=Mjk5YTM1NWE1MGVhNTMzZGFjYjM5YTVl

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=Mjk5YTM1NWE1MGVhNTMzZGFjYjM5YTVl
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1

200
OK

reporting
ap.lijit.com/dsp/google/ Frame D3DD
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=Mjk5YTM1NWE1MGVhNTMzZGFjYjM5YTVl
https://ap.lijit.com/dsp/google/reporting

43 B
567 B

32ms
29ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/dsp/google/reporting
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ap.lijit.com/dsp/google/reporting
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 238
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame D3DD
Redirect Chain

https://aorta.clickagy.com/pixel.gif?ch=185&cm=299a355a50ea533dacb39a5e&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=84&3pid=c:5dc558eeb665d3821da1d0e958a3fa6d

43 B
1 KB

26ms
25ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=84&3pid=c:5dc558eeb665d3821da1d0e958a3fa6d
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date: Fri, 16 Apr 2021 15:48:48 GMT
server: Aorta/2.4.14-20210304.4cf0ca0
access-control-allow-origin
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/plain
Location: https://ce.lijit.com/merge?pid=84&3pid=c:5dc558eeb665d3821da1d0e958a3fa6d
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
X-Aorta-Region: us-east-1
Connection: keep-alive
X-Aorta-Host: ip-10-42-18-53.ec2.internal
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
Content-Length: 0

GET
H/1.1

200
OK

iu3
aax-eu.amazon-adsystem.com/s/ Frame D3DD
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=1&gdpr_consent=
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t

0
0

37ms
36ms

Image
text/html

52.95.118.60
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.118.60 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame D3DD 0
239 B 143ms
27ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame D3DD
Redirect Chain

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=299a355a50ea533dacb39a5e/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=5001&3pid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent=

43 B
1 KB

133ms
24ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=5001&3pid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://ce.lijit.com/merge?pid=5001&3pid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent=
cache-control: no-cache
x-server: 10.45.28.108
content-length: 0
expires: 0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame D3DD
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=

43 B
649 B

22ms
22ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame D3DD
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=1&gdpr_consent=
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=87&3pid=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0

43 B
1 KB

26ms
26ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=87&3pid=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location: //ce.lijit.com/merge?pid=87&3pid=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0
Date: Fri, 16 Apr 2021 15:48:48 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 cksync.php
contextual.media.net/ Frame D3DD 45 B
371 B 217ms
154ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=sov&ovsid=299a355a50ea533dacb39a5e&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1023%263pid%3D%24%7BUSER%7D&gdpr=1&gdpr_consent=

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Fri, 16 Apr 2021 15:48:48 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Fri, 16 Apr 2021 15:48:48 GMT

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame D3DD
Redirect Chain

https://ums.acuityplatform.com/tum?umid=27&uid=299a355a50ea533dacb39a5e&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=66&3pid=573443741461
https://ce.lijit.com/merge?pid=66&3pid=573443741461&dnr=1

0
433 B

25ms
25ms

Image
text/plain

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=66&3pid=573443741461&dnr=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:52 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:52 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=66&3pid=573443741461&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame D3DD
Redirect Chain

https://sync.1rx.io/usersync2/sovrn?gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=56&3pid=OPTOUT

43 B
645 B

31ms
29ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=56&3pid=OPTOUT
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: Tengine
ETag: OPTOUT
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://ce.lijit.com/merge?pid=56&3pid=OPTOUT
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame D3DD
Redirect Chain

https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent=
https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent=&tc=1
https://ce.lijit.com/merge?pid=86&3pid=25HJhndzcYwQ1eV5GPkX&pi=sovrn&gdpr_consent=&gdpr=1&tc=1

43 B
2 KB

28ms
24ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=86&3pid=25HJhndzcYwQ1eV5GPkX&pi=sovrn&gdpr_consent=&gdpr=1&tc=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:49 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location: https://ce.lijit.com/merge?pid=86&3pid=25HJhndzcYwQ1eV5GPkX&pi=sovrn&gdpr_consent=&gdpr=1&tc=1
pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT, Fri, 16 Apr 2021 15:48:49 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame D3DD
Redirect Chain

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=OFQSZmxVQG8jB0dvaFwIZ20AE2cjB0RpPlUh0Lxt

43 B
1 KB

25ms
25ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=OFQSZmxVQG8jB0dvaFwIZ20AE2cjB0RpPlUh0Lxt
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=OFQSZmxVQG8jB0dvaFwIZ20AE2cjB0RpPlUh0Lxt
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame D3DD
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=49&3pid=PWNKDdcqs97u&ev=1&pid=558511&gdpr_consent=&gdpr=1

43 B
2 KB

32ms
31ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=49&3pid=PWNKDdcqs97u&ev=1&pid=558511&gdpr_consent=&gdpr=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:49 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://ce.lijit.com/merge?pid=49&3pid=PWNKDdcqs97u&ev=1&pid=558511&gdpr_consent=&gdpr=1
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-7c488d4f5b-gxw7t
expires: -1

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame D3DD
Redirect Chain

https://match.prod.bidr.io/cookie-sync/svr?gdpr=1&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/svr?gdpr=1&gdpr_consent=&_bee_ppp=1
https://ce.lijit.com/merge?pid=85&3pid=AACKX07A82QAACq44aeSsQ&gdpr=1

43 B
2 KB

26ms
26ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=85&3pid=AACKX07A82QAACq44aeSsQ&gdpr=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:50 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location: https://ce.lijit.com/merge?pid=85&3pid=AACKX07A82QAACq44aeSsQ&gdpr=1
Date: Fri, 16 Apr 2021 15:48:50 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame D3DD
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=1827&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=10&3pid=1870471594334026225

43 B
2 KB

26ms
25ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=10&3pid=1870471594334026225
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:49 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location: https://ce.lijit.com/merge?pid=10&3pid=1870471594334026225
Date: Fri, 16 Apr 2021 15:48:49 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 generic
data.adsrvr.org/track/cmf/ Frame D3DD 70 B
264 B 61ms
37ms Image
image/gif 52.18.90.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.90.176 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame FF6E 8 KB
3 KB 111ms
23ms Document
text/html 184.30.24.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://gslbeacon.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
ETag: "1300708-1f78-5b232eb4914bb"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 2654
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=18564
Expires: Fri, 16 Apr 2021 20:58:12 GMT
Date: Fri, 16 Apr 2021 15:48:48 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 0608867b Show response
rtb.gumgum.com/usync/ Frame ECBC 3 KB
1 KB 143ms
37ms Document
text/html 34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 13153e36a53d7264221ffd2ca59337b9f965434daa4ce357e765b7a9ba3ef66a

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
content-type: text/html;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
set-cookie: vst=e_0c67d83c-34b4-40d7-9f8f-e53843cd4d6f; Domain=.gumgum.com; Expires=Sat, 16-Apr-2022 15:48:48 GMT; Path=/; Secure; SameSite=None
etag: W/"08b164990f4a646602c1d20cadf850fbd"
timing-allow-origin: *
content-encoding: gzip

GET
H2

200

cm Show response
us-u.openx.net/w/1.0/ Frame C7CC
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_c...
https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&g...

776 B
811 B

31ms
30ms

Document
text/html

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.205.4 /
Resource Hash: ea1ab723409b9d065cb03a6feb1d24cf256bc5e6a9f5ff819823c28895f1a9c5

Request headers

:method: GET
:authority: us-u.openx.net
:scheme: https
:path: /w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=e383214d-8aa7-04ab-166d-327b87ba3540|1618588128
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=e383214d-8aa7-04ab-166d-327b87ba3540|1618588128; Version=1; Expires=Sat, 16-Apr-2022 15:48:48 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1618588128|gekin0vNiygu; Version=1; Expires=Sat, 01-May-2021 15:48:48 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.205.4
p3p: CP="CUR ADM OUR NOR STA NID"
date: Fri, 16 Apr 2021 15:48:48 GMT
content-type: text/html
content-length: 477
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

set-cookie: i=e383214d-8aa7-04ab-166d-327b87ba3540|1618588128; Version=1; Expires=Sat, 16-Apr-2022 15:48:48 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.205.4
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
date: Fri, 16 Apr 2021 15:48:48 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame B22D 8 KB
3 KB 96ms
23ms Document
text/html 184.30.24.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://gslbeacon.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
ETag: "1300708-1f78-5b232eb4914bb"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 2654
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=18564
Expires: Fri, 16 Apr 2021 20:58:12 GMT
Date: Fri, 16 Apr 2021 15:48:48 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

Cookie set merge Show response
ce.lijit.com/ Frame 93F5
Redirect Chain

https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=1&3pid=7717151559607682856&gdpr=1&gdpr_consent=

43 B
1 KB

51ms
27ms

Document
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ce.lijit.com/merge?pid=1&3pid=7717151559607682856&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_689163_775f7e51fd00474d895321c21d7dfabf&rand=8328&informer=13406526&type=fpads&loc=https%3A%2F%2Fwww.themoscowtimes.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Host: ce.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://gslbeacon.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D; ljt_reader=299a355a50ea533dacb39a5e; ctag=512:1618674527|515:1621180127|388:1621180127|580:1618674527|582:1618674527|520:1621180127|584:1618674527|234:1619797727|586:1618674527|203:1619797727|205:1618674527|589:1621180127|462:1618674527|561:1621180127|563:1621180127|565:1618674527|185:1618674527|541:1619797727; ljtrtbexp=eJxdkLERwDAIA3dxncJggyCr5bJ7Yp8bVL4OhNDTpN3iEo5piqvpxkQCC90rj4qQytY7KdKJ6QDOAUnNxZmJOvErUZVgTwoZlDImsRHTvvI%2BJVI%2FnQ0Zm1F%2FGOQ3yW8mtUbzFtxhTfR%2BrnBXPQ%3D%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

Server: nginx
Date: Fri, 16 Apr 2021 15:48:48 GMT
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: _ljtrtb_1=7717151559607682856;Path=/;Domain=.lijit.com;Expires=Sat, 16-Apr-2022 15:48:48 GMT;Max-Age=31536000;Secure;SameSite=None ljtrtbexp=eJxdkLERwDAIA3dxncJggyCr5bJ7Yp8bVL4OhNDTpN3iEo5piqvpxkQCC90rj4qQytY7KdKJ6QDOAUnNxZmJOvErUZVgTwoZlDImsRHTvvI%2BJVI%2FnQ0Zm1F%2FGOQ3yW8mtUbzFtxhTfR%2BrnBXPQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Sat, 16-Apr-2022 15:48:48 GMT;Max-Age=31536000;Secure;SameSite=None ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Sat, 16-Apr-2022 15:48:48 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=299a355a50ea533dacb39a5e;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None ctag=512:1618674527|515:1621180127|388:1621180127|580:1618674527|582:1618674527|520:1621180127|584:1618674527|234:1619797727|586:1618674527|203:1619797727|205:1618674527|589:1621180127|462:1618674527|561:1621180127|563:1621180127|565:1618674527|185:1618674527|541:1619797727;Path=/;Domain=.lijit.com;Expires=Sun, 16-May-2021 15:48:48 GMT;Max-Age=2592000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap4ams1

Redirect headers

p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache
set-cookie: uid=7717151559607682856; Domain=.turn.com; Expires=Wed, 13-Oct-2021 15:48:48 GMT; Path=/; Secure; SameSite=None
location: https://ce.lijit.com/merge?pid=1&3pid=7717151559607682856&gdpr=1&gdpr_consent=
content-length: 0
date: Fri, 16 Apr 2021 15:48:48 GMT

GET
H2 200 receive
pixel.tapad.com/idsync/ex/ Frame D4DD 95 B
428 B 37ms
36ms Image
image/png 35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1512&partner_device_id=299a355a50ea533dacb39a5e&gdpr=1&gdpr_consent=

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Jetty(9.4.28.v20200408) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

GET
H/1.1 204
No Content t.dhj Show response
pxdrop.lijit.com/1/d/ Frame D4DD 0
225 B 42ms
29ms Script
text/plain 104.111.233.227
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pxdrop.lijit.com/1/d/t.dhj?dmn=likevertising.com&GDPR_v2=
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.233.227 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-227.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Expires: Fri, 16 Apr 2021 15:48:48 GMT

GET
H/1.1 200
OK ct
ap.lijit.com/data/ Frame D4DD 43 B
206 B 32ms
28ms Image
image/gif 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/data/ct?tid=a_689161_a0918f25319c4164a737a8b93f33d456&zoneid=689161&cid=18&geo=BE&all_tags=248%2C383%2C429%2C458%2C465%2C490%2C501%2C503%2C519%2C523%2C539%2C543%2C576%2C578%2C590&tss=430%2C433&fired_tags=519%2C590&count=2&status=8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C1%2C8%2C8%2C8%2C8%2C8%2C1&elapsed_ms=434
Requested by: Host: likevertising.com
URL: https://likevertising.com/counter?i=b2q9ssvr0rctu7elxrne&a=798b3c9db127d443eca7398dcf6ff2539&cb=9925431618588125781
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
X-Sovrn-Pod: ad_ap4ams1
X-Powered-By: raptor
Content-Length: 43
Content-Type: image/gif

GET
H2 200 passback Show response
exchange.adtrue.com/tag/ Frame 96D9 251 B
443 B 179ms
175ms Script
application/javascript 52.37.176.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.adtrue.com/tag/passback?adtrue_pzoneid=17496&divid=1015029589&ref=undefined
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/rtb/passback.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.37.176.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-37-176-195.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 81c6252fcdefa91de8fe4774beb814434f984e06563ffe512fc9ee24b75c4afc

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
server: nginx
content-length: 251
content-type: application/javascript

GET
H2 200 passback Show response
exchange.adtrue.com/tag/ Frame 1E36 300 B
492 B 178ms
175ms Script
application/javascript 52.37.176.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.adtrue.com/tag/passback?adtrue_pzoneid=17495&divid=507219485&ref=undefined
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/rtb/passback.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.37.176.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-37-176-195.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 26b4e73ffd535f79b0a83d7f845e10a5f90848743309f0dfa61f214bf4cb0410

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
server: nginx
content-length: 300
content-type: application/javascript

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7A40 0
0 38ms
34ms Fetch
text/html 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CnGhT3rF5YI7oJvKR7_UPoNWGkAX27pzwYNiY4tKzC87q2u7rChABINbmxVhgufjHgNwBoAHM_PjcA8gBCakCoBiA-5gYtD7gAgCoAwHIA5sEqgTHAk_Qq0sGQ7Jh1oGPduvyMsFFLE3N7fVPy5Hns2aM8Gb90MyaO5TYRJeJgla5-kt8TvzbfsRm4xpGOXuySjm2UBjkt09JgvsuAqqezCQ3hgPZPukjNbrlG6CSvHmoZDAi5QlAKQcXzl4DnJ7baFvehGhTYBpor7gKdnRebV0HUpYNvseE4XP54fv9Y50EejXxDb9kzKqDV69F5n1tFYj8QzaivR5xLnZRAijePePmAjHHZKzwYwwtAzcrMnQAs79m8kKvCxODWAVAXR2Kekp6akDOCjN4WBbSI6SfJBp0i9OQAG-FhwsDnr1AjZJyxGRP3jHJOSucdJepFeloEolMSPEqooHGLtKyGM8dVUjrReGOXlNRrmIN7gPzKbYeMsquH5QiYvNueY1yFMA-k69a_jZEvLnQw8QqgqkBI9UT7XRrXs9Y2ueu48AE7o243qcB4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB5yDhyOoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEO_YAdIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tODc2NDg4MzUzNDM2Njg4N4AKA8gLAdgTAogUBbIXGgoYCAASFHB1Yi0yMTI4NzU3MTY3ODEyNjYz&sigh=bx2Xx1MKi7k&template_id=494
Requested by: Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s02-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 13AF 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 15 Apr 2021 16:59:40 GMT
expires: Fri, 16 Apr 2021 16:59:40 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 82148
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 7A40 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c135d926af427deee597462eb699564d1b574f9d153e550416d11bd4f96844b5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v14/ Frame 7A40 20 KB
20 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v14/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

475700259e64d480d1a70023e14741bb298a025e338bb608552e2472d4505a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 10:38:22 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:32 GMT
server: sffe
age: 105026
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20900
x-xss-protection: 0
expires: Fri, 15 Apr 2022 10:38:22 GMT

GET
H2 200 impl.20210414-6-RELEASE.js Show response
cdn.taboola.com/libtrc/ Frame 842B 480 KB
110 KB 32ms
21ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20210414-6-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/themoscowtimes300x250gr-r18604356/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 5c1c30811521e2a8e3f1f66d6e550b2d48a250cd11b81223180c9b3fb2f29c3b

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: vs9zfjmj52qQCvZeDRMgkTHl2EUEsIHE
content-encoding: br
etag: "e2aa74824e227f919caf68a3ad379b8a"
age: 24755
x-cache: HIT
content-length: 112566
x-amz-id-2: 8sX7ROG8Ywr4W/GQb+5O7U2IaUiPl2BzaJapdsLBu9dHudwfjbB9E0zysf16Cc4pz3TEYGLX824=
x-served-by: cache-hhn11576-HHN
last-modified: Wed, 14 Apr 2021 08:54:43 GMT
server: AmazonS3-br
x-timer: S1618588129.605657,VS0,VE0
date: Fri, 16 Apr 2021 15:48:48 GMT
vary: Accept-Encoding
x-amz-request-id: 5N55FMRHEZ39CMVJ
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript
abp: 89
x-cache-hits: 152561

GET
H2 200 tr5
cdn.taboola.com/libtrc/ Frame 842B 3 B
75 B 23ms
21ms Image
text/html 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/tr5?abgroup=snap_img_webp_var_2
Requested by: Host: likevertising.com
URL: https://likevertising.com/usersync?i=ozq8lklz3e1znpqig3c&a=87a35e76bc314113496756222bdcb5fa5&cb=6581331618588125765
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1618588129.605648,VS0,VE0
x-served-by: cache-hhn11576-HHN
x-cache: HIT
content-type: text/html
cache-control: private,max-age=14400
accept-ranges: bytes
content-length: 3
retry-after: 0
x-cache-hits: 0

GET
H3-29 200 wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js Show response
pagead2.googlesyndication.com/bg/ Frame 1AE9 14 KB
6 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c24a517cf3dc453e6046e54ec1f6944bd762da6fc68447fcfa84c374723bbb09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 11:40:22 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 08 Apr 2021 09:18:00 GMT
server: sffe
age: 14906
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5710
x-xss-protection: 0
expires: Sat, 16 Apr 2022 11:40:22 GMT

GET
H2 200 tr5
cdn.taboola.com/libtrc/ Frame E226 3 B
140 B 23ms
21ms Image
text/html 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/tr5?abgroup=snap_img_webp_var_2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/themoscowtimes728x90gr-r18604579/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1618588129.742593,VS0,VE0
x-served-by: cache-hhn11576-HHN
x-cache: HIT
content-type: text/html
cache-control: private,max-age=14400
accept-ranges: bytes
content-length: 3
retry-after: 0
x-cache-hits: 0

GET
H2 200 impl.20210414-6-RELEASE.js Show response
cdn.taboola.com/libtrc/ Frame E226 480 KB
110 KB 23ms
22ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20210414-6-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/themoscowtimes728x90gr-r18604579/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 5c1c30811521e2a8e3f1f66d6e550b2d48a250cd11b81223180c9b3fb2f29c3b

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: vs9zfjmj52qQCvZeDRMgkTHl2EUEsIHE
content-encoding: br
etag: "e2aa74824e227f919caf68a3ad379b8a"
age: 24755
x-cache: HIT
content-length: 112566
x-amz-id-2: 8sX7ROG8Ywr4W/GQb+5O7U2IaUiPl2BzaJapdsLBu9dHudwfjbB9E0zysf16Cc4pz3TEYGLX824=
x-served-by: cache-hhn11576-HHN
last-modified: Wed, 14 Apr 2021 08:54:43 GMT
server: AmazonS3-br
x-timer: S1618588129.742917,VS0,VE0
date: Fri, 16 Apr 2021 15:48:48 GMT
vary: Accept-Encoding
x-amz-request-id: 5N55FMRHEZ39CMVJ
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript
abp: 89
x-cache-hits: 152562

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 0F83
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEIv7-1Hq-lGliW-w9kGw42M&google_cver=1&google_push=AQvitULMaPUYc2dr2LK2E9jaXBNS0J4INz_jewAJ2aAGxrOytrRFf8SHkqEIXCtahIi_1Y2mnTv2NQnWyKFsm3UrmTA38_iDKQI
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzU3NTg3NTExMzEwODg2NDE5OQ==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESECWQMY3N7qrmDDtu7gVjOe4&google_cver=1

43 B
407 B

318ms
19ms

Image
image/gif

46.228.164.11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESECWQMY3N7qrmDDtu7gVjOe4&google_cver=1
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESECWQMY3N7qrmDDtu7gVjOe4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0F83
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJs27TeiQ1FR67e1_EMKWwo&google_cver=1&google_push=AQvitUJnarW4BrfvrXxeorWECmcxl8EfpzCvdFuWk9Ln06y_4NzetnFi2WuVeOHF3yGMNpDEyj10swbDxgPo4L-A...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUJnarW4BrfvrXxeorWECmcxl8EfpzCvdFuWk9Ln06y_4NzetnFi2WuVeOHF3yGMNpDEyj10swbDxgPo4L-AQb01ovONxS8
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUJnarW4BrfvrXxeorWECmcxl8EfpzCvdFuWk9Ln06y_4NzetnFi2WuVeOHF3yGMNpDEyj10swbDxgPo4L-AQb01ovONxS8&google_tc=

170 B
188 B

57ms
57ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUJnarW4BrfvrXxeorWECmcxl8EfpzCvdFuWk9Ln06y_4NzetnFi2WuVeOHF3yGMNpDEyj10swbDxgPo4L-AQb01ovONxS8&google_tc=

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUJnarW4BrfvrXxeorWECmcxl8EfpzCvdFuWk9Ln06y_4NzetnFi2WuVeOHF3yGMNpDEyj10swbDxgPo4L-AQb01ovONxS8&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 398
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 0F83
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEBEtujKrF4v-fJa4Gt-LYHc&google_cver=1&google_push=AQvitUIB1YFoCcy2xLq1JGiZJQ0Qkzm4--p8AGPMKOVaCWNxMdddDZc2ZT3sBa-ZZ6UpimTz-n0XsQNPrjjIIfmop9jnYq78gOru&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBEtujKrF4v-fJa4Gt-LYHc&google_cver=1&google_push=AQvitUIB1YFoCcy2xLq1JGiZJQ0Qkzm4--p8AGPMKOVaCWNxMdddDZc2ZT3sBa-ZZ6UpimTz-n0XsQNPrjjIIfmop9jnYq78gOr...

43 B
584 B

182ms
178ms

Image
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBEtujKrF4v-fJa4Gt-LYHc&google_cver=1&google_push=AQvitUIB1YFoCcy2xLq1JGiZJQ0Qkzm4--p8AGPMKOVaCWNxMdddDZc2ZT3sBa-ZZ6UpimTz-n0XsQNPrjjIIfmop9jnYq78gOru&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUIB1YFoCcy2xLq1JGiZJQ0Qkzm4--p8AGPMKOVaCWNxMdddDZc2ZT3sBa-ZZ6UpimTz-n0XsQNPrjjIIfmop9jnYq78gOru%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 640e8f5e7bc96377-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
cf-request-id: 097cf7ef0c00006377f139b000000001
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 1197
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 640e8f5ccb256377-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBEtujKrF4v-fJa4Gt-LYHc&google_cver=1&google_push=AQvitUIB1YFoCcy2xLq1JGiZJQ0Qkzm4--p8AGPMKOVaCWNxMdddDZc2ZT3sBa-ZZ6UpimTz-n0XsQNPrjjIIfmop9jnYq78gOru&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUIB1YFoCcy2xLq1JGiZJQ0Qkzm4--p8AGPMKOVaCWNxMdddDZc2ZT3sBa-ZZ6UpimTz-n0XsQNPrjjIIfmop9jnYq78gOru%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 097cf7edfb0000637710933000000001
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 0F83 70 B
264 B 155ms
37ms Image
image/gif 52.18.90.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEEH20yOeo1O7UVYvOOtsp0c&google_cver=1&google_push=AQvitUJfdQIp2bBygvJXwxa5hSxJ7EIyR1DepAIuhP4FTrYeSASxrI9aQwFUux5hCf1zAGedKeP6tS6DmPyXUjPxK7AHKVO6tLE
Requested by: Host: 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
URL: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.90.176 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0F83
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEE_x_4881QvM4MzN6jTZS9w&google_cver=1&google_push=AQvitUK1krtq1SuBLmh_S6mwt5Fo8d8hnXo1j63OF0BB9UsCRPQlZp13NNBg0MEN0JRvdtlgYigBJW4paWNzmY...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk1MTc4MzA3NTQ3OTg3Nzc4MA%3D%3D&google_push=AQvitUK1krtq1SuBLmh_S6mwt5Fo8d8hnXo1j63OF0BB9UsCRPQlZp13NNBg0MEN0JRvdtlgYigBJW4paWNzmYfE3W...

170 B
188 B

55ms
54ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk1MTc4MzA3NTQ3OTg3Nzc4MA%3D%3D&google_push=AQvitUK1krtq1SuBLmh_S6mwt5Fo8d8hnXo1j63OF0BB9UsCRPQlZp13NNBg0MEN0JRvdtlgYigBJW4paWNzmYfE3WBOX6hSwhw

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk1MTc4MzA3NTQ3OTg3Nzc4MA%3D%3D&google_push=AQvitUK1krtq1SuBLmh_S6mwt5Fo8d8hnXo1j63OF0BB9UsCRPQlZp13NNBg0MEN0JRvdtlgYigBJW4paWNzmYfE3WBOX6hSwhw
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0F83
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEG3Me7BcUmW9a6lWc-pyPPM&google_cver=1&google_push=AQvitUJfQS1DsBZawfbITt1pzRQNEDQbW5b-MfuysoJG3GChX5B_OkQ_BsItST9EbnkLrwZoszJYK8wD...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEG3Me7BcUmW9a6lWc-pyPPM&google_cver=1&google_push=AQvitUJfQS1DsBZawfbITt1pzRQNEDQbW5b-MfuysoJG3GChX5B_OkQ_BsItST9EbnkLrwZoszJ...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDY1MTk3MjQ1NzM1NTMzMTAzMQ&google_push=AQvitUJfQS1DsBZawfbITt1pzRQNEDQbW5b-MfuysoJG3GChX5B_OkQ_BsItST9EbnkLrwZoszJYK8...

170 B
188 B

35ms
34ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDY1MTk3MjQ1NzM1NTMzMTAzMQ&google_push=AQvitUJfQS1DsBZawfbITt1pzRQNEDQbW5b-MfuysoJG3GChX5B_OkQ_BsItST9EbnkLrwZoszJYK8wD7CxFLunV0eM8oNqqvbY

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDY1MTk3MjQ1NzM1NTMzMTAzMQ&google_push=AQvitUJfQS1DsBZawfbITt1pzRQNEDQbW5b-MfuysoJG3GChX5B_OkQ_BsItST9EbnkLrwZoszJYK8wD7CxFLunV0eM8oNqqvbY
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0F83
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJydzknH_q4NVl0fxCBGopY&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJydzknH_q4NVl0fxCBGopY&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHmx4LnnDUiwr-1b882MogAABHYAAAAB&google_push=AQvitUIxYwDY0Arw24hYXaa8C3GP9_p5rZkWsnZRgnN83C7JmlboE2vVngt0LJGo7o6fcHE9yHPVYlFe5lsGxiQSQc...

170 B
188 B

35ms
34ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHmx4LnnDUiwr-1b882MogAABHYAAAAB&google_push=AQvitUIxYwDY0Arw24hYXaa8C3GP9_p5rZkWsnZRgnN83C7JmlboE2vVngt0LJGo7o6fcHE9yHPVYlFe5lsGxiQSQc7ebI2jaEE&google_gid=CAESEJydzknH_q4NVl0fxCBGopY&google_cver=1

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHmx4LnnDUiwr-1b882MogAABHYAAAAB&google_push=AQvitUIxYwDY0Arw24hYXaa8C3GP9_p5rZkWsnZRgnN83C7JmlboE2vVngt0LJGo7o6fcHE9yHPVYlFe5lsGxiQSQc7ebI2jaEE&google_gid=CAESEJydzknH_q4NVl0fxCBGopY&google_cver=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 459
Expires: Fri, 16 Apr 2021 15:48:48 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 0F83 0
50 B 37ms
36ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IskUMSKib0BMZlXvuC54KMUB-M35mAe1IemkwIYrNxgvJRVeWgvZRa2k6Mz4o787TpsM31

Requested by

Host: 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
URL: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 D8HEh_EK_vVIoYZ6.ts Show response
video.twimg.com/ext_tw_video/1189906731922530304/pu/vid/3000/6000/320x568/ Frame 0420 109 KB
109 KB 115ms
114ms XHR
video/mp2t 2606:2800:233:1ab3:789:1032:20e3:21
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://video.twimg.com/ext_tw_video/1189906731922530304/pu/vid/3000/6000/320x568/D8HEh_EK_vVIoYZ6.ts

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.vendors~loaders.video.PlayerHls13.c1ff98cb19b0cce6b70c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:1ab3:789:1032:20e3:21 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F8E) /

Resource Hash

e36a4f5cdfb6ce356335d908f609cc7eae28bce5d14a9d93f1c3f192367aa968

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time: 21
date: Fri, 16 Apr 2021 15:48:48 GMT
x-content-type-options: nosniff
surrogate-key: ext_tw_video ext_tw_video/bucket/1 ext_tw_video/1189906731922530304
last-modified: Thu, 31 Oct 2019 14:05:26 GMT
server: ECAcc (frc/8F8E)
age: 790
x-tw-cdn: VZ, VZ
content-type: video/MP2T
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 6541f144b9a83151ebe320408b9451a5
accept-ranges: bytes
content-length: 111860

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 946F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
173 B

14ms
14ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: 4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
URL: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 16 Apr 2021 15:48:48 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Fri, 16-Apr-2021 16:48:48 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 16 Apr 2021 15:48:48 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 16 Apr 2021 15:48:48 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 socialmedia4.tmb-479v.png
www.who.int/images/default-source/campaigns/world-immunization-week/wiw-2020/ Frame 1E36 112 KB
116 KB 51ms
33ms Image
image/png 2606:4700::6811:71bc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.who.int/images/default-source/campaigns/world-immunization-week/wiw-2020/socialmedia4.tmb-479v.png?sfvrsn=937d8af2_6

Requested by

Host: likevertising.com
URL: https://likevertising.com/usync?i=ozq8lklz3e1znpqig3c&a=4f4a4c72e5d91df7438c43d8a6ef40cd1&cb=7651761618588125766

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:71bc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

c4a860a38885b7b7b6536fd9394ff66499092b651f172b4ed01f2574f5c8322f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' player.4am.ch polyfill.io services.arcgis.com www.googleadservices.com assets.sitescdn.net .nativechat.com .addthis.com static.hotjar.com app.powerbi.com dc.services.visualstudio.com wabi-north-europe-redirect.analysis.windows.net pbipdfapp.azurewebsites.net content.powerapps.com visuals.azureedge.net gis.azureedge.net pbi.azureedge.net .who.int m.addthis.com liveapi-cached.yext.com covidfunding.eiu.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com who-covid-answers.int.pagescdn.com who-answers.pagescdn.com liveapi.yext.com answers.yext-pixel.com westeurope.tts.speech.microsoft.com wabi-north-europe-redirect.analysis.windows.net pbipdfapp.azurewebsites.net who.cloudflareaccess.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.youtube.com public.tableau.com .googleapis.com .nativechat.com .gstatic.com www.google.com .google-analytics.com apis.google.com .sharethis.com connect.facebook.net ajax.aspnetcdn.com cdnjs.cloudflare.com www.clarity.ms https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com .twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net .eloqua.com js.hs-scripts.com js.hs-analytics.net .en25.com cdn.ampproject.org s7.addthis.com kendo.cdn.telerik.com www.googletagmanager.com z.moatads.com v1.addthisedge.com cdnjs.cloudflare.com www.who.int polyfill.io kendo.cdn.telerik.com .googletagmanager.com .pingdom.net .jwpcdn.com .doubleclick.net assets.sitescdn.net whosearch.searchblox.com .msecnd.net tagmanager.google.com static.hotjar.com covidfunding.eiu.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com who-covid-answers.int.pagescdn.com who-answers.pagescdn.com script.hotjar.com assets.pinterest.com apps.who.int m.addthis.com npmcdn.com script.hotjar.com; style-src 'self' 'unsafe-inline' .googleapis.com .nativechat.com .sharethis.com .gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com cdnjs.cloudflare.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ .twimg.com use.fontawesome.com www.who.int player.4am.ch whosearch.searchblox.com tagmanager.google.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com .nativechat.com .sharethis.com netdna.bootstrapcdn.com data: use.fontawesome.com www.who.int player.4am.ch whosearch.searchblox.com script.hotjar.com app.powerbi.com pbi.azureedge.net; img-src 'self' data: .gstatic.com .googleapis.com .nativechat.com .sharethis.com .google-analytics.com platform.tumblr.com www.clarity.ms web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://apps.who.int https://.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ .twimg.com data: blob: .eloqua.com track.hubspot.com stats.g.doubleclick.net .who.int yt3.ggpht.com i.ytimg.com addthis.com .googleusercontent.com googletagmanager.com script.hotjar.com www.addthis.com log.pinterest.com whosearch.searchblox.com app.powerbi.com pbi.azureedge.net kendo.cdn.telerik.com; media-src 'self' terrance.who.int data: blob: .who.int; frame-src 'self' player.vimeo.com html5-player.libsyn.com .nativechat.com public.tableau.com experience.arcgis.com www.facebook.com s7.addthis.com www.youtube.com platform.twitter.com .who.int .doubleclick.net docs.google.com syndication.twitter.com .sitefinity.cloud player.4am.ch .sharethis.mgr.consensu.org .google.com vars.hotjar.com youtube-nocookie.com covidfunding.eiu.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com who-covid-answers.int.pagescdn.com who-answers.pagescdn.com assets.pinterest.com www.youtube-nocookie.com vars.hotjar.com app.powerbi.com pbi.azureedge.net wabi-north-europe-g-primary-redirect.analysis.windows.net; frame-ancestors app.powerbi.com pbi.azureedge.net .who.int; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ .nativechat.com https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.who.int; connect-src 'self' stats.g.doubleclick.net accounts.google.com https://.dec.sitefinity.com .nativechat.com .mktoresp.com .who.int www.clarity.ms services.arcgis.com dc.services.visualstudio.com whosearch.searchblox.com .google-analytics.com smartsuggest.searchblox.com m.addthis.com liveapi-cached.yext.com liveapi.yext.com answers.yext-pixel.com wss://westeurope.tts.speech.microsoft.com in.hotjar.com wss://.hotjar.com *.hotjar.com vc.hotjar.io app.powerbi.com pbi.azureedge.net pbipdfapp.azurewebsites.net wabi-north-europe-redirect.analysis.windows.net; object-src app.powerbi.com pbi.azureedge.net pbipdfapp.azurewebsites.net wabi-north-europe-redirect.analysis.windows.net;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-aspnet-version: 4.0.30319
age: 6657233
cf-polished: origSize=114402
content-disposition: inline; filename=socialmedia4.png
x-instance-name: RD0003FF1A74B8
vary: Accept-Encoding
content-length: 114369
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:7d90af53-a640-4c9a-9d36-1c3f84f71f51
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 19 Jan 2021 11:20:21 GMT
server: cloudflare
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
access-control-expose-headers: Request-Context
cache-control: public, max-age=7776000, s-maxage=7776000
content-security-policy: default-src 'self' player.4am.ch polyfill.io services.arcgis.com www.googleadservices.com assets.sitescdn.net *.nativechat.com *.addthis.com static.hotjar.com app.powerbi.com dc.services.visualstudio.com wabi-north-europe-redirect.analysis.windows.net pbipdfapp.azurewebsites.net content.powerapps.com visuals.azureedge.net gis.azureedge.net pbi.azureedge.net *.who.int m.addthis.com liveapi-cached.yext.com covidfunding.eiu.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com who-covid-answers.int.pagescdn.com who-answers.pagescdn.com liveapi.yext.com answers.yext-pixel.com westeurope.tts.speech.microsoft.com wabi-north-europe-redirect.analysis.windows.net pbipdfapp.azurewebsites.net who.cloudflareaccess.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.youtube.com public.tableau.com *.googleapis.com *.nativechat.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com *.sharethis.com connect.facebook.net ajax.aspnetcdn.com cdnjs.cloudflare.com www.clarity.ms https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org s7.addthis.com kendo.cdn.telerik.com www.googletagmanager.com z.moatads.com v1.addthisedge.com cdnjs.cloudflare.com www.who.int polyfill.io kendo.cdn.telerik.com *.googletagmanager.com *.pingdom.net *.jwpcdn.com *.doubleclick.net assets.sitescdn.net whosearch.searchblox.com *.msecnd.net tagmanager.google.com static.hotjar.com covidfunding.eiu.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com who-covid-answers.int.pagescdn.com who-answers.pagescdn.com script.hotjar.com assets.pinterest.com apps.who.int m.addthis.com npmcdn.com script.hotjar.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.nativechat.com *.sharethis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com cdnjs.cloudflare.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.fontawesome.com www.who.int player.4am.ch whosearch.searchblox.com tagmanager.google.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com *.nativechat.com *.sharethis.com netdna.bootstrapcdn.com data: use.fontawesome.com www.who.int player.4am.ch whosearch.searchblox.com script.hotjar.com app.powerbi.com pbi.azureedge.net; img-src 'self' data: *.gstatic.com *.googleapis.com *.nativechat.com *.sharethis.com *.google-analytics.com platform.tumblr.com www.clarity.ms web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://apps.who.int https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com stats.g.doubleclick.net *.who.int yt3.ggpht.com i.ytimg.com addthis.com *.googleusercontent.com googletagmanager.com script.hotjar.com www.addthis.com log.pinterest.com whosearch.searchblox.com app.powerbi.com pbi.azureedge.net kendo.cdn.telerik.com; media-src 'self' terrance.who.int data: blob: *.who.int; frame-src 'self' player.vimeo.com html5-player.libsyn.com *.nativechat.com public.tableau.com experience.arcgis.com www.facebook.com s7.addthis.com www.youtube.com platform.twitter.com *.who.int *.doubleclick.net docs.google.com syndication.twitter.com *.sitefinity.cloud player.4am.ch *.sharethis.mgr.consensu.org *.google.com vars.hotjar.com youtube-nocookie.com covidfunding.eiu.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com who-covid-answers.int.pagescdn.com who-answers.pagescdn.com assets.pinterest.com www.youtube-nocookie.com vars.hotjar.com app.powerbi.com pbi.azureedge.net wabi-north-europe-g-primary-redirect.analysis.windows.net; frame-ancestors app.powerbi.com pbi.azureedge.net *.who.int; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ *.nativechat.com https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.who.int; connect-src 'self' stats.g.doubleclick.net accounts.google.com https://*.dec.sitefinity.com *.nativechat.com *.mktoresp.com *.who.int www.clarity.ms services.arcgis.com dc.services.visualstudio.com whosearch.searchblox.com *.google-analytics.com smartsuggest.searchblox.com m.addthis.com liveapi-cached.yext.com liveapi.yext.com answers.yext-pixel.com wss://westeurope.tts.speech.microsoft.com in.hotjar.com wss://*.hotjar.com *.hotjar.com vc.hotjar.io app.powerbi.com pbi.azureedge.net pbipdfapp.azurewebsites.net wabi-north-europe-redirect.analysis.windows.net; object-src app.powerbi.com pbi.azureedge.net pbipdfapp.azurewebsites.net wabi-north-europe-redirect.analysis.windows.net;
cf-request-id: 097cf7ee1700004e49982b8000000001
accept-ranges: bytes
cf-ray: 640e8f5cf8714e49-FRA
expires: Fri, 23 Apr 2021 13:45:25 GMT

GET
H2 200 world-health-day.gif
cdn-adtrue.com/statics/images/psa/ Frame 96D9 26 KB
27 KB 26ms
23ms Image
image/gif 2606:4700:e0::ac40:6f08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-adtrue.com/statics/images/psa/world-health-day.gif
Requested by: Host: likevertising.com
URL: https://likevertising.com/stats?i=b2q9ssvr0rctu7elxrne&a=42995271e73e9db492ff35b40498d85b5&cb=7250621618588125779
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6f08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53bfa8917121f9afec4c3c0a3ff270c81a8d90116c720adc7dcbfc9c7fc497ae

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 13948918
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 26616
cf-request-id: 097cf7ee0600004e7a1784b000000001
last-modified: Thu, 25 Jun 2020 02:50:22 GMT
server: cloudflare
etag: "5ef410ee-67f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xN36AfgD99d3XNeQ%2B%2F2s6FwG%2Bje7F%2FdLvfeEBK9CQ1bn12eWux5L1rebpQsdPrad3LYT%2FIAZbFWLEIi%2FfHmE%2FueiU3IvokuwSzIyNyIL3kWHGthQY7C1SsLPaA%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: image/gif
cache-control: max-age=31104000
accept-ranges: bytes
cf-ray: 640e8f5cd9974e7a-FRA
expires: Mon, 01 Nov 2021 05:06:50 GMT

GET
H2 200 wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js Show response
pagead2.googlesyndication.com/bg/ Frame F971 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c24a517cf3dc453e6046e54ec1f6944bd762da6fc68447fcfa84c374723bbb09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:17:26 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 08 Apr 2021 09:18:00 GMT
server: sffe
age: 1882
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5710
x-xss-protection: 0
expires: Sat, 16 Apr 2022 15:17:26 GMT

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame B9FF 38 KB
14 KB 55ms
26ms Document
text/html 184.30.24.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=

Response headers

Last-Modified: Wed, 14 Apr 2021 09:18:30 GMT
ETag: "13006b6-98c2-5bfeb3aef82b4"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14060
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=132008
Expires: Sun, 18 Apr 2021 04:28:56 GMT
Date: Fri, 16 Apr 2021 15:48:48 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 5938 38 KB
14 KB 273ms
248ms Document
text/html 184.30.24.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=

Response headers

Last-Modified: Wed, 14 Apr 2021 09:18:30 GMT
ETag: "13006b6-98c2-5bfeb3aef82b4"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14060
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=132008
Expires: Sun, 18 Apr 2021 04:28:56 GMT
Date: Fri, 16 Apr 2021 15:48:48 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame C7CC 43 B
1 KB 63ms
21ms Image
image/gif 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=76&3pid=5cc1c0d4-c994-0151-0b07-4c359b2c39ef&gdpr=1&gdpr_consent=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:48 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame C7CC
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=6a796079-b1e0-4400-90cb-e1c53ed31491

43 B
106 B

53ms
49ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=6a796079-b1e0-4400-90cb-e1c53ed31491
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.205.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
via: 1.1 google
server: OXGW/16.205.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 16 Apr 2021 15:50:00 GMT
Server: MT3 3660 495c301 master cdg-pixel-x5
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=6a796079-b1e0-4400-90cb-e1c53ed31491
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 16 Apr 2021 15:49:59 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame C7CC
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=zCncd5gojn7Xfdt_my_GfMwviS3XLdl8yHogNxy8

43 B
180 B

44ms
44ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=zCncd5gojn7Xfdt_my_GfMwviS3XLdl8yHogNxy8
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.205.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
via: 1.1 google
server: OXGW/16.205.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=zCncd5gojn7Xfdt_my_GfMwviS3XLdl8yHogNxy8
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame C7CC
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4188996197613463029

43 B
106 B

27ms
26ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4188996197613463029
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.205.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
via: 1.1 google
server: OXGW/16.205.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4188996197613463029
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame C7CC 70 B
265 B 66ms
36ms Image
image/gif 52.18.90.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=302f1e14-2320-3b5c-4cbb-fa93e39d06bd&gdpr=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.90.176 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C7CC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MWM0MGNkZGUtZWE1Ny02NWY4LTU5NWItYTAyYTI5N2ZjOGRk
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MWM0MGNkZGUtZWE1Ny02NWY4LTU5NWItYTAyYTI5N2ZjOGRk&google_tc=

170 B
188 B

52ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MWM0MGNkZGUtZWE1Ny02NWY4LTU5NWItYTAyYTI5N2ZjOGRk&google_tc=

Requested by

Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MWM0MGNkZGUtZWE1Ny02NWY4LTU5NWItYTAyYTI5N2ZjOGRk&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame C7CC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMdncsuQCf2I0fAsO3ORRyw&google_cver=1

43 B
106 B

30ms
29ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMdncsuQCf2I0fAsO3ORRyw&google_cver=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.205.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
via: 1.1 google
server: OXGW/16.205.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMdncsuQCf2I0fAsO3ORRyw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame ECBC
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dapn%26i%3D%24UID
https://rtb.gumgum.com/usersync?b=apn&i=8439287491051979253

35 B
237 B

40ms
40ms

Image
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=8439287491051979253
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:49 GMT
X-Proxy-Origin: 185.210.217.100; 185.210.217.100; 726.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.53:80
AN-X-Request-Uuid: 30c32cd9-3b6e-4c2b-970b-72af2ced3594
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=8439287491051979253
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame ECBC 43 B
145 B 54ms
27ms Image
image/gif 3.124.165.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_0c67d83c-34b4-40d7-9f8f-e53843cd4d6f&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.165.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2

200

usersync
rtb.gumgum.com/ Frame ECBC
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=1&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28kTuky4lY8HOK-m1ApWGIbmgTrzC8ikGbZ-03SddKoCuE3tu_9czd0BeS9wzMiIoG%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...

35 B
237 B

42ms
41ms

Image
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=obn&i=ENC%28kTuky4lY8HOK-m1ApWGIbmgTrzC8ikGbZ-03SddKoCuE3tu_9czd0BeS9wzMiIoG%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28kTuky4lY8HOK-m1ApWGIbmgTrzC8ikGbZ-03SddKoCuE3tu_9czd0BeS9wzMiIoG%29
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:50 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=obn&i=ENC%28kTuky4lY8HOK-m1ApWGIbmgTrzC8ikGbZ-03SddKoCuE3tu_9czd0BeS9wzMiIoG%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28kTuky4lY8HOK-m1ApWGIbmgTrzC8ikGbZ-03SddKoCuE3tu_9czd0BeS9wzMiIoG%29
Date: Fri, 16 Apr 2021 15:48:50 GMT
Connection: close
X-TraceId: 55b7633f4046218e9642f6fccbd8901d
Content-Length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame ECBC
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=88a7d659-cc97-48bb-8ec2-9da6871f99a7

35 B
237 B

41ms
40ms

Image
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=88a7d659-cc97-48bb-8ec2-9da6871f99a7
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Fri, 16 Apr 2021 15:48:48 GMT
content-encoding: gzip
server: OXGW/16.205.4
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=88a7d659-cc97-48bb-8ec2-9da6871f99a7
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H/1.1 200
OK sync
sync.srv.stackadapt.com/ Frame ECBC 43 B
168 B 3493ms
107ms Image
image/gif 54.226.160.243
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.srv.stackadapt.com/sync?nid=1&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.226.160.243 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:52 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2

200

usersync
rtb.gumgum.com/ Frame ECBC
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-NPVSjp9E2pfvcJVntrR_lH92cASi6q4Cy8ky~A

35 B
237 B

42ms
40ms

Image
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-NPVSjp9E2pfvcJVntrR_lH92cASi6q4Cy8ky~A
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Fri, 16 Apr 2021 15:48:48 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-NPVSjp9E2pfvcJVntrR_lH92cASi6q4Cy8ky~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame ECBC
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%...
https://rtb.gumgum.com/usersync?b=vnt&i=409e7bf4-9ecb-11eb-957b-dfbe397b0a47

35 B
237 B

40ms
40ms

Image
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=vnt&i=409e7bf4-9ecb-11eb-957b-dfbe397b0a47
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:56 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=vnt&i=409e7bf4-9ecb-11eb-957b-dfbe397b0a47
Date: Fri, 16 Apr 2021 15:48:55 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: 409e7bf5-9ecb-11eb-957b-dfbe397b0a47

GET
H2 204 services
sync.technoratimedia.com/ Frame ECBC 0
294 B 7838ms
117ms Image
text/plain 150.136.25.38
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 150.136.25.38 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:56 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 1008041894
access-control-allow-origin: https://rtb.gumgum.com/
access-control-allow-credentials: true

GET
H2 200 142
match.deepintent.com/usersync/ Frame ECBC 0
44 B 1363ms
107ms Image
text/plain 169.197.150.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142?redir=http%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:49 GMT
content-length: 0
server: a

GET
H2

200

usersync
rtb.gumgum.com/ Frame ECBC
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_0c67d83c-34b4-40d7-9f8f-e53843cd4d6f&gdpr=1&gdpr_consent=&us_privacy=
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1

35 B
237 B

40ms
40ms

Image
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:56 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:56 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 78
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame ECBC
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://rtb.gumgum.com/usersync?b=idi&i=3ae97653-8e89-4a47-8e48-4ed55d65e5a2

35 B
237 B

40ms
40ms

Image
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=idi&i=3ae97653-8e89-4a47-8e48-4ed55d65e5a2
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:50 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=idi&i=3ae97653-8e89-4a47-8e48-4ed55d65e5a2
date: Fri, 16 Apr 2021 15:48:50 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

usersync
rtb.gumgum.com/ Frame ECBC
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=1&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4046246586
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4046246586
https://sync.1rx.io/usersync/tradedesk/e108d097-6e57-45fe-ae30-e908027a76de
https://sync.targeting.unrulymedia.com/csync/RX-96f5bfbf-a74c-4a2a-b940-b545228bf75d-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-96f5bfbf-a74c-4a2a-b940-b545228bf75d-003
https://rtb.gumgum.com/usersync?b=rhy&i=RX-96f5bfbf-a74c-4a2a-b940-b545228bf75d-003

35 B
237 B

39ms
39ms

Image
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=rhy&i=RX-96f5bfbf-a74c-4a2a-b940-b545228bf75d-003
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Date: Fri, 16 Apr 2021 15:48:49 GMT
Server: Tengine
ETag: RX96f5bfbfa74c4a2ab940b545228bf75d003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://rtb.gumgum.com/usersync?b=rhy&i=RX-96f5bfbf-a74c-4a2a-b940-b545228bf75d-003
Connection: keep-alive
Content-Type: text/html

GET
H2

200

usersync
rtb.gumgum.com/ Frame ECBC
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=kdD08RMqGqq0&ev=1&pid=558355

35 B
237 B

40ms
39ms

Image
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=kdD08RMqGqq0&ev=1&pid=558355
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://rtb.gumgum.com/usersync?b=pln&i=kdD08RMqGqq0&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-7c488d4f5b-bk5h9
expires: -1

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame ECBC 43 B
2 KB 43ms
42ms Image
image/gif 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=36&3pid=e_0c67d83c-34b4-40d7-9f8f-e53843cd4d6f
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:49 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 265B
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=6a796079-b1e0-4400-90cb-e1c53ed31491&gdpr=1&gdpr_consent=

35 B
237 B

40ms
39ms

Document
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=6a796079-b1e0-4400-90cb-e1c53ed31491&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=mmh&i=6a796079-b1e0-4400-90cb-e1c53ed31491&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Fri, 16 Apr 2021 15:50:00 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Server: MT3 3660 495c301 master cdg-pixel-x6
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://rtb.gumgum.com/usersync?b=mmh&i=6a796079-b1e0-4400-90cb-e1c53ed31491&gdpr=1&gdpr_consent=
Expires: Fri, 16 Apr 2021 15:49:59 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame C6A6
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YHmx4QAAJ8GhbAAC
https://rtb.gumgum.com/usersync?b=atm&i=YHmx4QAAJ8GhbAAC&gdpr=1&gdpr_consent=&_test=YHmx4QAAJ8GhbAAC

35 B
237 B

48ms
47ms

Document
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=atm&i=YHmx4QAAJ8GhbAAC&gdpr=1&gdpr_consent=&_test=YHmx4QAAJ8GhbAAC
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=atm&i=YHmx4QAAJ8GhbAAC&gdpr=1&gdpr_consent=&_test=YHmx4QAAJ8GhbAAC
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Fri, 16 Apr 2021 15:48:50 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

server: Varnish
retry-after: 0
location: https://rtb.gumgum.com/usersync?b=atm&i=YHmx4QAAJ8GhbAAC&gdpr=1&gdpr_consent=&_test=YHmx4QAAJ8GhbAAC
accept-ranges: bytes
date: Fri, 16 Apr 2021 15:48:50 GMT
via: 1.1 varnish
x-served-by: cache-hhn4073-HHN
x-cache: HIT
x-cache-hits: 0
x-timer: S1618588130.056448,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H3-29

200

pixel Show response
cm.g.doubleclick.net/ Frame 4483
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wYzY3ZDgzYy0zNGI0LTQwZDctOWY4Zi1lNTM4NDNjZDRkNmY=&gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wYzY3ZDgzYy0zNGI0LTQwZDctOWY4Zi1lNTM4NDNjZDRkNmY=&gdpr=1&gdpr_consent=&google_tc=

170 B
188 B

36ms
35ms

Document
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wYzY3ZDgzYy0zNGI0LTQwZDctOWY4Zi1lNTM4NDNjZDRkNmY=&gdpr=1&gdpr_consent=&google_tc=

Requested by

Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cm.g.doubleclick.net
:scheme: https
:path: /pixel?google_nid=gumgum_dbm&google_hm=ZV8wYzY3ZDgzYy0zNGI0LTQwZDctOWY4Zi1lNTM4NDNjZDRkNmY=&gdpr=1&gdpr_consent=&google_tc=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: image/png
date: Fri, 16 Apr 2021 15:48:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wYzY3ZDgzYy0zNGI0LTQwZDctOWY4Zi1lNTM4NDNjZDRkNmY=&gdpr=1&gdpr_consent=&google_tc=
date: Fri, 16 Apr 2021 15:48:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 364
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Apr-2021 16:03:48 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 68C7 8 KB
3 KB 40ms
24ms Document
text/html 184.30.24.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://rtb.gumgum.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
ETag: "1300708-1f78-5b232eb4914bb"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 2654
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=18564
Expires: Fri, 16 Apr 2021 20:58:12 GMT
Date: Fri, 16 Apr 2021 15:48:48 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 generic Show response
match.adsrvr.org/track/cmf/ Frame D647 70 B
264 B 49ms
37ms Document
image/gif 52.18.90.176
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.90.176 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

:method: GET
:authority: match.adsrvr.org
:scheme: https
:path: /track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Fri, 16 Apr 2021 15:48:48 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 um
cs.emxdgt.com/ Frame 6DC7 0
0 3351ms
25ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=http%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: cs.emxdgt.com
:scheme: https
:path: /um?redirect=http%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: text/html
date: Fri, 16 Apr 2021 15:48:51 GMT
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 64EA
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YHmx6MCo8YoAAK4nCJoAAAAA

35 B
237 B

40ms
40ms

Document
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YHmx6MCo8YoAAK4nCJoAAAAA
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=sus&i=YHmx6MCo8YoAAK4nCJoAAAAA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Fri, 16 Apr 2021 15:48:57 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Server: nginx
Date: Fri, 16 Apr 2021 15:48:57 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://rtb.gumgum.com/usersync?b=sus&i=YHmx6MCo8YoAAK4nCJoAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time: 321
X-SO-HostName: a-ad40324.dc2p.scaleout.jp
X-SO-LB-Hostname: m-tgng38.dc4p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":8,"gdpr":true,"ipv4":"0.0.0.0","key":"YHmx6MCo8YoAAK4nCJoAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40324"}
X-SO-Key: YHmx6MCo8YoAAK4nCJoAAAAA
X-SO-IP: 185.210.217.100
X-SO-Cluster-ID: 8
X-SO-Upstream-ID: a-ad40324

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame BE32
Redirect Chain

https://p.rfihub.com/cm?pub=42796&in=1
https://rtb.gumgum.com/usersync?b=zet&i=1870471594334026212

35 B
237 B

55ms
54ms

Document
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=zet&i=1870471594334026212
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=zet&i=1870471594334026212
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Fri, 16 Apr 2021 15:48:49 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Fri, 16 Apr 2021 15:48:49 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: eud=H4sIAAAAAAAAAFslxmtoZmhhamFhaGRpaGYCAIrpdIwQAAAA; Path=/; Domain=.rfihub.com; Expires=Wed, 11 May 2022 15:48:49 GMT; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNrQwNzAxNzS1NDE2NjEwMjMyNBLiM9RNr_RIT0uJNDHMMs6Q4jU0M7QwtbAwNLI0NDMBAMsEDfE0AAAA; Path=/; Domain=.rfihub.com; Expires=Wed, 11 May 2022 15:48:49 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNrQwNzAxNzS1NDE2NjEwMjMyNBLiM9RNr_RIT0uJNDHMMs4AAKUdMU8lAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Location: https://rtb.gumgum.com/usersync?b=zet&i=1870471594334026212
Content-Length: 0
Server: Jetty(9.3.29.v20201019)

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 871B
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=25HJhndzcYwQ1eV5GPkX&pi=gumgum&tc=1

35 B
237 B

147ms
147ms

Document
image/gif

34.253.11.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=25HJhndzcYwQ1eV5GPkX&pi=gumgum&tc=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=rth&i=25HJhndzcYwQ1eV5GPkX&pi=gumgum&tc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Fri, 16 Apr 2021 15:48:49 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Fri, 16 Apr 2021 15:48:49 GMT Fri, 16 Apr 2021 15:48:49 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=25HJhndzcYwQ1eV5GPkX&pi=gumgum&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H2 200 json Show response
trc.taboola.com/themoscowtimes300x250gr-r18604356/trc/3/ Frame 842B 5 KB
2 KB 181ms
170ms XHR
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/themoscowtimes300x250gr-r18604356/trc/3/json?tim=17%3A48%3A48.870&lti=snap_img_webp_var_2&data=%7B%22id%22%3A727%2C%22ii%22%3A%22%2Fusersync%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1618391635625%2C%22vi%22%3A1618588128867%2C%22cv%22%3A%2220210414-6-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Flikevertising.com%2Fusersync%3Fi%3Dozq8lklz3e1znpqig3c%26a%3D87a35e76bc314113496756222bdcb5fa5%26cb%3D6581331618588125765%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22pev%22%3A5006%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22ack_exm%22%3Atrue%7D%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A300%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A250%2C%22dw%22%3A300%2C%22dh%22%3A250%2C%22qs%22%3A%22%3Fi%3Dozq8lklz3e1znpqig3c%26a%3D87a35e76bc314113496756222bdcb5fa5%26cb%3D6581331618588125765%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%2218604356%22%2C%22orig_uip%22%3A%2218604356%22%2C%22cd%22%3A0%2C%22mw%22%3A300%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22snap_img_webp_var_2%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210414-6-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 10660ee84ee065feea8c8889eaef630fcbd87f2959c8d8891760d87a56ce75e0

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 148
date: Fri, 16 Apr 2021 15:48:49 GMT
content-encoding: gzip
server: nginx
x-timer: S1618588129.892934,VS0,VE148
x-served-by: cache-hhn11576-HHN
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://likevertising.com
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

POST
H/1.1 200
OK aggregate Show response
bisdr.vidazoo.com/ 0
442 B 446ms
119ms XHR
text/plain 157.230.182.221
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://bisdr.vidazoo.com/aggregate?_=1618588128883
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/1.0.533/sbt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.230.182.221 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 16 Apr 2021 15:48:49 GMT
Server: nginx
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/plain
Access-Control-Allow-Headers: Origin, DNT, X-Requested-With, Keep-Alive, Content-Type, Accept, Cache-Control, Pragma, Authorization, Content-Length, Accept-Encoding, Accept-Language
Content-Length: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame C1DB 80 KB
26 KB 94ms
30ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:49 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 09:52:27 GMT
server: nginx
etag: W/"605322db-14013"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 17 Apr 2021 15:48:49 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 9BF7 80 KB
26 KB 30ms
17ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:49 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 09:52:27 GMT
server: nginx
etag: W/"605322db-14013"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 17 Apr 2021 15:48:49 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 13AF 0
191 B 44ms
29ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEOC-v6_UFHmuEarikWCDb5o&google_cver=1&google_push=AQvitUJuSUwTBIazZHkaGSeR6R0g8dKrQbUZiElbmG8tLAYvGfxd0MVDU9IrCwGzBtpwLjizFloAWhg1JwRanfKLFKZ5MaGyhr-0qA
Requested by: Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:48 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 13AF
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEE_x_4881QvM4MzN6jTZS9w&google_cver=1&google_push=AQvitUJvM9EDOMxpmCWFg45jcwLVw55uMGCiu-cqwioy2zwQf1P7kszHZLBs0fmYtK6Kv4YD-F23mQUljLTrWj...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk1MTc4MzA3NTQ3OTg3Nzc4MA%3D%3D&google_push=AQvitUJvM9EDOMxpmCWFg45jcwLVw55uMGCiu-cqwioy2zwQf1P7kszHZLBs0fmYtK6Kv4YD-F23mQUljLTrWjzTQY...

170 B
188 B

35ms
35ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk1MTc4MzA3NTQ3OTg3Nzc4MA%3D%3D&google_push=AQvitUJvM9EDOMxpmCWFg45jcwLVw55uMGCiu-cqwioy2zwQf1P7kszHZLBs0fmYtK6Kv4YD-F23mQUljLTrWjzTQYB3dZkh_l8QXg

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk1MTc4MzA3NTQ3OTg3Nzc4MA%3D%3D&google_push=AQvitUJvM9EDOMxpmCWFg45jcwLVw55uMGCiu-cqwioy2zwQf1P7kszHZLBs0fmYtK6Kv4YD-F23mQUljLTrWjzTQYB3dZkh_l8QXg
Date: Fri, 16 Apr 2021 15:48:49 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET match
um.wbtrk.net/doubleclick/user/ Frame 13AF 0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 13AF
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGY5uv-Pe6QU1pgRJaAkohI&google_cver=1&google_push=AQvitUJpR-L38lR2yicG_WA6I96drtWldWPjRQq9DDuyvHBvrgKicklIkdK0NryRQG8bIpqNgGWUzxrpcnBwuXL9dKFQ...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEGY5uv-Pe6QU1pgRJaAkohI&google_cver=1&google_push=AQvitUJpR-L38lR2yicG_WA6I96drtWldWPjRQq9DDuyvHBvrgKicklIkdK0NryRQG8bIpqNgGWUzxrpcnBwuX...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUJpR-L38lR2yicG_WA6I96drtWldWPjRQq9DDuyvHBvrgKicklIkdK0NryRQG8bIpqNgGWUzxrpcnBwuXL9dKFQiq4t8s1pPw&google_hm=nIJFJRisQhSJbNz2dVmwIQ==

170 B
188 B

34ms
34ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUJpR-L38lR2yicG_WA6I96drtWldWPjRQq9DDuyvHBvrgKicklIkdK0NryRQG8bIpqNgGWUzxrpcnBwuXL9dKFQiq4t8s1pPw&google_hm=nIJFJRisQhSJbNz2dVmwIQ==

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUJpR-L38lR2yicG_WA6I96drtWldWPjRQq9DDuyvHBvrgKicklIkdK0NryRQG8bIpqNgGWUzxrpcnBwuXL9dKFQiq4t8s1pPw&google_hm=nIJFJRisQhSJbNz2dVmwIQ==
date: Fri, 16 Apr 2021 15:48:49 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 13AF
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEG3Me7BcUmW9a6lWc-pyPPM&google_cver=1&google_push=AQvitULxDnEYEtCFi8eVkgPyPcL3xUnpIOHVofHRXcvR1MJ9JnAZiI4WZQBWCByb71M5Fo55iGtlCr4t...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDY1MTk3MjQ1NzM1NTMzMTAzMQ&google_push=AQvitULxDnEYEtCFi8eVkgPyPcL3xUnpIOHVofHRXcvR1MJ9JnAZiI4WZQBWCByb71M5Fo55iGtlCr...

170 B
188 B

39ms
34ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDY1MTk3MjQ1NzM1NTMzMTAzMQ&google_push=AQvitULxDnEYEtCFi8eVkgPyPcL3xUnpIOHVofHRXcvR1MJ9JnAZiI4WZQBWCByb71M5Fo55iGtlCr4td4bWf2gO81FGxh_oKIE_3w

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDY1MTk3MjQ1NzM1NTMzMTAzMQ&google_push=AQvitULxDnEYEtCFi8eVkgPyPcL3xUnpIOHVofHRXcvR1MJ9JnAZiI4WZQBWCByb71M5Fo55iGtlCr4td4bWf2gO81FGxh_oKIE_3w
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 13AF
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJydzknH_q4NVl0fxCBGopY&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHmx4LnnDUiwr-1b882MogAABHYAAAAB&google_push=AQvitUK3Ac8daY1WfwCM3mdE2n9eiIhV-dKl4pFOEFmIQmOQEGgJU8z0FF4SFTSyp28M2GrrKt57gaebLDQ78R1m2p...

170 B
188 B

50ms
48ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHmx4LnnDUiwr-1b882MogAABHYAAAAB&google_push=AQvitUK3Ac8daY1WfwCM3mdE2n9eiIhV-dKl4pFOEFmIQmOQEGgJU8z0FF4SFTSyp28M2GrrKt57gaebLDQ78R1m2p-BFSY6cYyy&google_cver=1&google_gid=CAESEJydzknH_q4NVl0fxCBGopY

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:49 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHmx4LnnDUiwr-1b882MogAABHYAAAAB&google_push=AQvitUK3Ac8daY1WfwCM3mdE2n9eiIhV-dKl4pFOEFmIQmOQEGgJU8z0FF4SFTSyp28M2GrrKt57gaebLDQ78R1m2p-BFSY6cYyy&google_cver=1&google_gid=CAESEJydzknH_q4NVl0fxCBGopY
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 460
Expires: Fri, 16 Apr 2021 15:48:49 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 13AF
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOFXZSfRmxUlGh5rGenEfGA&google_cver=1&google_push=AQvitUKTAOUsnh7GF0aIvgSwxoO0ep24wbuKCZvmK8udyqpcwo3qFRTAuyDlviG6PTaaNXQvX3tJG5FgUFCcHQ1Yjl8IIZLphb...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AQvitUKTAOUsnh7GF0aIvgSwxoO0ep24wbuKCZvmK8udyqpcwo3qFRTAuyDlviG6PTaaNXQvX3tJG5FgUFCcHQ1Yjl8IIZLphbSMIA&go...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NjYxMzAyMDgxMTAwODQyMTUwMw%3D%3D&google_push=AQvitUKTAOUsnh7GF0aIvgSwxoO0ep24wbuKCZvmK8udyqpcwo3qFRTAuyDl...

170 B
188 B

34ms
33ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NjYxMzAyMDgxMTAwODQyMTUwMw%3D%3D&google_push=AQvitUKTAOUsnh7GF0aIvgSwxoO0ep24wbuKCZvmK8udyqpcwo3qFRTAuyDlviG6PTaaNXQvX3tJG5FgUFCcHQ1Yjl8IIZLphbSMIA

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NjYxMzAyMDgxMTAwODQyMTUwMw%3D%3D&google_push=AQvitUKTAOUsnh7GF0aIvgSwxoO0ep24wbuKCZvmK8udyqpcwo3qFRTAuyDlviG6PTaaNXQvX3tJG5FgUFCcHQ1Yjl8IIZLphbSMIA
date: Fri, 16 Apr 2021 15:48:49 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 13AF 0
12 B 44ms
32ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LQFe5ZD2W_Q0Ehz7CrtMJ73yYZOdQTFaCtgtJwRldM8aAEv53wNXuDmzp0ms4wdzlvlY9W

Requested by

Host: f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
URL: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:49 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021041301&jk=1632832089829992&bg=!i4iliMzNAAZUuIlwVLg7ACkAdvg8WqO9JubYF797CKlbrRqEJ3WN9Hp6Vmf8W2g-4asajhNzedeuDwIAAAbzUgAAAFpoAQcKAOlJLZ4wd2Z0ceOO80IB9oZTxgH-CYRGBqE1ubVVt429Le3JmUetPfOYtsp4FWO_ep8rJw8vH3JFOoij2AW4UKvr4A3zQEvNxq4k0BPUDXsVtFXq1b10VDPDGx4SOdM5WFkB4W2dFbBQubXfrkNRgQvUnOqFYOTsJJHXp-6SARXTfimXT7LOtgGsE45KyIh0XjrvxK36i9jyXVIldBHH24GPY4StMWkKdTbs1uNySfNHoTatxzuqjCCUB0qUdlUryJMoR3rLhTPEvcV5FZ3-mi52nTHQ9Yq0qdAoTpRu7ABucUoJMqow4GNj4JkCI-mOPAhd96I4VYiTx-sHBdcs7DVTSN7PBv0OaT43PSvG2CJv4N3qm3p-8wgFdU85RUVB7DF8KynPAEUK5UeULo6vwwg9XBlWfmN66sI69nSOfBnmjItbUe_AjeR1NTFEwt8QhT-gzGnT2yDTKq3YKomQc22mz1INVoTaDjUOY5UudCCRPBUJK0HDE9N1aaC6AdFWOPIM-jDRcazRG6b6raSLTz7kb9ZTS4A2VVEF1dSpbenbFlcFCiQ7a079-O074-DMh5MlMiOqbqLhQP5KiB18xNM-s2BpYtPqExFvXyLa07yVaUQ13H976vZAt7IbtHoIIDyMg0syqWCXcEzDZXRr5YBC4sRv3lqCeCk1lI-4ccZ2NVopVq0QxtNvt8fJ2xA_kQZh3U3T-hQZm_VQ3snHDQbuuYkM22-lXH1u07Q1SmaWXpPoU5feHO9UXzl2_mFp9WG0E3Nr1JLsAjpBRlFbKLArmXEmvOmlv8yFPfnNyMdxgATb21F8E-tG37klXMn2w9FFGLXLO9o_VkfER65A9hxHfzIHVVQiSnkwdqlXCygi1wYkfXpkrd7mV_N_wf3maX0s--oKo4ClHt886j6DK9VuveyZ8I54WLYFztP9bvJwSLryO3Dpev80LDeooi5Y8CjwkgCOv2yyDTPMjdYALousGqWjfndt16E6LjRcebzspMtajQc1zlynYQf_rxhfZ8PEFP78LuOOrJGqoa7zTGc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame B9FF 0
75 B 363ms
27ms Script
text/plain 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=74837230&p=156212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=&sec=1&async=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:49 GMT
Content-Length: 0

GET
H2 200 cta-branding.js Show response
cdn.taboola.com/demand-formats/cta-branding/ Frame 842B 14 KB
5 KB 25ms
24ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210414-6-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b80f9996f4ee83ac7e0cdc7b04f9e4150a90d41bbf901e7ea4a646d53f334a92

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: k0fLHolrULeyflnSHDHGwfQ5cxCVyM94
content-encoding: gzip
etag: "03de8465cf9a5b82f8bf06944d4a54bc"
age: 4167
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 4635
x-amz-id-2: n0fs0aPjHQZ717aN6pHqjdafdagMI/X2oD473Xn8JdFmnM8xoLNWv04vNqSOrRPlh5LHWAghvv8=
x-served-by: cache-hhn11576-HHN
last-modified: Tue, 13 Apr 2021 14:38:50 GMT
server: AmazonS3
x-timer: S1618588129.115038,VS0,VE0
date: Fri, 16 Apr 2021 15:48:49 GMT
vary: Accept-Encoding
x-amz-request-id: ZZF2F7YZGKDR2BAV
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 89
x-cache-hits: 51780

GET
H2 200 cta-branding.css
cdn.taboola.com/demand-formats/cta-branding/ Frame 842B 2 KB
1 KB 24ms
24ms Stylesheet
text/css 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.css
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210414-6-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6fe77418e833f1ddfcf701ba7b6ebbd24efd2e93bce56065e0f1e711b1d829f8

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 10qGt8O9hKdbB5IigEtXn8Bn._HPfO8j
content-encoding: gzip
etag: "10c372ee2c83a7fd12df18aebc5320c6"
age: 3599
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 719
x-amz-id-2: WKHOafpT9qf7ClanGhqGwcczB303Ax3znQ9/m3xHolnoZIR6HeT7S39m4QTumo+QVxjz+gbVzlI=
x-served-by: cache-hhn11576-HHN
last-modified: Tue, 06 Apr 2021 14:48:01 GMT
server: AmazonS3
x-timer: S1618588129.115115,VS0,VE0
date: Fri, 16 Apr 2021 15:48:49 GMT
vary: Accept-Encoding
x-amz-request-id: CR4E2RJ6SANDVYVF
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: text/css
abp: 89
x-cache-hits: 45278

GET
H2 200 tfa-eid.20210414-6-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame 842B 13 KB
5 KB 28ms
21ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/tfa-eid.20210414-6-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/themoscowtimes300x250gr-r18604356/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3b2738076279a02dfda00b02f8ee435e9cebb77b535a6b9dfe21b5523a5cde08

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: mcil7LLvHShbJAYM25abSAt5ko2HvoSo
content-encoding: gzip
etag: "f0c15c57ffc1f0a46194c879c6386fe4"
age: 108
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 4857
x-amz-id-2: v5Ibq2600YiONR7MaKjsx0SsWN3JTRD52AsNpHUhfuIOpkdHdG9indW48CnS9JFF6L2y6pTjImg=
x-served-by: cache-hhn11576-HHN
last-modified: Wed, 14 Apr 2021 09:09:32 GMT
server: AmazonS3
x-timer: S1618588129.124079,VS0,VE0
date: Fri, 16 Apr 2021 15:48:49 GMT
vary: Accept-Encoding
x-amz-request-id: 72FQCTBEEM77ZQS1
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 89
x-cache-hits: 1053

GET
H2 200 sha256.20210414-6-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame 842B 6 KB
3 KB 27ms
22ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/sha256.20210414-6-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/themoscowtimes300x250gr-r18604356/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c7a91e8ae78a2017b775f76cad66241ca3c2728228866622dc90cad71144e245

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: FCaRxwcW3MLlXzgVX9HQNSiyqGkGeGF_
content-encoding: gzip
etag: "449a15420f4bd41326d0ce1cb3e3252f"
age: 102
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 2596
x-amz-id-2: /fVS9G43oGlBjDh7W8lNMwAz/oem2yxojB0zPihiFGUPaXLwNGA4p9d0kdzsaRjM3PZxpd+CR4U=
x-served-by: cache-hhn11576-HHN
last-modified: Wed, 14 Apr 2021 09:09:42 GMT
server: AmazonS3
x-timer: S1618588129.124143,VS0,VE0
date: Fri, 16 Apr 2021 15:48:49 GMT
vary: Accept-Encoding
x-amz-request-id: FRPMTZM1YCZQKJHZ
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 89
x-cache-hits: 975

GET
H2 200 userx.20210414-6-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame 842B 23 KB
8 KB 22ms
22ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20210414-6-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/themoscowtimes300x250gr-r18604356/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 75bda79381d0f3e8fef483deb525dbbb64997a751a33e3901f3e62bc555501df

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: AB5kaFHgjUzYaSgXhghd6SMiz6ooDCVp
content-encoding: gzip
etag: "4dee943d9af8f930facd1ec702b5266b"
age: 70
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 7856
x-amz-id-2: urU9COxwtiuiB4uz1lO56EVkmVboMnMmnNM0RY1SB51LRkaZcs2S1tm+RTZouhYEPct48bnbYbE=
x-served-by: cache-hhn11576-HHN
last-modified: Wed, 14 Apr 2021 09:09:28 GMT
server: AmazonS3
x-timer: S1618588129.135755,VS0,VE0
date: Fri, 16 Apr 2021 15:48:49 GMT
vary: Accept-Encoding
x-amz-request-id: 4KDN0BQFYB3QY2Q0
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 89
x-cache-hits: 139

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame F7F6 38 KB
14 KB 48ms
47ms Document
text/html 184.30.24.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=

Response headers

Last-Modified: Wed, 14 Apr 2021 09:18:30 GMT
ETag: "13006b6-98c2-5bfeb3aef82b4"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14060
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=132007
Expires: Sun, 18 Apr 2021 04:28:56 GMT
Date: Fri, 16 Apr 2021 15:48:49 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CA3E 42 B
64 B 54ms
45ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6GSbf05xJKGuMUgqGUepZQK_bulKKaeDIlRlLMLdGj5Z2mV4A8hjGHAoTHnafgNUTVZgJ-mM1uj0lYK21xWfM78JQyl8HNmlB1TdZuvRJVDQhWjClkXgfHClV_A&sai=AMfl-YT75dpNh1bLgGxzje0oPjDcb29eIV_3G8tAz3E8nx4OrLMwzXCHZ9YBOiyxMhNO8imePKrpMFFTaibbOrYiD_h52i-b2KdDBWb2Y9aDY0CqCP2gGHYhzwmaIvwz&sig=Cg0ArKJSzIs8Bi4xhGUPEAE&cid=CAASF-RoFJTL-6POjpTgMwuuLbk1bxu0qPO0&id=lidar2&mcvt=1087&p=0,0,250,300&mtos=1087,1087,1087,1087,1087&tos=1087,0,0,0,0&v=20210414&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=2351213819&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1618588127332&dlt=125&rpt=832&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc9818e24c339b0f4c066314a7bfe71e.jpg
images-c.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 842B 12 KB
13 KB 133ms
111ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images-c.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/dc9818e24c339b0f4c066314a7bfe71e.jpg?tb_expo_img=snap_img_webp_var_2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 1c4895c3e647ff3d46841bf79ddefb5787a98c4a88bb396451244df82363793e

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 87
date: Fri, 16 Apr 2021 15:48:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 1316057
edge-cache-tag: 316376964530947663731713002560942685493,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
expiration: expiry-date="Mon, 12 Apr 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/dc9818e24c339b0f4c066314a7bfe71e.jpg?tb_expo_img=snap_img_webp_var_2
content-length: 12702
x-backend-name: CH_DIR:5x70XGtykj4r9GvwwItOnX--F_CH_nlb804
last-modified: Fri, 12 Mar 2021 03:17:48 GMT
server: nginx
x-timer: S1618588129.240769,VS0,VE87
etag: "05cebd5473518aefa153fbd9f7390a75"
x-served-by: cache-wdc5572-WDC, cache-dca17720-DCA, cache-hhn11576-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 9BF7 80 KB
26 KB 44ms
14ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:49 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 09:52:27 GMT
server: nginx
etag: W/"605322db-14013"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 17 Apr 2021 15:48:49 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame C1DB 80 KB
26 KB 36ms
27ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:49 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 09:52:27 GMT
server: nginx
etag: W/"605322db-14013"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 17 Apr 2021 15:48:49 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 1DCD 0
150 B 71ms
23ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=www.themoscowtimes.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=www.themoscowtimes.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://likevertising.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://likevertising.com/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 1514
date: Fri, 16 Apr 2021 15:48:48 GMT
content-length: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 99A5 0
150 B 54ms
22ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=www.themoscowtimes.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=www.themoscowtimes.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://likevertising.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://likevertising.com/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 1471
date: Fri, 16 Apr 2021 15:48:49 GMT
content-length: 0

GET
H2 200 UE898UsQMUkkMPIC.ts Show response
video.twimg.com/ext_tw_video/1189906731922530304/pu/vid/6000/9000/320x568/ Frame 0420 120 KB
120 KB 119ms
118ms XHR
video/mp2t 2606:2800:233:1ab3:789:1032:20e3:21
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://video.twimg.com/ext_tw_video/1189906731922530304/pu/vid/6000/9000/320x568/UE898UsQMUkkMPIC.ts

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.vendors~loaders.video.PlayerHls13.c1ff98cb19b0cce6b70c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:1ab3:789:1032:20e3:21 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F83) /

Resource Hash

3ec378895b33fd06fb988301a6e1611cce6662f90f9e0f10b8682dacafbc7a91

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time: 28
date: Fri, 16 Apr 2021 15:48:49 GMT
x-content-type-options: nosniff
surrogate-key: ext_tw_video ext_tw_video/bucket/1 ext_tw_video/1189906731922530304
last-modified: Thu, 31 Oct 2019 14:05:26 GMT
server: ECAcc (frc/8F83)
age: 791
x-tw-cdn: VZ, VZ
content-type: video/MP2T
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0181e941ac31113d3c6c6e9c58cf8106
accept-ranges: bytes
content-length: 122952

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images-c.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/dc9818e24c339b0f4c066314a7bfe71e.jpg?tb_expo_img=snap_img_webp_var_2
Requested by: Host: likevertising.com
URL: https://likevertising.com/usersync?i=ozq8lklz3e1znpqig3c&a=87a35e76bc314113496756222bdcb5fa5&cb=6581331618588125765
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 1c4895c3e647ff3d46841bf79ddefb5787a98c4a88bb396451244df82363793e

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Fri, 16 Apr 2021 15:48:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 1316057
edge-cache-tag: 316376964530947663731713002560942685493,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
expiration: expiry-date="Mon, 12 Apr 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/dc9818e24c339b0f4c066314a7bfe71e.jpg?tb_expo_img=snap_img_webp_var_2
content-length: 12702
x-backend-name: CH_DIR:5x70XGtykj4r9GvwwItOnX--F_CH_nlb804
last-modified: Fri, 12 Mar 2021 03:17:48 GMT
server: nginx
x-timer: S1618588129.469636,VS0,VE0
etag: "05cebd5473518aefa153fbd9f7390a75"
x-served-by: cache-wdc5572-WDC, cache-dca17720-DCA, cache-hhn11576-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 json Show response
trc.taboola.com/themoscowtimes728x90gr-r18604579/trc/3/ Frame E226 7 KB
3 KB 194ms
186ms XHR
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/themoscowtimes728x90gr-r18604579/trc/3/json?tim=17%3A48%3A49.470&lti=snap_img_webp_var_2&data=%7B%22id%22%3A886%2C%22ii%22%3A%22%2Fsync%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1618391617615%2C%22vi%22%3A1618588129469%2C%22cv%22%3A%2220210414-6-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Flikevertising.com%2Fsync%3Fi%3Db2q9ssvr0rctu7elxrne%26a%3D6965507efc6b22ad0bb46f9e614d09d69%26cb%3D7024631618588125787%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22pev%22%3A5006%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22ack_exm%22%3Atrue%7D%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A728%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A90%2C%22dw%22%3A728%2C%22dh%22%3A90%2C%22qs%22%3A%22%3Fi%3Db2q9ssvr0rctu7elxrne%26a%3D6965507efc6b22ad0bb46f9e614d09d69%26cb%3D7024631618588125787%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A3%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%2218604579%22%2C%22orig_uip%22%3A%2218604579%22%2C%22cd%22%3A0%2C%22mw%22%3A728%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22snap_img_webp_var_2%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210414-6-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2b52ae5fc0ef99c0ce9dc4519a087cb73bc2796771f4dd94c8dcd66ca737ba2f

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 147
date: Fri, 16 Apr 2021 15:48:49 GMT
content-encoding: gzip
server: nginx
x-timer: S1618588130.503306,VS0,VE147
x-served-by: cache-hhn11576-HHN
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://likevertising.com
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 39C6 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021041501&jk=2048651245875461&bg=!6-il6KzNAAZUuIlwVLg7ACkAdvg8WiTwcv255xxyeAa2jaXbFNX1a2Jpm2ssdSzCJB5kkSP-4wHIywIAAALCUgAAABBoAQcKAFkno7rbrkJf4-D3wcS14Nvx6miZcGxIckj9yMx4IPFO81oGWAwGP5fFeDfW_NSSQb0qf4hpDC_8ONh1bhpVbnakoozhgpJ5HeMgoK8UTNmTrYSdw43tvYPNzpkCairWilQ5FgbQM94DEAqSxQu0-b0OjmQ2DmNznTEMd45xJNZ8sP8Z-CVf1qlJ-Efbtlar3Yp_8E7Yi6HFe2RL89DD0Ft1yMpXkHyxb8kxiRBTZC14RtExQSGffia3qzW_J6qmuAPf_XSwzU9TnOpbI4JYqbsqbgE4sQNs7UK1YaOlw6txT9muVZM53uzg_xJ8vxgNGkRoEGoO6qoq_FkoF6vpxIydIeNoRjG7ERSZurarwSNrE-3ZrTYIbGGOCe_tm5pm9EshTpdZh0GiQ4QrmPSvjQepSVyx5RwGPzfQATKQoMI_9zMfVjzVerNqC31F2bjeqFFRmvLir-xLgypB7j9VrI9iZcGwr-Zrtfz-tiVeB23FWaXL3HrqtFBQoJN_p4jxyUqW7Eh_VFNUwBvJSBQuDpFA9_lhIzfFFNAcs5LEDYjJ8u4h00bPWPjBoDzdEvTruNK29Um61HXFdYcgZGlHcxQUGx9NhtW2gpTcDoPyECWwNnQYCrVfgRpIjDZWpiMrjAsY-YE_bM_h4W3u8Yb73YnKHcGWiF5RREjZK464ulaWWVzYwQAbWLig-0pPJVIcmLsalJBlUZTWyn5vbFevwgx_wJ8bn0xdlWeph4QSspv2oZWU_Sfl0XUeqePEAr6WRtzRBYF2PYOT-f_HQmOfQKplGvjUUezvTJ3HxMPQ1wI-Gpmdg036Mgucl7zfvbuojJ8Z8liVNa3TzvCHVnKO7d0Hh0qyUIhXzd6cjaF1Lq4VXNYDDMkT8smCu9gdLjpu0EkR0itNVXjlPK-PmiOLMfmQcncmCaiLWAjrGSwuYoh57ddMp5LTDA

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 88A1 0
20 B 44ms
41ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021041501&jk=3024109584693496&bg=!DwylDEjNAAZUuIlwVLg7ACkAdvg8Wu8JJ58wy3qJXwyofc-_ikmxibit4sZNdunjr61bjdEPgVErngIAAAJNUgAAABJoAQeZAmxXdEP7dJkQ0fXSBQbtqj3GTy5UGkCNp4wQ2kDI9wovvOrqN2o77w3L8JGxVVTxTAwd-BBdA0b8FMOY1sR3BIGOlZpQlgumF5IeDrFCwMExiuewUpitPMq_i-hJGm26d1NxynLpERUyrh42x2jToSSpoCN2-ozmN3xSFYIjL6kNvpcg76n_amxHOjeVw5h8iThc_wGswxX_uz8OU2rxAhLn5JcgcsAgUbxGzzZWmj24GsBtqa0PR0_n5cZK4ckrKjBV5QlykTOFFZ84-Xi3TL_lkVEJlNReaKYm6Djxz9SOgIV0sH72YhWq75m7PYs_kF1rmwsJfqiVtDSfk6djAHvSr0O18-QgjgzzTa1AUNTRNrlE50YBWv6nlqghLlkKKrwjZ4MvSR-epNnlUERd8sZ1rwpBAFVaeQpyKMnWE0x5F5WzWKGC8iTiIR3TmCkgBpJ0cpSBBCr5logS75Dypxf4okUyH5Dok3GXyOVX7XdnO55nIzdFYvfDURsQbDQdgNTnNiFhexIg3LtnqVp967586DSzBHlzENkkFxa3r_I1F4Pv5tKrpZpfhkEIzR88rdSfQj9Thw3w6tl-PLYkkAJp-gJqi4NJ_ETLJb6_WLSuTfesqMqg0AcnVRiyBAoqJkUiUDJ2iP-ngxiddvRvT2UqvMiXFjGLPg63xy5GQatlobvdxPwJivbPJhk__L4mQg7N3XIAm8vNnttnvBbMh7pJZlK0jbLWj5W_NiLVf9zQ2oQVLbf6kQe7jwrD0STF-FuUdi5kBaxkNOh7wa9F-2kEWSX8QqL-1YZ9o6z8inHgcFYv37vbZ9DwaiQkbg

Requested by

Host: www.themoscowtimes.com
URL: https://www.themoscowtimes.com/2019/11/01/putins-chef-ordered-to-pay-for-mass-child-poisonings-a68014

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cta-branding.js Show response
cdn.taboola.com/demand-formats/cta-branding/ Frame E226 14 KB
5 KB 26ms
21ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210414-6-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b80f9996f4ee83ac7e0cdc7b04f9e4150a90d41bbf901e7ea4a646d53f334a92

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: k0fLHolrULeyflnSHDHGwfQ5cxCVyM94
content-encoding: gzip
etag: "03de8465cf9a5b82f8bf06944d4a54bc"
age: 4168
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 4635
x-amz-id-2: n0fs0aPjHQZ717aN6pHqjdafdagMI/X2oD473Xn8JdFmnM8xoLNWv04vNqSOrRPlh5LHWAghvv8=
x-served-by: cache-hhn11576-HHN
last-modified: Tue, 13 Apr 2021 14:38:50 GMT
server: AmazonS3
x-timer: S1618588130.698748,VS0,VE0
date: Fri, 16 Apr 2021 15:48:49 GMT
vary: Accept-Encoding
x-amz-request-id: ZZF2F7YZGKDR2BAV
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 89
x-cache-hits: 51785

GET
H2 200 cta-branding.css
cdn.taboola.com/demand-formats/cta-branding/ Frame E226 2 KB
970 B 27ms
22ms Stylesheet
text/css 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.css
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210414-6-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6fe77418e833f1ddfcf701ba7b6ebbd24efd2e93bce56065e0f1e711b1d829f8

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 10qGt8O9hKdbB5IigEtXn8Bn._HPfO8j
content-encoding: gzip
etag: "10c372ee2c83a7fd12df18aebc5320c6"
age: 3600
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 719
x-amz-id-2: WKHOafpT9qf7ClanGhqGwcczB303Ax3znQ9/m3xHolnoZIR6HeT7S39m4QTumo+QVxjz+gbVzlI=
x-served-by: cache-hhn11576-HHN
last-modified: Tue, 06 Apr 2021 14:48:01 GMT
server: AmazonS3
x-timer: S1618588130.698687,VS0,VE0
date: Fri, 16 Apr 2021 15:48:49 GMT
vary: Accept-Encoding
x-amz-request-id: CR4E2RJ6SANDVYVF
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: text/css
abp: 89
x-cache-hits: 45283

GET
H2 200 tfa-eid.20210414-6-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame E226 13 KB
5 KB 26ms
25ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/tfa-eid.20210414-6-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/themoscowtimes728x90gr-r18604579/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3b2738076279a02dfda00b02f8ee435e9cebb77b535a6b9dfe21b5523a5cde08

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: mcil7LLvHShbJAYM25abSAt5ko2HvoSo
content-encoding: gzip
etag: "f0c15c57ffc1f0a46194c879c6386fe4"
age: 108
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 4857
x-amz-id-2: v5Ibq2600YiONR7MaKjsx0SsWN3JTRD52AsNpHUhfuIOpkdHdG9indW48CnS9JFF6L2y6pTjImg=
x-served-by: cache-hhn11576-HHN
last-modified: Wed, 14 Apr 2021 09:09:32 GMT
server: AmazonS3
x-timer: S1618588130.705423,VS0,VE0
date: Fri, 16 Apr 2021 15:48:49 GMT
vary: Accept-Encoding
x-amz-request-id: 72FQCTBEEM77ZQS1
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 89
x-cache-hits: 1059

GET
H2 200 sha256.20210414-6-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame E226 6 KB
3 KB 25ms
24ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/sha256.20210414-6-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/themoscowtimes728x90gr-r18604579/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c7a91e8ae78a2017b775f76cad66241ca3c2728228866622dc90cad71144e245

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: FCaRxwcW3MLlXzgVX9HQNSiyqGkGeGF_
content-encoding: gzip
etag: "449a15420f4bd41326d0ce1cb3e3252f"
age: 102
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 2596
x-amz-id-2: /fVS9G43oGlBjDh7W8lNMwAz/oem2yxojB0zPihiFGUPaXLwNGA4p9d0kdzsaRjM3PZxpd+CR4U=
x-served-by: cache-hhn11576-HHN
last-modified: Wed, 14 Apr 2021 09:09:42 GMT
server: AmazonS3
x-timer: S1618588130.705460,VS0,VE0
date: Fri, 16 Apr 2021 15:48:49 GMT
vary: Accept-Encoding
x-amz-request-id: FRPMTZM1YCZQKJHZ
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 89
x-cache-hits: 981

GET
H2 200 userx.20210414-6-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame E226 23 KB
8 KB 23ms
23ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20210414-6-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/themoscowtimes728x90gr-r18604579/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 75bda79381d0f3e8fef483deb525dbbb64997a751a33e3901f3e62bc555501df

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: AB5kaFHgjUzYaSgXhghd6SMiz6ooDCVp
content-encoding: gzip
etag: "4dee943d9af8f930facd1ec702b5266b"
age: 71
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 7856
x-amz-id-2: urU9COxwtiuiB4uz1lO56EVkmVboMnMmnNM0RY1SB51LRkaZcs2S1tm+RTZouhYEPct48bnbYbE=
x-served-by: cache-hhn11576-HHN
last-modified: Wed, 14 Apr 2021 09:09:28 GMT
server: AmazonS3
x-timer: S1618588130.710133,VS0,VE0
date: Fri, 16 Apr 2021 15:48:49 GMT
vary: Accept-Encoding
x-amz-request-id: 4KDN0BQFYB3QY2Q0
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 89
x-cache-hits: 140

GET
H2 200 dc9818e24c339b0f4c066314a7bfe71e.jpg
images-c.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame E226 3 KB
4 KB 26ms
24ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images-c.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/dc9818e24c339b0f4c066314a7bfe71e.jpg?tb_expo_img=snap_img_webp_var_2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2f62d3d501253ce1e1747329d53ce4a7f75b6eb368e12a5bfe261b5f35aa1f09

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Fri, 16 Apr 2021 15:48:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 893893
edge-cache-tag: 316376964530947663731713002560942685493,609000275878300931466227160548147665902,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/dc9818e24c339b0f4c066314a7bfe71e.jpg?tb_expo_img=snap_img_webp_var_2
content-length: 3302
x-request-id: c5e5f1d64fdfeef9be2a630f3e94acd2
x-backend-name: US_DIR:5x70XGtykj4r9GvwwItOnX--F_US_nlb104
last-modified: Sun, 14 Mar 2021 13:37:37 GMT
server: nginx
x-timer: S1618588130.731046,VS0,VE0
etag: "3430dba186ca97f9c5c859dc3d89612d"
x-served-by: cache-wdc5529-WDC, cache-dca17728-DCA, cache-hhn11576-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 2

GET
H2 200 e93625bf771740b3871af4061ec51b21.jpg
images-c.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//media.workandmoney.com/e9/36/ Frame E226 3 KB
4 KB 27ms
25ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images-c.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//media.workandmoney.com/e9/36/e93625bf771740b3871af4061ec51b21.jpg?tb_expo_img=snap_img_webp_var_2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 27a34e3514a9d0a24a38f75208de7b604b41505a01131eaf64f30a765316e6b7

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Fri, 16 Apr 2021 15:48:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 679217
edge-cache-tag: 563059531068588804443007161268722615137,609000275878300931466227160548147665902,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
expiration: expiry-date="Fri, 30 Apr 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//media.workandmoney.com/e9/36/e93625bf771740b3871af4061ec51b21.jpg?tb_expo_img=snap_img_webp_var_2
content-length: 3116
x-backend-name: US_DIR:5x70XGtykj4r9GvwwItOnX--F_US_nlb103
last-modified: Tue, 30 Mar 2021 09:27:52 GMT
server: nginx
x-timer: S1618588130.730984,VS0,VE1
etag: "9fb23aed4798940bae137bdc48be1151"
x-served-by: cache-wdc5571-WDC, cache-dca17726-DCA, cache-hhn11576-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 b0217927c4686576107b041e70a3544e.gif
images.taboola.com/taboola/image/fetch/fl_lossy%2Cf_gif%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame E226 118 KB
119 KB 95ms
32ms Image
image/gif 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/fl_lossy%2Cf_gif%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b0217927c4686576107b041e70a3544e.gif?tb_expo_img=snap_img_webp_var_2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: a0fe88833f7306616a5f72ff0154acdbfb001af239a392e50674a257a50135c1

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 2
date: Fri, 16 Apr 2021 15:48:49 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
age: 893213
edge-cache-tag: 428545969240323531423929530045056213366,586426724212824731964338498010423345056,29ecf9b93bbf306179626feeda1fab70
expiration: expiry-date="Sun, 02 May 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/fl_lossy%2Cf_gif%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b0217927c4686576107b041e70a3544e.gif?tb_expo_img=snap_img_webp_var_2
content-length: 121227
x-served-by: cache-dca17721-DCA, cache-dca17769-DCA, cache-fra19123-FRA
x-backend-name: CLOUDINARY:3FP7YNX3LMizprTZsG7BSW--F_addr_taboola_res_cloudinary_com
last-modified: Thu, 01 Apr 2021 23:06:58 GMT
server: cloudinary
x-timer: S1618588130.798225,VS0,VE2
etag: "11d56eb7d6e387543d4d0455673815fe"
vary: ImageFormat
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images-c.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/dc9818e24c339b0f4c066314a7bfe71e.jpg?tb_expo_img=snap_img_webp_var_2
Requested by: Host: likevertising.com
URL: https://likevertising.com/sync?i=b2q9ssvr0rctu7elxrne&a=6965507efc6b22ad0bb46f9e614d09d69&cb=7024631618588125787
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2f62d3d501253ce1e1747329d53ce4a7f75b6eb368e12a5bfe261b5f35aa1f09

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Fri, 16 Apr 2021 15:48:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 893893
edge-cache-tag: 316376964530947663731713002560942685493,609000275878300931466227160548147665902,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/dc9818e24c339b0f4c066314a7bfe71e.jpg?tb_expo_img=snap_img_webp_var_2
content-length: 3302
x-request-id: c5e5f1d64fdfeef9be2a630f3e94acd2
x-backend-name: US_DIR:5x70XGtykj4r9GvwwItOnX--F_US_nlb104
last-modified: Sun, 14 Mar 2021 13:37:37 GMT
server: nginx
x-timer: S1618588130.769396,VS0,VE0
etag: "3430dba186ca97f9c5c859dc3d89612d"
x-served-by: cache-wdc5529-WDC, cache-dca17728-DCA, cache-hhn11576-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images-c.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//media.workandmoney.com/e9/36/e93625bf771740b3871af4061ec51b21.jpg?tb_expo_img=snap_img_webp_var_2
Requested by: Host: likevertising.com
URL: https://likevertising.com/sync?i=b2q9ssvr0rctu7elxrne&a=6965507efc6b22ad0bb46f9e614d09d69&cb=7024631618588125787
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 27a34e3514a9d0a24a38f75208de7b604b41505a01131eaf64f30a765316e6b7

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Fri, 16 Apr 2021 15:48:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 679217
edge-cache-tag: 563059531068588804443007161268722615137,609000275878300931466227160548147665902,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
expiration: expiry-date="Fri, 30 Apr 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//media.workandmoney.com/e9/36/e93625bf771740b3871af4061ec51b21.jpg?tb_expo_img=snap_img_webp_var_2
content-length: 3116
x-backend-name: US_DIR:5x70XGtykj4r9GvwwItOnX--F_US_nlb103
last-modified: Tue, 30 Mar 2021 09:27:52 GMT
server: nginx
x-timer: S1618588130.769487,VS0,VE0
etag: "9fb23aed4798940bae137bdc48be1151"
x-served-by: cache-wdc5571-WDC, cache-dca17726-DCA, cache-hhn11576-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/fl_lossy%2Cf_gif%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b0217927c4686576107b041e70a3544e.gif?tb_expo_img=snap_img_webp_var_2
Requested by: Host: likevertising.com
URL: https://likevertising.com/sync?i=b2q9ssvr0rctu7elxrne&a=6965507efc6b22ad0bb46f9e614d09d69&cb=7024631618588125787
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: a0fe88833f7306616a5f72ff0154acdbfb001af239a392e50674a257a50135c1

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Fri, 16 Apr 2021 15:48:49 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
age: 893213
edge-cache-tag: 428545969240323531423929530045056213366,586426724212824731964338498010423345056,29ecf9b93bbf306179626feeda1fab70
expiration: expiry-date="Sun, 02 May 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/fl_lossy%2Cf_gif%2Ch_86%2Cw_120%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b0217927c4686576107b041e70a3544e.gif?tb_expo_img=snap_img_webp_var_2
content-length: 121227
x-served-by: cache-dca17721-DCA, cache-dca17769-DCA, cache-fra19123-FRA
x-backend-name: CLOUDINARY:3FP7YNX3LMizprTZsG7BSW--F_addr_taboola_res_cloudinary_com
last-modified: Thu, 01 Apr 2021 23:06:58 GMT
server: cloudinary
x-timer: S1618588130.880922,VS0,VE0
etag: "11d56eb7d6e387543d4d0455673815fe"
vary: ImageFormat
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 2

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7A40 42 B
64 B 48ms
47ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstERRwuz5QUaouqQncC3d7iWAPkZQbiP4kGENsHGN7zB-2ZQJccidAPGUBnuu5MHOvTwQ7XmBamzH-IS9kxEwmMlUVivpAh88viDEeJunPwteFRkHFJD7lSxW49t8_qQtLBQkkxrjrosgGoJMbi4Lg&sai=AMfl-YSQrbBorzaOVF7I3UYYtEJ2mFzt9Btv9h70WseBNxCs5uiWxDQty7ZLgZLUgWjMTsjXL7brSGkjCGTxFWmDEJCnfoyeA0dbqDqEehCIAhAnow03h9AO4r8Ui0uz&sig=Cg0ArKJSzPvfFokYYPBmEAE&cid=CAASF-RofQmOQ0diZrcA3HiR2QKC63SLaFvF&id=lidar2&mcvt=1001&p=0,0,90,970&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210414&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=3938885534&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1618588127575&dlt=65&rpt=1126&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 bulk Show response
trc.taboola.com/themoscowtimes300x250gr-r18604356/log/3/ Frame 842B 0
303 B 90ms
90ms XHR
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/themoscowtimes300x250gr-r18604356/log/3/bulk?route=AM%3AIL%3AV&lti=snap_img_webp_var_2&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210414-6-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 67
pragma: no-cache
date: Fri, 16 Apr 2021 15:48:50 GMT
via: 1.1 varnish
server: nginx
x-timer: S1618588130.211075,VS0,VE67
x-served-by: cache-hhn11576-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://likevertising.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

POST
H2 204 visible Show response
trc.taboola.com/themoscowtimes300x250gr-r18604356/log/3/ Frame 842B 0
66 B 93ms
93ms XHR
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/themoscowtimes300x250gr-r18604356/log/3/visible?route=AM%3AIL%3AV&lti=snap_img_webp_var_2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210414-6-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 68
pragma: no-cache
date: Fri, 16 Apr 2021 15:48:50 GMT
via: 1.1 varnish
server: nginx
x-timer: S1618588130.276109,VS0,VE68
x-served-by: cache-hhn11576-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://likevertising.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ Frame 842B 254 B
702 B 29ms
24ms Image
image/png 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by: Host: likevertising.com
URL: https://likevertising.com/usersync?i=ozq8lklz3e1znpqig3c&a=87a35e76bc314113496756222bdcb5fa5&cb=6581331618588125765
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
age: 821
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: 3fxKGKGG7x9smUgGRZY3/0rYOUUaxLooyKppUJbwjC3F0De0S2w7jAiA03CoGdM8qf9YzUtHXMg=
x-served-by: cache-hhn11576-HHN
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1618588130.353145,VS0,VE0
date: Fri, 16 Apr 2021 15:48:50 GMT
x-amz-request-id: BZA2MM8GAVQZA74K
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 89
x-cache-hits: 1256

POST
H2 204 bulk Show response
trc.taboola.com/themoscowtimes728x90gr-r18604579/log/3/ Frame E226 0
308 B 90ms
90ms XHR
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/themoscowtimes728x90gr-r18604579/log/3/bulk?route=AM%3AIL%3AV&lti=snap_img_webp_var_2&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210414-6-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 68
pragma: no-cache
date: Fri, 16 Apr 2021 15:48:50 GMT
via: 1.1 varnish
server: nginx
x-timer: S1618588131.719055,VS0,VE68
x-served-by: cache-hhn11576-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://likevertising.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

POST
H2 204 visible Show response
trc.taboola.com/themoscowtimes728x90gr-r18604579/log/3/ Frame E226 0
76 B 97ms
97ms XHR
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/themoscowtimes728x90gr-r18604579/log/3/visible?route=AM%3AIL%3AV&lti=snap_img_webp_var_2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210414-6-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 68
pragma: no-cache
date: Fri, 16 Apr 2021 15:48:50 GMT
via: 1.1 varnish
server: nginx
x-timer: S1618588131.733481,VS0,VE68
x-served-by: cache-hhn11576-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://likevertising.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H/1.1

200
OK

ImgSync
image8.pubmatic.com/AdServer/ Frame 209B
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156400&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?p=156400&gdpr=0&gdpr_consent=&rdf=1
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTRGQjhDMkYtN0VEQy00NjU3LTg4QUUtOTk3MTJGNzUzMDIy&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
75 B

26ms
25ms

Image
text/plain

185.64.190.79
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:53 GMT
Content-Length: 0

Redirect headers

Date: Fri, 16 Apr 2021 15:48:53 GMT
X-lat: amspug015:0:352
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Connection: keep-alive

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ Frame E226 254 B
325 B 24ms
24ms Image
image/png 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by: Host: likevertising.com
URL: https://likevertising.com/sync?i=b2q9ssvr0rctu7elxrne&a=6965507efc6b22ad0bb46f9e614d09d69&cb=7024631618588125787
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
age: 821
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: 3fxKGKGG7x9smUgGRZY3/0rYOUUaxLooyKppUJbwjC3F0De0S2w7jAiA03CoGdM8qf9YzUtHXMg=
x-served-by: cache-hhn11576-HHN
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1618588131.742708,VS0,VE0
date: Fri, 16 Apr 2021 15:48:50 GMT
x-amz-request-id: BZA2MM8GAVQZA74K
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 89
x-cache-hits: 1257

GET
H/1.1

200
OK

ImgSync
image8.pubmatic.com/AdServer/ Frame 105F
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156400&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?p=156400&gdpr=0&gdpr_consent=&rdf=1
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEEwNDUwQjYtMjYwMy00OUJCLTg5NTItN0RERkRGNDYxMjZD&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
75 B

26ms
25ms

Image
text/plain

185.64.190.79
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://likevertising.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:53 GMT
Content-Length: 0

Redirect headers

Date: Fri, 16 Apr 2021 15:48:52 GMT
X-lat: amspug007:0:369
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Connection: keep-alive

GET
H2

200

rtb-h
match.taboola.com/sg/mediaforcebidder-network/1/ Frame E206
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=taboola
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&tbid=29febbe1-38ac-44ef-abe5-ecf8b198d057-tuct7733763&query=taboola_hm%3D14c79c3d-4663-...

0
76 B

35ms
33ms

Image
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&tbid=29febbe1-38ac-44ef-abe5-ecf8b198d057-tuct7733763&query=taboola_hm%3D14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&isDirect=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:51 GMT
via: 1.1 varnish
server: nginx
x-timer: S1618588131.212361,VS0,VE12
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11576-HHN

Redirect headers

location: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&tbid=29febbe1-38ac-44ef-abe5-ecf8b198d057-tuct7733763&query=taboola_hm%3D14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&isDirect=0
tbl-x-upstream: 10.41.34.222:10213
date: Fri, 16 Apr 2021 15:48:51 GMT
server: nginx
x-fastly-to-nlb-rtt: 3919

GET
H2 200 sd
u.openx.net/w/1.0/ Frame E206 43 B
106 B 32ms
26ms Image
image/gif 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/sd?id=543998486&val=677568c6-7d8f-4d16-9de1-f9bb9e0b207a-tuct7733760&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.205.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:51 GMT
via: 1.1 google
server: OXGW/16.205.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame E206 0
239 B 155ms
34ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=16698
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

GET
H2

204

/
sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/ Frame E206
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fsync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc
https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=ioLkb2gVm30G&ev=1&orig=trc&pid=562107

0
218 B

25ms
22ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=ioLkb2gVm30G&ev=1&orig=trc&pid=562107
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.34.201:10213
date: Fri, 16 Apr 2021 15:48:51 GMT
server: nginx
x-fastly-to-nlb-rtt: 4088

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=ioLkb2gVm30G&ev=1&orig=trc&pid=562107
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-7c488d4f5b-gxw7t
expires: -1

GET
H2

200

/
sync.taboola.com/sg/appnexus-network/1/rtb-h/ Frame E206
Redirect Chain

https://ib.adnxs.com/getuidnb?https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc
https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8439287491051979253&orig=trc

0
225 B

47ms
20ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8439287491051979253&orig=trc
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.40.0.199:10213
date: Fri, 16 Apr 2021 15:48:51 GMT
server: nginx
x-fastly-to-nlb-rtt: 3919

Redirect headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:51 GMT
X-Proxy-Origin: 185.210.217.100; 185.210.217.100; 824.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.179:80
AN-X-Request-Uuid: 5bf92a01-8ba0-4f6b-ad15-465b91d3cb68
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8439287491051979253&orig=trc
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame E206
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEEROkTe30F8xKQPl8mVNZU8&google_cver=1

0
179 B

112ms
101ms

Image
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEEROkTe30F8xKQPl8mVNZU8&google_cver=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 68
date: Fri, 16 Apr 2021 15:48:51 GMT
via: 1.1 varnish
server: nginx
x-timer: S1618588131.176966,VS0,VE68
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11576-HHN

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:51 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEEROkTe30F8xKQPl8mVNZU8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 304
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK Pug
simage2.pubmatic.com/AdServer/ Frame E206 42 B
805 B 133ms
26ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=677568c6-7d8f-4d16-9de1-f9bb9e0b207a-tuct7733760:$UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:51 GMT
X-lat: lhrpug009:0:527
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E206
Redirect Chain

https://sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=204218d8-8ce0-4c90-b6d4-4fad554bea8e-tuct7733763

170 B
188 B

35ms
35ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=204218d8-8ce0-4c90-b6d4-4fad554bea8e-tuct7733763

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=204218d8-8ce0-4c90-b6d4-4fad554bea8e-tuct7733763
tbl-x-upstream: 10.40.0.175:10213
date: Fri, 16 Apr 2021 15:48:51 GMT
server: nginx
x-fastly-to-nlb-rtt: 3919

GET
H2

200

/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame E206
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e108d097-6e57-45fe-ae30-e908027a76de

0
183 B

101ms
99ms

Image
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e108d097-6e57-45fe-ae30-e908027a76de
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 67
date: Fri, 16 Apr 2021 15:48:51 GMT
via: 1.1 varnish
server: nginx
x-timer: S1618588131.177915,VS0,VE67
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11576-HHN

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:51 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e108d097-6e57-45fe-ae30-e908027a76de
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 239

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame E206 43 B
2 KB 26ms
22ms Image
image/gif 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=42&3pid=677568c6-7d8f-4d16-9de1-f9bb9e0b207a-tuct7733760&us_privacy=&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:51 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2 200 rtset
bh.contextweb.com/bh/ Frame E206 49 B
333 B 103ms
99ms Image
image/gif 198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=553204&ev=677568c6-7d8f-4d16-9de1-f9bb9e0b207a-tuct7733760

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-7c488d4f5b-gxw7t
expires: -1

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame E206 43 B
697 B 102ms
28ms Image
image/gif 185.86.138.143
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=107&partneruserid=677568c6-7d8f-4d16-9de1-f9bb9e0b207a-tuct7733760&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.143 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:50 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H2 204 put
e1.emxdgt.com/ Frame E206 0
59 B 152ms
29ms Image
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d41&uid=677568c6-7d8f-4d16-9de1-f9bb9e0b207a-tuct7733760
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:50 GMT
content-length: 0
content-type: text/html

GET
H2

200

/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame E206
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=36619118-3ae4-4ce9-a72a-39cf12fd7891

0
227 B

25ms
21ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=36619118-3ae4-4ce9-a72a-39cf12fd7891
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.22.181:10213
date: Fri, 16 Apr 2021 15:48:51 GMT
server: nginx
x-fastly-to-nlb-rtt: 4088

Redirect headers

pragma: no-cache
x-errorlevel: 0
date: Fri, 16 Apr 2021 15:48:50 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=36619118-3ae4-4ce9-a72a-39cf12fd7891
cache-control: no-cache
server-processing-duration-in-ticks: 3185
content-type: text/html; charset=utf-8
content-length: 222
expires: Fri, 16 Apr 2021 00:00:00 GMT

GET

get2
uipglob.semasio.net/id5/1/ Frame E206
Redirect Chain

https://id5-sync.com/s/464/9.gif?puid=677568c6-7d8f-4d16-9de1-f9bb9e0b207a-tuct7733760&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D...
https://id5-sync.com/c/464/464/7/1.gif?puid=677568c6-7d8f-4d16-9de1-f9bb9e0b207a-tuct7733760&gdpr=1&gdpr_consent=
https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-ZHMOGDiJb7Xnh0lcnv60KakHBGSfylb9hUxbajxn6g&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F464%2F124%2F6%2F2.gif%3Fpuid%3D...
https://id5-sync.com/cq/464/124/6/2.gif?puid=3ae97653-8e89-4a47-8e48-4ed55d65e5a2&gdpr=1&gdpr_consent=&gdpr=1&gdpr_consent=
https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9MyZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY
https://cookie-matching.mediarithmics.com/v1/get_or_create?sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9MyZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&domid=1033
https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9MyZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domi...
https://cookie-matching.mediarithmics.com/input?key=GOO&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9MyZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=103...
https://ib.adnxs.com/getuid?https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=$UID&opid=apx&ops=&utidl=tech:goo:CAESEIPmF2fbibNpo6SYfWnUnUc&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0Rv...
https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=8439287491051979253&opid=apx&ops=&utidl=tech:goo:CAESEIPmF2fbibNpo6SYfWnUnUc&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9MyZpbml0a...
https://id5-sync.com/qp/18.gif?puid=vec%3A16948312096&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9MyZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY
https://sync.crwdcntrl.net/map/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/464/19/4/4.gif?puid=${profile_id}&gdpr=1&gdpr_consent=
https://sync.crwdcntrl.net/map/ct=y/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/464/19/4/4.gif?puid=${profile_id}&gdpr=1&gdpr_consent=
https://id5-sync.com/c/464/19/4/4.gif?puid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent=
https://ads.creative-serving.com/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F101%2F3%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D
https://ads.creative-serving.com/ul_cb/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F101%2F3%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D
https://id5-sync.com/c/464/101/3/5.gif?puid=10b08820-2ebf-42f5-a303-105abc39eaf0&gdpr=1&gdpr_consent=
https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F108%2F2%2F6.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_con...
https://id5-sync.com/c/464/108/2/6.gif?puid=3e0dbed1-9ecb-11eb-87f4-ba2ad3941b03&gdpr=1&gdpr_consent=
https://uipglob.semasio.net/id5/1/get?gdpr=1&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F1%2F7.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3D
https://uipglob.semasio.net/id5/1/get2?gdpr=1&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F1%2F7.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3D

0
0

GET
H2

204

rtb-h
sync.taboola.com/sg/appierrtb-network/1/ Frame E206
Redirect Chain

https://s.c.appier.net/taboola
https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=GfBIiKp9BAO83JcP5LF5YA

0
218 B

21ms
20ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=GfBIiKp9BAO83JcP5LF5YA
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.40.0.199:10213
date: Fri, 16 Apr 2021 15:48:52 GMT
server: nginx
x-fastly-to-nlb-rtt: 10208

Redirect headers

location: https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=GfBIiKp9BAO83JcP5LF5YA
date: Fri, 16 Apr 2021 15:48:52 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 110
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame E206 35 B
380 B 859ms
97ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-ServerName: Track001-dc3
Pragma: no-cache
Date: Fri, 16 Apr 2021 15:47:55 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H2

200

rtb-h
sync-t1.taboola.com/sg/bidswitch-network/1/ Frame E206
Redirect Chain

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=
https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=taboola&bsw_custom_parameter=9c824525-18ac-4214-896c-dcf67559b021
https://x.bidswitch.net/sync?dsp_id=257&user_id=mkb1548e5c-56f1-4703-882a-4fce15c23aa0&expires=7&user_group=5&ssp=taboola&bsw_param=9c824525-18ac-4214-896c-dcf67559b021
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=9c824525-18ac-4214-896c-dcf67559b021

0
226 B

21ms
20ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=9c824525-18ac-4214-896c-dcf67559b021
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.40.0.195:10213
date: Fri, 16 Apr 2021 15:48:51 GMT
server: nginx
x-fastly-to-nlb-rtt: 4052

Redirect headers

location: //sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=9c824525-18ac-4214-896c-dcf67559b021
date: Fri, 16 Apr 2021 15:48:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 56D8 38 KB
14 KB 29ms
28ms Document
text/html 184.30.24.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://likevertising.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KCCH=YES; KTPCACOOKIE=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://likevertising.com/

Response headers

Last-Modified: Wed, 14 Apr 2021 09:18:30 GMT
ETag: "13006b6-98c2-5bfeb3aef82b4"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14060
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=132005
Expires: Sun, 18 Apr 2021 04:28:56 GMT
Date: Fri, 16 Apr 2021 15:48:51 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 72A2 52 KB
17 KB 114ms
28ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://likevertising.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=8439287491051979253
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://likevertising.com/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Sat, 17 Apr 2021 04:57:33 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 16 Apr 2021 15:48:51 GMT
Age: 39079
X-Served-By: cache-lga13625-LGA, cache-fra19144-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 333046
X-Timer: S1618588131.255128,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 3E83 52 KB
17 KB 133ms
28ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://likevertising.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=8439287491051979253
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://likevertising.com/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Sat, 17 Apr 2021 04:57:33 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 16 Apr 2021 15:48:51 GMT
Age: 39079
X-Served-By: cache-lga13625-LGA, cache-fra19153-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 339769
X-Timer: S1618588131.284831,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 8A52 38 KB
14 KB 27ms
27ms Document
text/html 184.30.24.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://likevertising.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KCCH=YES; KTPCACOOKIE=YES; SyncRTB3=1619740800%3A220; ipc=156400^^1^0; chkChromeAb67Sec=1; KADUSERCOOKIE=E4FB8C2F-7EDC-4657-88AE-99712F753022
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://likevertising.com/

Response headers

Last-Modified: Wed, 14 Apr 2021 09:18:30 GMT
ETag: "13006b6-98c2-5bfeb3aef82b4"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14060
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=132005
Expires: Sun, 18 Apr 2021 04:28:56 GMT
Date: Fri, 16 Apr 2021 15:48:51 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 72A2 0
755 B 21ms
21ms Script
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:51 GMT
X-Proxy-Origin: 185.210.217.100; 185.210.217.100; 824.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.70:80
AN-X-Request-Uuid: 474b1468-7376-474a-aa18-c33c24ad22fd
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 3E83 0
749 B 34ms
33ms Script
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:51 GMT
X-Proxy-Origin: 185.210.217.100; 185.210.217.100; 824.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.146:80
AN-X-Request-Uuid: a026a2b1-3407-43fc-9111-c21988f928a5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame BC43
Redirect Chain

https://sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=f431c12e-7b1d-4c2d-9b71-f1200d175dfd-tuct7733763

170 B
188 B

45ms
43ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=f431c12e-7b1d-4c2d-9b71-f1200d175dfd-tuct7733763

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=f431c12e-7b1d-4c2d-9b71-f1200d175dfd-tuct7733763
tbl-x-upstream: 10.41.34.64:10213
date: Fri, 16 Apr 2021 15:48:51 GMT
server: nginx
x-fastly-to-nlb-rtt: 4212

GET
H2

204

rtb-h
sync.taboola.com/sg/appierrtb-network/1/ Frame BC43
Redirect Chain

https://s.c.appier.net/taboola
https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=KX1oLaR9D86fR8tM5LF5YA

0
219 B

21ms
21ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=KX1oLaR9D86fR8tM5LF5YA
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.40.0.175:10213
date: Fri, 16 Apr 2021 15:48:52 GMT
server: nginx
x-fastly-to-nlb-rtt: 10208

Redirect headers

location: https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=KX1oLaR9D86fR8tM5LF5YA
date: Fri, 16 Apr 2021 15:48:52 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 110
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame BC43 35 B
380 B 489ms
105ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210414-6-RELEASE.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-ServerName: Track004-dc3
Pragma: no-cache
Date: Fri, 16 Apr 2021 15:47:55 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H2

200

rtb-h
match.taboola.com/sg/mediaforcebidder-network/1/ Frame BC43
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=taboola
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&tbid=f431c12e-7b1d-4c2d-9b71-f1200d175dfd-tuct7733763&query=taboola_hm%3D14c79c3d-4663-...

0
52 B

34ms
34ms

Image
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&tbid=f431c12e-7b1d-4c2d-9b71-f1200d175dfd-tuct7733763&query=taboola_hm%3D14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&isDirect=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:51 GMT
via: 1.1 varnish
server: nginx
x-timer: S1618588132.776876,VS0,VE9
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11576-HHN

Redirect headers

location: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&tbid=f431c12e-7b1d-4c2d-9b71-f1200d175dfd-tuct7733763&query=taboola_hm%3D14c79c3d-4663-4d79-bf2e-5d1d7ff595d0&isDirect=0
tbl-x-upstream: 10.40.0.195:10213
date: Fri, 16 Apr 2021 15:48:51 GMT
server: nginx
x-fastly-to-nlb-rtt: 4163

GET
H2 200 sd
u.openx.net/w/1.0/ Frame BC43 43 B
106 B 34ms
29ms Image
image/gif 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/sd?id=543998486&val=b176f678-dbbb-4757-a026-7ac90ec11a86-tuct7733761&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.205.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:51 GMT
via: 1.1 google
server: OXGW/16.205.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame BC43 0
239 B 36ms
32ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=16698
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

GET
H2

204

/
sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/ Frame BC43
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fsync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc
https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=jrNNouYtWRbg&ev=1&orig=trc&pid=562107

0
218 B

20ms
19ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=jrNNouYtWRbg&ev=1&orig=trc&pid=562107
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.34.201:10213
date: Fri, 16 Apr 2021 15:48:51 GMT
server: nginx
x-fastly-to-nlb-rtt: 6004

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=jrNNouYtWRbg&ev=1&orig=trc&pid=562107
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-7c488d4f5b-gxw7t
expires: -1

GET
H2

200

/
sync.taboola.com/sg/appnexus-network/1/rtb-h/ Frame BC43
Redirect Chain

https://ib.adnxs.com/getuidnb?https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc
https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8439287491051979253&orig=trc

0
227 B

23ms
19ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8439287491051979253&orig=trc
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.14.127:10213
date: Fri, 16 Apr 2021 15:48:51 GMT
server: nginx
x-fastly-to-nlb-rtt: 4163

Redirect headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:51 GMT
X-Proxy-Origin: 185.210.217.100; 185.210.217.100; 824.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.51:80
AN-X-Request-Uuid: 52e318e6-585d-44cb-824e-abf2e8b2071f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8439287491051979253&orig=trc
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame BC43
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEEROkTe30F8xKQPl8mVNZU8&google_cver=1

0
55 B

95ms
91ms

Image
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEEROkTe30F8xKQPl8mVNZU8&google_cver=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 68
date: Fri, 16 Apr 2021 15:48:51 GMT
via: 1.1 varnish
server: nginx
x-timer: S1618588132.760435,VS0,VE68
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11576-HHN

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:51 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEEROkTe30F8xKQPl8mVNZU8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 304
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

ImgSync
image8.pubmatic.com/AdServer/ Frame BC43
Redirect Chain

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=b176f678-dbbb-4757-a026-7ac90ec11a86-tuct7733761:$UID
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
507 B

30ms
29ms

Image
text/plain

185.64.190.79
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:51 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Fri, 16 Apr 2021 15:48:51 GMT
X-lat: lhrpug004:0:599
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Connection: keep-alive

GET
H2

200

/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame BC43
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e108d097-6e57-45fe-ae30-e908027a76de

0
55 B

91ms
90ms

Image
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e108d097-6e57-45fe-ae30-e908027a76de
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 67
date: Fri, 16 Apr 2021 15:48:51 GMT
via: 1.1 varnish
server: nginx
x-timer: S1618588132.760794,VS0,VE67
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11576-HHN

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:51 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e108d097-6e57-45fe-ae30-e908027a76de
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 239

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame BC43 43 B
3 KB 26ms
23ms Image
image/gif 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=42&3pid=b176f678-dbbb-4757-a026-7ac90ec11a86-tuct7733761&us_privacy=&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:51 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2 200 rtset
bh.contextweb.com/bh/ Frame BC43 49 B
333 B 104ms
100ms Image
image/gif 198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=553204&ev=b176f678-dbbb-4757-a026-7ac90ec11a86-tuct7733761

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-7c488d4f5b-gxw7t
expires: -1

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame BC43 43 B
438 B 251ms
248ms Image
image/gif 185.86.138.143
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=107&partneruserid=b176f678-dbbb-4757-a026-7ac90ec11a86-tuct7733761&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.143 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:51 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H2 204 put
e1.emxdgt.com/ Frame BC43 0
22 B 27ms
24ms Image
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d41&uid=b176f678-dbbb-4757-a026-7ac90ec11a86-tuct7733761
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 15:48:50 GMT
content-length: 0
content-type: text/html

GET
H2

200

/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame BC43
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=36619118-3ae4-4ce9-a72a-39cf12fd7891

0
227 B

23ms
20ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=36619118-3ae4-4ce9-a72a-39cf12fd7891
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.34.201:10213
date: Fri, 16 Apr 2021 15:48:51 GMT
server: nginx
x-fastly-to-nlb-rtt: 4163

Redirect headers

pragma: no-cache
x-errorlevel: 0
date: Fri, 16 Apr 2021 15:48:51 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=36619118-3ae4-4ce9-a72a-39cf12fd7891
cache-control: no-cache
server-processing-duration-in-ticks: 3057
content-type: text/html; charset=utf-8
content-length: 222
expires: Fri, 16 Apr 2021 00:00:00 GMT

GET
H/1.1

200

6.gif
id5-sync.com/c/464/112/2/ Frame BC43
Redirect Chain

https://id5-sync.com/s/464/9.gif?puid=b176f678-dbbb-4757-a026-7ac90ec11a86-tuct7733761&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D...
https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9NiZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY
https://id5-sync.com/qp/18.gif?puid=vec%3A16948312096&sd=Y2FzY2FkZXNSZW1haW5pbmc9NiZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY
https://sync.crwdcntrl.net/map/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/464/19/5/3.gif?puid=${profile_id}&gdpr=1&gdpr_consent=
https://id5-sync.com/c/464/19/5/3.gif?puid=4be481a3228f16bbdf45ccb29d12e18&gdpr=1&gdpr_consent=
https://ads.creative-serving.com/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F101%2F4%2F4.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D
https://id5-sync.com/c/464/101/4/4.gif?puid=2200887c-a04f-4955-9e74-48a0a2b18a57&gdpr=1&gdpr_consent=
https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F108%2F3%2F5.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_con...
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F108%2F3%2F5.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gd...
https://id5-sync.com/c/464/108/3/5.gif?puid=3e0dbed1-9ecb-11eb-87f4-ba2ad3941b03&gdpr=1&gdpr_consent=
https://uipglob.semasio.net/id5/1/get?gdpr=1&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F2%2F6.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3D
https://uipglob.semasio.net/id5/1/get2?gdpr=1&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F2%2F6.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3D
https://id5-sync.com/c/464/112/2/6.gif?puid=688DBAFC0A814C2A&gdpr=1&gdpr_consent=

43 B
1 KB

23ms
22ms

Image
image/gif

54.36.109.155
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/c/464/112/2/6.gif?puid=688DBAFC0A814C2A&gdpr=1&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.36.109.155 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:50 GMT
Transfer-Encoding: chunked
Content-Type: image/gif;charset=UTF-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

Redirect headers

pragma: no-cache
date: Fri, 16 Apr 2021 15:48:50 GMT
frontend-id: 6
location: https://id5-sync.com/c/464/112/2/6.gif?puid=688DBAFC0A814C2A&gdpr=1&gdpr_consent=
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2

200

rtb-h
sync-t1.taboola.com/sg/bidswitch-network/1/ Frame BC43
Redirect Chain

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=taboola
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=taboola
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=d5dad668-161c-4b6d-8c82-f0b2b189ac83&ssp=taboola
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=9c824525-18ac-4214-896c-dcf67559b021

0
227 B

22ms
21ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=9c824525-18ac-4214-896c-dcf67559b021
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.22.84:10213
date: Fri, 16 Apr 2021 15:48:51 GMT
server: nginx
x-fastly-to-nlb-rtt: 11104

Redirect headers

location: //sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=9c824525-18ac-4214-896c-dcf67559b021
date: Fri, 16 Apr 2021 15:48:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 72A2 0
748 B 24ms
24ms Script
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:52 GMT
X-Proxy-Origin: 185.210.217.100; 185.210.217.100; 824.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.90:80
AN-X-Request-Uuid: 05164e81-1449-46c4-a42c-979347b3ab96
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 3E83 0
749 B 21ms
19ms Script
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Apr 2021 15:48:52 GMT
X-Proxy-Origin: 185.210.217.100; 185.210.217.100; 824.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.148:80
AN-X-Request-Uuid: 52d58852-d205-45c3-8d8a-0270ca76dd9a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 5938 38 KB
14 KB 30ms
28ms Document
text/html 184.30.24.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: SyncRTB3=1619740800%3A220; KADUSERCOOKIE=E4FB8C2F-7EDC-4657-88AE-99712F753022; PugT=1618588131; PUBMDCID=3; KRTBCOOKIE_1235=23226-b176f678-dbbb-4757-a026-7ac90ec11a86-tuct7733761:$UID; chkChromeAb67Sec=2; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Last-Modified: Wed, 14 Apr 2021 09:18:30 GMT
ETag: "13006b6-98c2-5bfeb3aef82b4"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14060
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=132004
Expires: Sun, 18 Apr 2021 04:28:56 GMT
Date: Fri, 16 Apr 2021 15:48:52 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 5938 0
75 B 27ms
26ms Script
text/plain 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=19196939&p=137711&s=137812&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=&sec=1&async=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Apr 2021 15:48:51 GMT
Content-Length: 0

POST
H2 200 metrics
connect-metrics-collector.s-onetag.com/ 0
73 B 92ms
30ms Ping
text/plain 99.83.181.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://connect-metrics-collector.s-onetag.com/metrics
Requested by: Host: get.s-onetag.com
URL: https://get.s-onetag.com/de8d3c3f-602a-4921-94f6-6c06fb8d9728/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.181.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 16 Apr 2021 15:48:54 GMT
content-length: 0
vary: Origin

POST
H2 200 metrics
signal-metrics-collector-beta.s-onetag.com/ 0
72 B 32ms
30ms Ping
text/plain 99.83.181.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://signal-metrics-collector-beta.s-onetag.com/metrics
Requested by: Host: signal-beacon.s-onetag.com
URL: https://signal-beacon.s-onetag.com/beacon.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.181.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.themoscowtimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 16 Apr 2021 15:48:54 GMT
content-length: 0
vary: Origin

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: um.wbtrk.net
URL: https://um.wbtrk.net/doubleclick/user/match?google_gid=CAESEObv_UTHGfNi3EYNuZjgXGc&google_cver=1&google_push=AQvitULjZvGWGgejr4enD5pz-aoSJ3pJ01lAlLPkJKCEPvWxxHc1VJQ0fN7R0tNt6nK8-IVT0X4vznWwJsz18brrD3G7Kd5CT0Ugiw

Domain: uipglob.semasio.net
URL: https://uipglob.semasio.net/id5/1/get2?gdpr=1&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F1%2F7.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3D

Verdicts & Comments Add Verdict or Comment

87 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.themoscowtimes.com/	1970-01-19 17:36:28	Name: _dc_gtm_UA-4186815-1 Value: 1
.themoscowtimes.com/	1970-01-19 17:37:54	Name: _gid Value: GA1.2.522753629.1618588124
.themoscowtimes.com/	1970-01-20 11:07:40	Name: _ga Value: GA1.2.1288556040.1618588124
www.themoscowtimes.com/	1970-01-20 03:05:16	Name: _cb Value: LdUkWBTBqJjDRymda
www.themoscowtimes.com/	1970-01-20 03:05:16	Name: _chartbeat2 Value: .1618588123725.1618588123725.1.D1i2Gc_m_k9BWTrPeBa8QAuDi7DG.1
www.themoscowtimes.com/	1970-01-20 03:05:16	Name: _cb_ls Value: 1
www.themoscowtimes.com/	1970-01-19 17:36:29	Name: _cb_svref Value: null
.themoscowtimes.com/	1970-01-19 19:46:04	Name: _fbp Value: fb.1.1618588123934.244781065
.themoscowtimes.com/	1970-01-19 17:36:31	Name: AMP_TOKEN Value: %24NOT_FOUND
www.themoscowtimes.com/2019/11/01	1969-12-31 23:59:59	Name: loglevel Value: ERROR

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	log	URL: https://likevertising.com/t.js?i=ozq8lklz3e1znpqig3c&cb=3407401618588125274(Line 30) Message: %c [object HTMLImageElement]
console-api	log	URL: https://likevertising.com/t.js?i=b2q9ssvr0rctu7elxrne&cb=1823481618588125269(Line 30) Message: %c [object HTMLImageElement]
console-api	log	URL: https://likevertising.com/usersync?i=ozq8lklz3e1znpqig3c&a=87a35e76bc314113496756222bdcb5fa5&cb=6581331618588125765(Line 6) Message: element .item-label-href arrived

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

368dc34c4e2602c35f583ea099c55052.safeframe.googlesyndication.com
4b3792369a32772b0b36ee36718ebde0.safeframe.googlesyndication.com
a.sportradarserving.com
a.tribalfusion.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ad.turn.com
ads.creative-serving.com
ads.projectagoraservices.com
ads.pubmatic.com
adservice.google.be
adservice.google.com
adservice.google.de
ampcid.google.com
ampcid.google.de
aorta.clickagy.com
ap.lijit.com
b1sync.zemanta.com
bcp.crwdcntrl.net
bh.contextweb.com
bidder.criteo.com
bisdr.vidazoo.com
bttrack.com
c1.adform.net
cdn-adtrue.com
cdn.adtrue.com
cdn.onesignal.com
cdn.syndication.twimg.com
cdn.taboola.com
ce.lijit.com
chimpstatic.com
cm.g.doubleclick.net
cms.vidazoo.com
code.jquery.com
connect-metrics-collector.s-onetag.com
connect.facebook.net
contextual.media.net
cookie-matching.mediarithmics.com
creativecdn.com
cs.emxdgt.com
d.turn.com
data.adsrvr.org
dis.criteo.com
dsp.adfarm1.adition.com
e1.emxdgt.com
eb2.3lift.com
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
eu-u.openx.net
event.clientgear.com
exchange.adtrue.com
f92e0aa84b7f849c71e9c61f0fa3cfee.safeframe.googlesyndication.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
get.s-onetag.com
googleads.g.doubleclick.net
gslbeacon.lijit.com
gum.criteo.com
hb.adpone.com
hbopenbid.pubmatic.com
ib.adnxs.com
id5-sync.com
image2.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
images-c.taboola.com
images.taboola.com
inventory.vidazoo.com
likevertising.com
mab.chartbeat.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.taboola.com
onetag-geo-grouping.s-onetag.com
onetag-geo.s-onetag.com
p.rfihub.com
pagead2.googlesyndication.com
pbs.twimg.com
ping.chartbeat.net
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
pl.vidazoo.com
platform.twitter.com
pr-bh.ybp.yahoo.com
prg.smartadserver.com
projectagora-483829-hdb.adomik.com
projectagora.net
projectagoralibs.com
ps.eyeota.net
pxdrop.lijit.com
r.turn.com
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.mfadsrvr.com
s.c.appier.net
s.tribalfusion.com
secure.adnxs.com
securepubads.g.doubleclick.net
servergen.vidazoo.com
signal-beacon.s-onetag.com
signal-metrics-collector-beta.s-onetag.com
simage2.pubmatic.com
ssum-sec.casalemedia.com
static.chartbeat.com
static.criteo.net
static.themoscowtimes.com
static.vidazoo.com
stats.g.doubleclick.net
sync-t1.taboola.com
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.taboola.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
syndication.twitter.com
tg.socdm.com
tpc.googlesyndication.com
trc.taboola.com
u.openx.net
uipglob.semasio.net
um.simpli.fi
um.wbtrk.net
ums.acuityplatform.com
us-u.openx.net
use.fontawesome.com
vap4ams1.lijit.com
video.twimg.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.themoscowtimes.com
www.who.int
x.bidswitch.net
uipglob.semasio.net
um.wbtrk.net
104.108.144.24
104.111.233.227
104.244.42.72
124.146.215.51
13.33.139.101
13.33.139.117
13.33.139.84
139.162.84.221
141.226.228.48
142.250.74.194
143.204.90.104
143.204.90.117
150.136.25.38
151.101.114.49
151.101.13.108
151.101.13.44
154.59.122.79
157.230.182.221
169.197.150.7
169.50.137.190
178.250.0.163
178.250.0.165
18.158.22.14
18.193.144.52
18.195.155.181
184.30.17.156
184.30.24.198
184.30.24.241
185.184.8.30
185.29.135.226
185.33.221.88
185.33.223.178
185.64.189.110
185.64.189.112
185.64.190.78
185.64.190.79
185.64.190.80
185.86.138.143
185.86.138.16
192.132.33.46
193.0.160.129
198.148.27.139
199.232.137.44
2001:4de0:ac18::1:a:2a
2001:678:cb4:bbbb::11
213.19.147.151
213.19.162.41
216.52.2.19
216.58.212.130
23.111.9.35
2600:1480:3000:e5::
2600:9000:2021:aa00:18:1fcd:34e:d2a1
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:233:1ab3:789:1032:20e3:21
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700:10::6816:3181
2606:4700:20::681a:b19
2606:4700:3032::ac43:9028
2606:4700::6811:71bc
2606:4700::6812:d05
2606:4700::6812:e234
2606:4700:e0::ac40:6f08
2606:4700:e6::ac40:ce03
2620:116:800d:21:f916:5049:f87f:108e
2a00:1288:110:c305::8000
2a00:1450:4001:800::2001
2a00:1450:4001:800::2002
2a00:1450:4001:801::2001
2a00:1450:4001:802::2003
2a00:1450:4001:802::200e
2a00:1450:4001:803::200e
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2001
2a00:1450:4001:810::2002
2a00:1450:4001:810::200e
2a00:1450:4001:813::2004
2a00:1450:4001:813::200e
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:828::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2008
2a00:1450:400c:c0d::9a
2a00:1450:400d:808::2002
2a02:2638:1::3
2a02:2638::1c
2a02:26f0:6c00::210:ba12
2a02:26f0:6c00::210:ba19
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:3::714
3.120.52.49
3.123.96.39
3.124.165.65
3.222.149.159
34.207.42.216
34.226.165.133
34.253.11.193
34.98.64.218
35.227.248.159
37.157.2.239
46.228.164.11
46.228.164.13
47.252.78.131
51.75.15.106
52.18.90.176
52.21.173.249
52.210.215.45
52.37.176.195
52.51.154.44
52.57.150.20
52.95.118.60
54.171.173.220
54.175.245.12
54.226.160.243
54.243.166.109
54.36.109.155
54.93.115.47
64.202.112.63
66.155.71.149
69.16.175.42
69.173.144.138
70.42.32.159
77.243.60.138
8.43.72.97
85.114.159.93
95.215.189.11
95.215.189.12
99.83.181.31
006b08251b456d4a65d0b2793ec71cc23e12d5e6dad4df5341fdff17823ed5be
010f48523b8a9f1fb0f56721e6177fdbfcfc7bbd4e117ad2180d1c73f8c9d113
045c245562a1fb9cb5406707572169842f07eea7e77dce8b685278032bfe881c
04b24cc75d726600ecd77219c27bcba8a1e4d100c3dd411a2ea30e0167b414ee
054a80ae5dfa9d7ebbb86365e934451ce8624cd21de69ec8904763d7220e43d6
05e364a9bf80ba03a10b6e316484199e8bedb1432571e2b6d188f2a228e0dbd1
06e73cdd74774a1d60c2570e0df7ee94b53077d478b1a0aad86ac5ad04f4e0af
09be9cbb415140e78ac6b11f26a83d9b4aeabc54995b11f04eac9b248ff312df
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d41122e7848598a9f63ea742c7b68e796091751e86e98abc2677fdb3fbe04f5
0d6c2837f525e0bb49bcb02b858bfedbb6c1dd97a6f561949e0ad430f33bafa9
0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f2a9e15643ba8fc8e43b9fe5ff841e47d2feadf6275ef6213466ba0364c8939
10660ee84ee065feea8c8889eaef630fcbd87f2959c8d8891760d87a56ce75e0
1152be785978aa809034ab61de86ce4d03c5a301c95e96995e336d2462832a10
13153e36a53d7264221ffd2ca59337b9f965434daa4ce357e765b7a9ba3ef66a
13649e86c57b7a7d0c4c09829cd7d0f712150630f8269cae779e50cd6e650b90
144bf8fa1ed44cf8536d60c5ff4a34d5482161a976b3b100663b6a165f27beec
149e3210759592a2b5e193db3b86614cb476c8a7f166d7aac16356534e0587fa
166e29274933338b6c358a2193b1d0a48717eff6a9709d349c3b5a15dd639dfd
16c2aed31243c793c22d6be005e51be8bd7fde767b0631f28e8fe93d21e93509
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19134276a40d0a715959e6ef1d34e8d4dd7499b7ce09b00b42624939a87b9473
19d369fff4dc6ddd8e43c287f018fbf87cd4ae2f987080df89dea5967f2838f6
1b74fc3666be448b57191d1b21d896316748bd0b311eb01e344f2f90d8237954
1c4895c3e647ff3d46841bf79ddefb5787a98c4a88bb396451244df82363793e
1c4c5f95ac39592247ba98f6be4c5124d948da7e1ec8210c0e26ec1ad0b9c87f
1cfee043979f75654901789b9c10ded17e85982acd6a66e21614c36949d85fc6
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
206bf243e0b1ba7ef7435675de712d76c920dc8b2f1c6799f1ba89d2986e2e20
21684099693050fe6fecb937bb35c94dac2dc990158ed38a53d44ae28fd9c6e8
221cfa2c28e19dfc3e5f702869367ff858ef501c3972709c752a11b34989d842
226215b1b2658cf385937e2935524a1a926c0f8ca7ff6ce21b09ef7f3de61f20
2278b4952dfb077203cf3b42c4d3a4057e43d959969fdeffedd82e543a5b65ae
231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd
23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e
233da459a004b049e5403a8a857e8d53937ceb746a89875dd075e515ca55b1f5
234d48220a4763b35e1ad644dba7c68f5119ce179153535f60a20297f3558caa
236ddfb4c7ba17cb430dd68df496bb75143ccfc0a178367056b35605ef0160a0
240c0dd6c0dc6775702a4c436f4e1db94c533e7e83ce346fd93bf26b7d2f56df
247bece669e3e2f136a5a39bcb2c47fc5480ad81164d8f7a145cbedae920a7f9
269eb85c158413a8e1c036fc2f3aa2360f35cdc4999234028be80b94e9ec2389
26b4e73ffd535f79b0a83d7f845e10a5f90848743309f0dfa61f214bf4cb0410
27a34e3514a9d0a24a38f75208de7b604b41505a01131eaf64f30a765316e6b7
29e81df2e6a12f9a88533c12d164d616714579f8e1b9f059dba1e9f5c56a8ead
2b52ae5fc0ef99c0ce9dc4519a087cb73bc2796771f4dd94c8dcd66ca737ba2f
2f62d3d501253ce1e1747329d53ce4a7f75b6eb368e12a5bfe261b5f35aa1f09
30c373979a20335662f1e5ee46de18248ab5bbf8df28351ec7567857e2c0de95
31e420b79e7760a7860ed2fb595c4f11b498559791571fed7eb22be20c7fa5e3
32da83762f5b3767f23a6760d121590fc7eb9f3ec8027ea7dd00d21d2f1fe7b0
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
3404f491fdeedb4a0be2540d9e5e7d51404da2c6192c1679913f8d173072506f
391a7bcc289c1f27081705dad73d67abf9d809c5acb1be3fd53695c629c2f659
3b2738076279a02dfda00b02f8ee435e9cebb77b535a6b9dfe21b5523a5cde08
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ec378895b33fd06fb988301a6e1611cce6662f90f9e0f10b8682dacafbc7a91
3fd54b4388f4d46c57f1ea0452307f0b54841d4e3ca1320a0408da973765acdc
435fce0c565a910b4c89789482dbd05452bd867bf5a497a253b4d74f65cc8793
43bda1428a5263bac1077be4600446811177d2517529640d7cf560363d67a629
43fec5b24303c81dfde89f375b2e3fe133801987af0dc8c9dffefbf293708d94
47465b002b7907cbc9b8f4ac7a52c173ff4b3eca3e3ec3536b6122d512aae50a
475700259e64d480d1a70023e14741bb298a025e338bb608552e2472d4505a65
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
49f1a2c2a58efaebd1f9e0143e9cb03766cb05b386a36e330e4684dc35ee1401
4d5e8667edc2c8b5f448fdd68f3305b070e34b7ef53bd3c2ae60c5c0d4d6985b
4db939cb249bb33bd5237ca03db7ea12e346b4fd1d2a88b63db040a03b40bde6
4dd894d760ed3ea63feaff1bb0ce045df654338d73cd22664d1007441117b3ff
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
501ed6f37588ea4083347c8c1b9fd9bfbc560f8f9977aa2847749e0977063f6c
50e0396cf1a13445d813fff90d50fc912e259aecd3dd0715436473e5e70fe532
51d2ca3e2554c558c0638095a604a4a3cdc1a914ca9a5f0ace149245b76804c3
52240fd3f8a38102f34a3615b3b4d3349e200ae56de1535e93bfcd5897b81290
52b5333331d3d0a43ed43e779f2885d37d0ac62af22b15988a4fda90bee8a6ca
52c562fcfd70fadc11dd311842104c77fe483a09f613c4413cf26c9be4cae81d
52d25c4237f98a7d62122bd3b2283327fee2a92c74890c93947a79be363523c0
53bfa8917121f9afec4c3c0a3ff270c81a8d90116c720adc7dcbfc9c7fc497ae
53d3b513684b230591b0203df937048eb52f4e03e470ecf1ac2bf2477476da70
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
56074b01ddd34894d1228a2da710440444bb3d37f66523af25ae3bdb0f7fd55d
589512bb483d4e5cf52a2c41ddc93cbfd4cedc5049f695a500b0cf0594f40a55
5a0918d3ae6fcc311deeeb0b5a6f56f0ba635c5c5cd54d3a96515d06b21c18df
5b694c3a5374a00e2825acd4d93b1cfbc8202c7d833ce8e4686718dabf1b1c83
5c1c30811521e2a8e3f1f66d6e550b2d48a250cd11b81223180c9b3fb2f29c3b
5cf118e6f30d488d438172ad5d9b103700dfef7681c1dc405674d21d295d3d37
5d9190292acdd48ba0fc35080f7e7448f3cdf0d79199a4d23f0f49b5341fdf29
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
6088012dda2274a27fa40ed153d9e3a6c96a22af1b177f8a2916368eb3e88bb0
612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235
67f7af60a47f69ba625ec318b5865d6d9ba65ffa9294acddc2b1091ab64a9723
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ae86cd94a73128274286ed932f05602f19ee7ad9d1af92d4a3b58f9774a9bfc
6eecd264fecac0f3baa1c6514ba5c2b44557158f352515de6e803656ed979948
6f6c910971dd5b42c99835ff5e3d6dcdba3eb9735368bfbefdeeab88c45d5abc
6fe77418e833f1ddfcf701ba7b6ebbd24efd2e93bce56065e0f1e711b1d829f8
708b3c51b04e3743f0b3495d8435b8b2c4fffd49a9d4efeb0cdfbe6b1113c4ff
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f
75bda79381d0f3e8fef483deb525dbbb64997a751a33e3901f3e62bc555501df
76d293cad87de584b5105472b9672fb1460dcf35f82079e274e44a47860bf700
77a53736739b915cf6bfa2a4f93c7f56d76fd59b66a5a430de546e25c1d88189
789a93f4315357995e96053e32ee793d6b12f592fad617bb04f795c750f0c3bf
7b95428478853497b174deac5c6435723f377c236d067f621d3c14ce3200d2d8
7cfcec57fec243f2ce36a29c4b5c0bd8398516274104bfaea61ea815371ae4f0
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7
815b535e0883ba9b247dc7f4c38b1c191ec799fa44b587d86126a5722405da36
816e1fea1ea61c26a50a428fe90311d1adecccfef1476c3b576fd849c3090d3a
81c6252fcdefa91de8fe4774beb814434f984e06563ffe512fc9ee24b75c4afc
82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85a38b47afff1513e6700d9b09bc952dc7579b48e06edf7da60485b8e48e0072
86fcf33dad06e2c94c8b6d0800075eeb09a286c01837329da371da7d859dabf8
876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84
88faf43a729635ca3952b53a6cb08a748335a3beee4cd49b860d799205dac5d9
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
92b6bddd3c046df7bafcae95b7d8a813a46718276ef34e14459560246b4394bc
94f5cda81f68f1844062663655ea584aafcb3e86e5eb6c668220b9d1ed32e39c
95f66b0fd918f7a6d36f22a9ac49210439d74085bf0fedd1dec6061918f20c1c
982f686f07949acdf888adbb3f7dc03c5e7f7f872050e26fd63b829558fcfab9
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b4dbcd16c1aa3c0409a55b05b6689099bd86ab707df2a1e0e87186ef089b11d
9ddca568ff519cd935a816baec6f7bfce459656ec5022ec2ba6a6225891022eb
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d03fcb6ba9620bad7d15b2753634da75f5f0f05880214fce8eef58b7e4832f
a0fe88833f7306616a5f72ff0154acdbfb001af239a392e50674a257a50135c1
a21374a3f8e02566ede77b6371937fcf2869587e01b38389552193a4ff9ef56c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ac0271c0baa09b72774a933539b0a0c6dc0497a2ccc9ff2f7a045b4ee0222316
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ac88c195fc33160b67275394bee5ed2f27424a1b4ef898b9b32481d1ba0e032f
ad0042f76152083de3af1551a514fcf81eea46a8035bcc01ce0bcb661a8b3e86
ae2a6611d80fa794f7523cda36bea85c2e092ec86fca5c27e65873887dcbac51
af64a6f3ffc388b91cd70eae25893f7bea7e8e7d84d2c2b41c378cfbe13651ff
b0546d3225bd563ce090f4ca843f6b08475fb632441b02a6a46732bde2c62bd5
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b26d782d43592764b4638a4b605300848539a14adb2495340f5ac12c0e6aee51
b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f
b4259dbb0191c97a891b857a18b128a117310364e59726cff9eb639dcd22023b
b44742af8c52f0b50ce4fd4f914084f74ac6e2af31b873c0738fe05503b3687b
b4a111f60e55c25e8d591fec55aa38ddc231018234a8099eca9178cbe77cc145
b5c9e4876832936836619c0b253bd8fd6c739560a6d5f287f51ac71b2edf7ae9
b80f9996f4ee83ac7e0cdc7b04f9e4150a90d41bbf901e7ea4a646d53f334a92
b847a22a157c0783821b26e1e2798ca192f3a1374f06eaf7573a6be55ec503b4
ba5d4ad2291eb8531da85d9f1f58db9e7e78bae8515efb10c52ad65cc3deaec6
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc851c1efeade4bb2301d396a9b8039ca6e8d749448e736a95b536cdc113eb6f
bd97fb5dbd58e2c01a0bebc290daff9b869759dabc0555b55275600aa3978feb
bdbb3b88367e0dc7f2af34b3bb701fe2523c8653a48cdfd8aaf67c2d1e18b76d
bedddb3e8da114412602440e01aa8122a149527f3f30859c276f5efa31ecb7e6
bf311ee2e1200ea59413c6baef19303d40e28b876533efe89954938139627db5
bf7c9484fdc988e2ee44d62563d76afcd64cd75e1c9aae4c2fd195d9ba4fe649
c0ded025aa80c10d37920521c8de04536a6145d0e42eb4186c57b412fa50eb45
c135d926af427deee597462eb699564d1b574f9d153e550416d11bd4f96844b5
c24a517cf3dc453e6046e54ec1f6944bd762da6fc68447fcfa84c374723bbb09
c4a860a38885b7b7b6536fd9394ff66499092b651f172b4ed01f2574f5c8322f
c4c9a02233263c1f9adbb3aee8afc6df58f639da4301ea1001eabad848caf216
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c623e82418aeacccf4b6feed6c69d7aeab0f81ae791e91eb448b8f61a50671c7
c6a305cd9f8592bbd50ddd47eb5af53952b97937e9b0c4df40498f7140ff8a49
c7a91e8ae78a2017b775f76cad66241ca3c2728228866622dc90cad71144e245
c826b646487b548dd4738e5204795743214b02c6a25a5812601094ba55a0813f
c957adaf4326a8636ad68fc78acb194b96b34bbeba09daf6b36c74975ac37d21
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbcac3c98cf9658fbaa2ccbd75656668ed9338059ce94fac4b50c48c10f3e90e
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9
ced34f591157438ef47695f979ac95f8758408e8d9b88e63aee8b382ec975785
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0115f43d423baff8b4aaf4fec35829d2d0a178f9e4fa279947294235f94e1c3
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d0f6b3479d68fe4535d9aa3dc5cf3f72c0c5f12c9698a4c83218b2b6901c7a73
d18c6d6e59f6af6b08174e8d3d0ed661b985715fe3949c4170a0af1546995b79
d27910197214323c01182b91f3674aafd20260f85ab8ef54b6358be6e453ca8e
d3dd865323c201438cf1e462ea95d396040dfec452af5eee4d06cbb674560f92
d471fca96620458724db33f0271e221a6117003d4ffb473a472046cff5eae2b8
d5295c97529e9d7a0304c2e17eae16173ea2417661479ff80b35da151390fbbf
d5ad22a7636f665f8d8a07aeeeff6602919fbcd0f6ce0eb496549ee3419dcaa5
d7032bca089ded934885262dd86ef3b6381b6a039f00f7644b8699864e995374
de878ac09635910d6fdc776b259330509502e11a42aee1881a73a59d491e0000
df016c1d21dba18b07c7638870a068d0b1b406dfa4fb9c4f1b981417102f42f0
e0d4c8219773ccfec77e5eba0a4d6628119cdf77a20380694dbd71b18d43a734
e19e5fec549d0d871301c8196f4a954abe8d6913464a1ac511f81ef71529f89b
e2e3ce39cb03dea908e48a0e8c9becfd77656bde2cf63df5050b42facf527731
e2f8cd876768e15cdc9167bdff85d98e23c6e419c33df986cb91678613e542e7
e36a4f5cdfb6ce356335d908f609cc7eae28bce5d14a9d93f1c3f192367aa968
e38335b8da3a11b4a278e7572f99a3990da81b9764b7526bd7b69ec0c6a57c84
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52032c3555eb886be3d5b4a298dc5c6b054b3cfef5f02bb9a8c2a39737df84a
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e619a3d55c7136321f42abb8979c0e99160209aaf22abbbcba4f1001f6fb5baf
e7f1349509e18e2f9ff0df26840e00db8fd57e491645cf68a4fdc40de3bbc2b3
e98e0e8a43924175523851a91db3bc4908827f65a5a83252c56401d70d8560e4
ea1ab723409b9d065cb03a6feb1d24cf256bc5e6a9f5ff819823c28895f1a9c5
eb3a63fe7130145a8ad84d687cbd37bc9a5fe1863547cfa43ae18a18d218f7c7
ebb9ccd7e633b6add76b5839940681d91b486e8e37f8e9a4709f15904b768175
ec93813683cccb74a7896a34a2ed1b2163288620f6959ae06de3ded30cf518b9
ee441245ef85f538030acf5e534d1cf2664c18289cec8cc0d84656ffb0e0a95d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2329169cc897e07ade7859b20f9978e8d64c8ff0107325b0a2c7ee26079aeef
f4c2c2f15edfc1ca4de9bdd4f50fb3a181137581ac709683ae20b899ce91565f
f580e982f0b9ec2b77290e1aa76cbe4c8e899b83b863879f400ae59525243e6e
f584e227bb22bc5ea65c85d5435faaedfdeab76f07b3d8dbfd46241bf313c503
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f
f76b46135fa81747d8b937a43278410e8d9e322e78190b1cd17cf838d9766dec
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4
f8ca71efa8f9823626b975330f1cd7dde8163230fba36ba1ccf8bf9182ea46cb
f979285e29b7738e79983b46d15f2c865f36ca1033937b4fd938af11798ef40f
faa29af882ddfc0fc714ab1287771fe2d94452b0ed1d6c5d8fc830312860f52e
fbfe3872ec0d5db828d9df036e6f454ff7917b3d4607a6c7659795f1d296bd87
fc8910a12a56baa8d399a29ea83ff9d09e9326cd7a38be03892a0333df79c931
fcfb2967769ae00c7c9024bf6d7765adb7aa7bea15db5a9b3c3213ba45b92907
feea4902784ecb3c8c5e08477106ca21ec77628933e61f6f69456f97d20e4d73

www.themoscowtimes.com Open in urlscan Pro 95.215.189.12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

439 Requests

99 %HTTPS

36 %IPv6

88 Domains

151 Subdomains

104 IPs

9 Countries

6510 kBTransfer

19060 kBSize

10 Cookies

23 Outgoing links

Redirected requests

439 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.themoscowtimes.com Open in urlscan Pro
95.215.189.12 Public Scan

Screenshot
Live screenshot

Full Image

439
Requests

99 %
HTTPS

36 %
IPv6

88
Domains

151
Subdomains

104
IPs

9
Countries

6510 kB
Transfer

19060 kB
Size

10
Cookies

439 HTTP transactions
6 data transactions