urlscan.io logo urlscan.io
SecurityTrails logo

chtyvo.org.ua Open in urlscan Pro
174.138.9.142  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://chtyvo.org.ua/
Effective URL: https://chtyvo.org.ua/
Submission: On July 20 via api from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 28 IPs in 5 countries across 23 domains to perform 111 HTTP transactions. The main IP is 174.138.9.142, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is chtyvo.org.ua.
TLS certificate: Issued by R3 on June 25th 2022. Valid for: 3 months.
This is the only time chtyvo.org.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 174.138.9.142 14061 (DIGITALOC...)
1 18.66.97.25 16509 (AMAZON-02)
1 2600:9000:223... 16509 (AMAZON-02)
14 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
4 2606:2800:234... 15133 (EDGECAST)
5 142.250.186.66 15169 (GOOGLE)
1 2600:9000:225... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
2 104.244.42.200 13414 (TWITTER)
1 2606:4700::68... 13335 (CLOUDFLAR...)
9 2a00:1450:400... 15169 (GOOGLE)
1 2a03:2880:f12... 32934 (FACEBOOK)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 9 142.250.186.34 15169 (GOOGLE)
2 4 104.18.18.126 13335 (CLOUDFLAR...)
2 3 185.89.210.101 29990 (ASN-APPNEX)
1 2 52.17.82.33 16509 (AMAZON-02)
24 2a00:1450:400... 15169 (GOOGLE)
1 1 151.101.194.49 54113 (FASTLY)
1 1 35.186.193.173 15169 (GOOGLE)
1 1 35.190.0.66 15169 (GOOGLE)
1 1 69.173.144.138 26667 (RUBICONPR...)
3 2600:9000:223... 16509 (AMAZON-02)
2 142.250.74.194 15169 (GOOGLE)
7 2600:1f18:1ac... 14618 (AMAZON-AES)
111 28
8    174.138.9.142 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
chtyvo.org.ua
1    18.66.97.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-25.fra56.r.cloudfront.net
www.statsforads.com
1    2600:9000:223c:3000:6:b871:4f00:93a1 (United States)

ASN16509 (AMAZON-02, US)
cmp.optad360.io
14    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.google-analytics.com
2    2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
4    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
5    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
securepubads.g.doubleclick.net
partner.googleadservices.com
1    2600:9000:225e:7400:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)
get.optad360.io
1    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.co.uk
3    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
7    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.co.uk
2    104.244.42.200 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
1    2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
9    2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
tpc.googlesyndication.com
1    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
9    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
cm.g.doubleclick.net
4    104.18.18.126 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
3    185.89.210.101 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
2    52.17.82.33 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-82-33.eu-west-1.compute.amazonaws.com
fw.adsafeprotected.com
24    2a00:1450:4001:803::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
1    151.101.194.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    35.186.193.173 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com
gcm.ctnsnet.com
1    35.190.0.66 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com
ads.travelaudience.com
1    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
3    2600:9000:223f:f400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
2    142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net
googleads4.g.doubleclick.net
7    2600:1f18:1aca:4281:4f5b:6550:560a:4298 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dt.adsafeprotected.com
Apex Domain
Subdomains		 Transfer
24 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 282
296 KB
23 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 128
a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 166
317 KB
20 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 231
googleads.g.doubleclick.net — Cisco Umbrella Rank: 67
cm.g.doubleclick.net — Cisco Umbrella Rank: 223
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 313
210 KB
12 adsafeprotected.com
fw.adsafeprotected.com — Cisco Umbrella Rank: 899
static.adsafeprotected.com — Cisco Umbrella Rank: 611
dt.adsafeprotected.com — Cisco Umbrella Rank: 550
96 KB
8 chtyvo.org.ua
chtyvo.org.ua
139 KB
6 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 720
syndication.twitter.com — Cisco Umbrella Rank: 967
151 KB
5 google.com
adservice.google.com — Cisco Umbrella Rank: 103
www.google.com — Cisco Umbrella Rank: 17
2 KB
4 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 597
4 KB
3 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 257
3 KB
3 google.co.uk
adservice.google.co.uk — Cisco Umbrella Rank: 4409
1 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 164
88 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 69
ssl.google-analytics.com — Cisco Umbrella Rank: 411
18 KB
2 optad360.io
cmp.optad360.io — Cisco Umbrella Rank: 44120
get.optad360.io — Cisco Umbrella Rank: 25456
462 KB
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 372
459 B
1 travelaudience.com
ads.travelaudience.com — Cisco Umbrella Rank: 14031
554 B
1 ctnsnet.com
gcm.ctnsnet.com — Cisco Umbrella Rank: 36798
612 B
1 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 689
539 B
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 196
43 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 96
3 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 459
2 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 957
647 B
1 statsforads.com
www.statsforads.com — Cisco Umbrella Rank: 108871
88 KB
0 netmng.com Failed
google2waycm.netmng.com Failed
111 23
Domain Requested by
24 s0.2mdn.net chtyvo.org.ua
a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
s0.2mdn.net
14 pagead2.googlesyndication.com chtyvo.org.ua
pagead2.googlesyndication.com
a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
9 cm.g.doubleclick.net 3 redirects googleads.g.doubleclick.net
a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
8 chtyvo.org.ua 1 redirects chtyvo.org.ua
7 dt.adsafeprotected.com a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
7 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
5 googleads.g.doubleclick.net pagead2.googlesyndication.com
a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
chtyvo.org.ua
4 dsum-sec.casalemedia.com 2 redirects googleads.g.doubleclick.net
4 securepubads.g.doubleclick.net www.statsforads.com
securepubads.g.doubleclick.net
4 platform.twitter.com chtyvo.org.ua
platform.twitter.com
3 static.adsafeprotected.com fw.adsafeprotected.com
a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
3 ib.adnxs.com 2 redirects googleads.g.doubleclick.net
3 adservice.google.com pagead2.googlesyndication.com
securepubads.g.doubleclick.net
3 adservice.google.co.uk pagead2.googlesyndication.com
securepubads.g.doubleclick.net
2 googleads4.g.doubleclick.net chtyvo.org.ua
2 fw.adsafeprotected.com 1 redirects chtyvo.org.ua
2 www.google.com tpc.googlesyndication.com
a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
2 a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 syndication.twitter.com platform.twitter.com
chtyvo.org.ua
2 connect.facebook.net chtyvo.org.ua
connect.facebook.net
1 pixel.rubiconproject.com 1 redirects
1 ads.travelaudience.com 1 redirects
1 gcm.ctnsnet.com 1 redirects
1 sync-tm.everesttech.net 1 redirects
1 www.googletagservices.com a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
1 www.facebook.com connect.facebook.net
1 cdn.jsdelivr.net get.optad360.io
1 partner.googleadservices.com pagead2.googlesyndication.com
1 get.optad360.io www.statsforads.com
1 ssl.google-analytics.com chtyvo.org.ua
1 www.google-analytics.com chtyvo.org.ua
1 cmp.optad360.io chtyvo.org.ua
1 www.statsforads.com chtyvo.org.ua
0 google2waycm.netmng.com Failed a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
111 34
Subject Issuer Validity Valid
chtyvo.org.ua
R3		 2022-06-25 -
2022-09-23		 3 months crt.sh
statsforads.com
Amazon		 2021-10-18 -
2022-11-16		 a year crt.sh
*.optad360.io
Amazon		 2021-11-17 -
2022-12-15		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-06-27 -
2022-09-19		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-06-27 -
2022-09-19		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-04-28 -
2022-07-27		 3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-20 -
2022-10-19		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-06-27 -
2022-09-19		 3 months crt.sh
*.google.co.uk
GTS CA 1C3		 2022-06-27 -
2022-09-19		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-06-27 -
2022-09-19		 3 months crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-31 -
2022-10-30		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-02 -
2023-06-01		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-06-27 -
2022-09-19		 3 months crt.sh
fw.adsafeprotected.com
Amazon		 2022-04-28 -
2023-05-27		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-06-27 -
2022-09-19		 3 months crt.sh
static.adsafeprotected.com
Amazon		 2021-09-05 -
2022-10-04		 a year crt.sh
dt.adsafeprotected.com
Amazon		 2022-04-10 -
2023-05-08		 a year crt.sh

This page contains 16 frames:

Primary Page: https://chtyvo.org.ua/
Frame ID: 4660AB45C676834DE961871A277DA2D4
Requests: 35 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5512390705137507&output=html&h=400&slotname=2039655029%2F9423194429&adk=1348925964&adf=2193123101&pi=t.ma~as.2039655029%2F94231944_&w=580&lmt=1658289515&url=https%3A%2F%2Fchtyvo.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658289515122&bpp=12&bdt=396&idt=210&shv=r20220718&mjsv=m202207130101&ptt=5&saldr=sa&abxe=1&correlator=8501788142164&frm=20&pv=2&ga_vid=562167579.1658289515&ga_sid=1658289515&ga_hid=1658150136&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=503&ady=2903&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763505%2C31067527%2C31068195%2C31062930&oid=2&pvsid=3192664274956571&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=sM3JdznGFN&p=https%3A//chtyvo.org.ua&dtd=227
Frame ID: 3573846512C8ABA32FCE857131201789
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.dc05643fdb8d0e2b89e5cc3c1d26d1b5.html?origin=https%3A%2F%2Fchtyvo.org.ua
Frame ID: 98589183E75121CF178B95805EBCD90D
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.dc05643fdb8d0e2b89e5cc3c1d26d1b5.uk.html
Frame ID: 5BDE4BE5585FD83B802B29204E143A14
Requests: 2 HTTP requests in this frame

Frame: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8955CFFA04EA456C58853626E847C829
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df258ea8dc5ed34c%26domain%3Dchtyvo.org.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fchtyvo.org.ua%252Ff4cbda37eb639%26relation%3Dparent.parent&container_width=145&href=http%3A%2F%2Fchtyvo.org.ua%2F&layout=button_count&locale=uk_UA&sdk=joey&send=false&show_faces=false&width=100
Frame ID: F7758863DC8966960C393EF387EFC116
Requests: 1 HTTP requests in this frame

Frame: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E75DF45284A8BEE1492D9EB4D0118902
Requests: 25 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220718/r20190131/zrt_lookup.html
Frame ID: 7AE0C1A6DE887EB60C979A22BC9E1011
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5512390705137507&output=html&adk=1812271804&adf=3025194257&lmt=1658289516&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fchtyvo.org.ua%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658289516287&bpp=1&bdt=1562&idt=1&shv=r20220718&mjsv=m202207130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f2fa98a9f65f62f%3AT%3D1658289515%3AS%3DALNI_MbDGH3jSWRCujlfm725H4UzpH-p4Q&prev_slotnames=2039655029%2F9423194429&nras=1&correlator=8501788142164&frm=20&pv=1&ga_vid=562167579.1658289515&ga_sid=1658289515&ga_hid=1658150136&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763505%2C31067527%2C31068195%2C31062930&oid=2&pvsid=3192664274956571&tmod=2062978875&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=20
Frame ID: FECE35C4017B4DA420871C8A5E3ABF16
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9608A0084705B8432D6CBBB47ABE52B3
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A23EDAE47186881CB8ADA40CCDA2C6FF
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBDJv5SCAhjG7djOATAB&v=APEucNXR1JuaGRbjRLkym76BfLBDRONA83inlD6Rt5jgwfoEG0iiXtcG9GU-336yvDo-XsAxE6Urxl2E2J-6dwwDBNkxClmmrTko9jHTKKi0up5fFVhH_WzJabOhzTp1iYJweWsOLTOfI2Off14mT7XLqWq6aD0N7lc526z8uQ4VL9gGKzadge5lm4fXK_JStAYLaM2F-p8B5J_WDEiC8opqo5XGwn3J_g
Frame ID: 01DD86F44D2573E63DE397FDC570C1A0
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4771B7B4046ACEF92C0A74DA845E7737
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 52364E0E46F952111EF68F501C1F5149
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
Frame ID: 8D9016BD8B061F17745F0B5D1F7A5D11
Requests: 21 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 38BA92E8D639437D2687454F24959C35
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Чтиво

Page URL History Show full URLs

  1. http://chtyvo.org.ua/ HTTP 301
    https://chtyvo.org.ua/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

111
Requests

91 %
HTTPS

58 %
IPv6

23
Domains

34
Subdomains

28
IPs

5
Countries

1917 kB
Transfer

4453 kB
Size

19
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://chtyvo.org.ua/ HTTP 301
    https://chtyvo.org.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 53
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0boA_pM76n_MndPvQnnhs&google_cver=1
Request Chain 54
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Ytd9bGN1VISn2LGE22zqGAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0boA_pM76n_MndPvQnnhs&google_cver=1
Request Chain 55
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESENFu1YKKFR1_OJ0Tkpvewpc&google_cver=1
Request Chain 56
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE3ODk4MDU5NzY2MTc5MTEwNQ%3D%3D
Request Chain 68
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEP9fMd9VW-Of5KAZMqtCDSc&google_cver=1&google_push=AehlK4Dy0s3H3bHTeh5UdZiV4IlUjmJ3zO1RNXVA0FJk4GmQh6za-MfWuXVVqDv3Q0mp2rvvGgI93rBhbaHEaffQMwjRYnlYIhHm_g HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEP9fMd9VW-Of5KAZMqtCDSc&google_push=AehlK4Dy0s3H3bHTeh5UdZiV4IlUjmJ3zO1RNXVA0FJk4GmQh6za-MfWuXVVqDv3Q0mp2rvvGgI93rBhbaHEaffQMwjRYnlYIhHm_g
Request Chain 69
  • https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEJlTJndfBdlQsUMMYRLEQcE&google_cver=1&google_push=AehlK4A672g2oQXMCRL8fXygVk2D5zdJ2UCVMGjFYW6fNwgAOqukvwkx23TNYIKPFj_bmlUIciV1dmdcwLsX4TPgkqzldWYW1lhDEA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AehlK4A672g2oQXMCRL8fXygVk2D5zdJ2UCVMGjFYW6fNwgAOqukvwkx23TNYIKPFj_bmlUIciV1dmdcwLsX4TPgkqzldWYW1lhDEA&google_hm=l749caZ6Ra-wJG132O1rYCc
Request Chain 70
  • https://ads.travelaudience.com/google_pixel?google_gid=CAESEDUhZxrS0YqhbWvDKUCRayA&google_cver=1&google_push=AehlK4DFrVqZOmIh1Fja4nwB1CPaL5l0YniyWsXdNGNyQsXlaCDD2Hn4Arv6WQHiuPGYTf1J3d3lJ96r3PEDyarZc9PlBq04pLEVoA HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=M6A734_7SJ6f4CB5EWWtqg2&google_push=AehlK4DFrVqZOmIh1Fja4nwB1CPaL5l0YniyWsXdNGNyQsXlaCDD2Hn4Arv6WQHiuPGYTf1J3d3lJ96r3PEDyarZc9PlBq04pLEVoA
Request Chain 72
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHcjD5PEHlcWVtq7aD3FYoQ&google_cver=1&google_push=AehlK4C2mG583cF_omXW6GK9axufyHlvQPC_MdNyiLQu0DwGLNLJ2TuMXkyhExMgIzOCNYtXjzYnw0NuZILR-wFXQVSjWsV-6i7MSA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDVUMlJHRUItRy02WjdY&google_push=AehlK4C2mG583cF_omXW6GK9axufyHlvQPC_MdNyiLQu0DwGLNLJ2TuMXkyhExMgIzOCNYtXjzYnw0NuZILR-wFXQVSjWsV-6i7MSA
Request Chain 82
  • https://fw.adsafeprotected.com/rfw/st/1084840/64294887/skeleton.js?ias_dspID=3&ias_campId=1008207074&ias_pubId=pub-5512390705137507&ias_chanId=1&ias_placementId=17666503408&bidurl=https://chtyvo.org.ua/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0g7BQfVKh1MFfcywsSEnZ_q&adsafe_url=https%3A%2F%2Fchtyvo.org.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fa8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fa8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:2345e11c-b464-9d00-c36b-eff9cf66425c,c:iSpbVp,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-69659766b-p5vg9,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,an:n,oam:0,nbld:0,mtim:284,mot:0,app:0,maw:0,fm:tc61OCH+11%7C12%7C13%7C14%7C15%7C16%7C17*.1084840-64294887%7C171%7C172%7C173%7C174%7C18%7C19%7C1a%7C1b,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:301,oid:3b555463-07e0-11ed-a87b-ee53861f10e8,v:19.8.327,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/skeleton.js

111 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
chtyvo.org.ua/
Redirect Chain
  • http://chtyvo.org.ua/
  • https://chtyvo.org.ua/
50 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://chtyvo.org.ua/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
174.138.9.142 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
ee6de4d9b2e6bc565ea39eb179c68db02518db45f4f2ae88465bef991a971458

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
11630
Content-Type
text/html; charset=utf-8
Date
Wed, 20 Jul 2022 03:58:34 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache/2.4.7 (Ubuntu)
Vary
Accept-Encoding

Redirect headers

Connection
Keep-Alive
Content-Length
309
Content-Type
text/html; charset=iso-8859-1
Date
Wed, 20 Jul 2022 03:58:34 GMT
Keep-Alive
timeout=5, max=100
Location
https://chtyvo.org.ua/
Server
Apache/2.4.41 (Ubuntu)
style.css
chtyvo.org.ua/assets/css/ 		17 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://chtyvo.org.ua/assets/css/style.css?_20201230
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
174.138.9.142 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
2b6a495c4ace02a5a17dc157938d69188e71535365efb39eaceff9137ca92166

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 20 Jul 2022 03:58:34 GMT
Content-Encoding
gzip
Last-Modified
Wed, 30 Dec 2020 18:50:47 GMT
Server
Apache/2.4.7 (Ubuntu)
ETag
"44a3-5b7b2fc3af82d-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
3165
jquery.js
chtyvo.org.ua/assets/scripts/ 		70 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://chtyvo.org.ua/assets/scripts/jquery.js?_20201230
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
174.138.9.142 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 20 Jul 2022 03:58:34 GMT
Content-Encoding
gzip
Last-Modified
Mon, 28 Dec 2020 17:23:27 GMT
Server
Apache/2.4.7 (Ubuntu)
ETag
"119ee-5b7898834fe39-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
24606
common.js
chtyvo.org.ua/assets/scripts/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://chtyvo.org.ua/assets/scripts/common.js?_20201230
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
174.138.9.142 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
a62841b9e5b955e345c1c642935163dc9e2044c542b2f40e863b54be4eceb010

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 20 Jul 2022 03:58:34 GMT
Content-Encoding
gzip
Last-Modified
Mon, 28 Dec 2020 17:23:27 GMT
Server
Apache/2.4.7 (Ubuntu)
ETag
"172b-5b7898834fe39-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1936
b040eb70-d64d-4d04-8cd7-cb900e541b75.min.js
www.statsforads.com/tag/ 		370 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.statsforads.com/tag/b040eb70-d64d-4d04-8cd7-cb900e541b75.min.js
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-25.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9a1e3d8485e3e6c737073c0cf0b0a5908ec1b69002e22f59629f6331fdc15864

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:36 GMT
content-encoding
gzip
last-modified
Mon, 11 Jul 2022 04:00:42 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P2
etag
W/"9317390696842ea4b83bfaf8a773b770"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
via
1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
cache-control
public, max-age=3600
x-amz-cf-id
URKg13EQF1h0FhOixDrPIzUAxsjSZvl_kS_cMK0aOzdmSpjITKegVQ==
a73ccaca-803a-402f-9838-35850b472d44.min.js
cmp.optad360.io/items/ 		497 B
849 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp.optad360.io/items/a73ccaca-803a-402f-9838-35850b472d44.min.js
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:3000:6:b871:4f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 02:14:44 GMT
via
1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
last-modified
Mon, 12 Apr 2021 08:54:56 GMT
server
AmazonS3
age
6232
etag
"7acdc116a0830ba0aef5e087010246ba"
vary
Accept-Encoding
x-cache
Error from cloudfront
content-type
application/javascript
x-amz-cf-pop
FRA56-P2
accept-ranges
bytes
content-length
497
x-amz-cf-id
IQHaYWSaXs1HvTTmb2i9ACazFhFTxi7vG-kCGoG-mxWvr3W9IxMxrA==
centerlogo.gif
chtyvo.org.ua/assets/images/design/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://chtyvo.org.ua/assets/images/design/centerlogo.gif
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
174.138.9.142 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
6e6666d1d9b9a978f4359712f86eea5e417de503cc144266763541b732b04b19

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 20 Jul 2022 03:58:34 GMT
Last-Modified
Mon, 28 Dec 2020 17:23:27 GMT
Server
Apache/2.4.7 (Ubuntu)
ETag
"13c1-5b7898834ee99"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
5057
20k_.png
chtyvo.org.ua/content/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://chtyvo.org.ua/content/images/20k_.png
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
174.138.9.142 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
fcaa5bbb668b3b26e7b3d2c97e3acba59a834da830b0726815c7f5ebf360ccf6

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 20 Jul 2022 03:58:34 GMT
Last-Modified
Thu, 12 Aug 2021 09:36:35 GMT
Server
Apache/2.4.7 (Ubuntu)
ETag
"6be-5c9597894eb85"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
1726
corrupted_covers.jpg
chtyvo.org.ua/content/images/ 		90 KB
90 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://chtyvo.org.ua/content/images/corrupted_covers.jpg
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
174.138.9.142 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
b5e45c1317da4dfc410ab6c1d707c04e5013936bbcece030ef1a6d9cd0c98ac6

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 20 Jul 2022 03:58:34 GMT
Last-Modified
Wed, 06 Jan 2021 17:10:16 GMT
Server
Apache/2.4.7 (Ubuntu)
ETag
"16794-5b83e65a29da0"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
92052
show_ads.js
pagead2.googlesyndication.com/pagead/ 		118 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f865937f82b393dbc417221e346454ef61a81d9653e67bf374ccea1d607ba904
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40008
x-xss-protection
0
server
cafe
etag
10473969135264219599
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 20 Jul 2022 03:58:35 GMT
ga.js
www.google-analytics.com/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/ga.js
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
953
date
Wed, 20 Jul 2022 03:42:42 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17168
expires
Wed, 20 Jul 2022 05:42:42 GMT
__utm.gif
ssl.google-analytics.com/r/ 		35 B
396 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=334702557&utmhn=chtyvo.org.ua&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%A7%D1%82%D0%B8%D0%B2%D0%BE&utmhid=1658150136&utmr=-&utmp=%2F&utmht=1658289515074&utmac=UA-15381598-1&utmcc=__utma%3D206820033.562167579.1658289515.1658289515.1658289515.1%3B%2B__utmz%3D206820033.1658289515.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=530271652&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:35 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207130101/ 		340 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207130101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5512390705137507&plah=chtyvo.org.ua
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
48498682e46a2798b2cc5b57f085f280b9c41ae55efb3f7d28762e2372bc94c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122716
x-xss-protection
0
server
cafe
etag
6947067181079210917
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 20 Jul 2022 03:58:35 GMT
all.js
connect.facebook.net/uk_UA/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/uk_UA/all.js
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
41b382c527a99a4a8a21143d07bd88777b959ae7785a7e0ed5e6a6347864e5de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
795rcrA1h21g/uvhbTSxug==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1687
x-fb-rlafr
0
x-fb-debug
gQr5kUAAVgJeHs281Frwnt3ZUUz0/b7xU082vkThPbw7dN/Bry9KTWfR6O4VJp9JAQchmEdpp+OYppYtTzEoYg==
x-fb-trip-id
686109401
x-fb-content-md5
99e25f4a85ef5302ba592ce050c02ebc
x-frame-options
DENY
date
Wed, 20 Jul 2022 03:58:35 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"aa632a8d8b19e724b81ff2093306c714"
timing-allow-origin
*
priority
u=3,i
expires
Wed, 20 Jul 2022 04:13:14 GMT
widgets.js
platform.twitter.com/ 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6739) /
Resource Hash
ccaf59e06eb4f607fdedb30b166d8ab31ae2f92eaf4a2f998504204f1a2bf526

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 20 Jul 2022 03:58:35 GMT
Content-Encoding
gzip
Age
854
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length
29212
x-tw-cdn
VZ
Last-Modified
Tue, 19 Jul 2022 20:07:06 GMT
Server
ECS (frb/6739)
Etag
"3b16e031477759af620cd0de990c6783+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.statsforads.com
URL: https://www.statsforads.com/tag/b040eb70-d64d-4d04-8cd7-cb900e541b75.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
sffe /
Resource Hash
85021f3169e197fff54e01145509eae6539ff625fa6ebfbf3ba9d583b565710b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28514
x-xss-protection
0
server
sffe
etag
"1278 / 330 of 1000 / last-modified: 1658268269"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 20 Jul 2022 03:58:35 GMT
prebid5.14.0.js
get.optad360.io/sf/ 		460 KB
461 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.optad360.io/sf/prebid5.14.0.js
Requested by
Host: www.statsforads.com
URL: https://www.statsforads.com/tag/b040eb70-d64d-4d04-8cd7-cb900e541b75.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:7400:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7109518959a6958168f639860050324f4f063fd1697f32677cf9d0180ab02453

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Feb 2022 03:00:42 GMT
via
1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront)
last-modified
Thu, 23 Sep 2021 07:59:54 GMT
server
AmazonS3
age
12790674
etag
"6dd0a13bde35d2daa452bba998871016"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=360000000
x-amz-cf-pop
FRA60-P4
accept-ranges
bytes
content-length
471445
x-amz-cf-id
N855TxvM7FGsD9ZZ6jG9-w_fKrhGl1YNjkPhN7jc-rSSgTx49-c6RQ==
all.js
connect.facebook.net/uk_UA/ 		302 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/uk_UA/all.js?hash=144bc252172c11de4f11c492de965161
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/uk_UA/all.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
601bd7335ad1fa7f2befb7230901cf8946056bba0ad7825148bc5f402a5c93ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://chtyvo.org.ua/
Origin
https://chtyvo.org.ua
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
SO0HvyNWzSXIPhSOliGAHA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
87532
x-fb-rlafr
0
x-fb-debug
JYX+HRL146wCVKVnJMnZD3WQFcW0YYecDyvMUxus1RlRoUN+lwc2JDoEkeVpUz6TpUx5FxkdSZFmIgKFmyGv9A==
x-fb-content-md5
91d17c2ace8194e2061d9ef5fb777ea0
x-frame-options
DENY
date
Wed, 20 Jul 2022 03:58:35 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"c8d6cb87ee4b4941718144527664e611"
timing-allow-origin
*
priority
u=3,i
expires
Thu, 20 Jul 2023 03:08:49 GMT
cookie.js
partner.googleadservices.com/gampad/ 		217 B
647 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=chtyvo.org.ua&callback=_gfp_s_&client=ca-pub-5512390705137507
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207130101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5512390705137507&plah=chtyvo.org.ua
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
3c3937e879ab5c2667a719eedce3987c48e0fc79de26dba48f9bdb2ed621ab8f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
203
x-xss-protection
0
integrator.js
adservice.google.co.uk/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.co.uk/adsid/integrator.js?domain=chtyvo.org.ua
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207130101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5512390705137507&plah=chtyvo.org.ua
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Jul 2022 03:58:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=chtyvo.org.ua
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207130101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5512390705137507&plah=chtyvo.org.ua
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Jul 2022 03:58:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 3573 		603 B
627 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5512390705137507&output=html&h=400&slotname=2039655029%2F9423194429&adk=1348925964&adf=2193123101&pi=t.ma~as.2039655029%2F94231944_&w=580&lmt=1658289515&url=https%3A%2F%2Fchtyvo.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658289515122&bpp=12&bdt=396&idt=210&shv=r20220718&mjsv=m202207130101&ptt=5&saldr=sa&abxe=1&correlator=8501788142164&frm=20&pv=2&ga_vid=562167579.1658289515&ga_sid=1658289515&ga_hid=1658150136&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=503&ady=2903&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763505%2C31067527%2C31068195%2C31062930&oid=2&pvsid=3192664274956571&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=sM3JdznGFN&p=https%3A//chtyvo.org.ua&dtd=227
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207130101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5512390705137507&plah=chtyvo.org.ua
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://chtyvo.org.ua/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Jul 2022 03:58:35 GMT
expires
Wed, 20 Jul 2022 03:58:35 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
widget_iframe.dc05643fdb8d0e2b89e5cc3c1d26d1b5.html
platform.twitter.com/widgets/ Frame 9858 		320 KB
104 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.dc05643fdb8d0e2b89e5cc3c1d26d1b5.html?origin=https%3A%2F%2Fchtyvo.org.ua
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668A) /
Resource Hash
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer
https://chtyvo.org.ua/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
28152
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105435
Content-Type
text/html; charset=utf-8
Date
Wed, 20 Jul 2022 03:58:35 GMT
Etag
"95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified
Tue, 19 Jul 2022 20:05:03 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/668A)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
settings
syndication.twitter.com/ Frame 9858 		580 B
540 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=79a4641da3b3ff1ea28409fcdf75065ad65870d0
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.dc05643fdb8d0e2b89e5cc3c1d26d1b5.html?origin=https%3A%2F%2Fchtyvo.org.ua
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
a502f79cb5fa985d8b516eeb3b2ce66e500731cd1999e64b3bb1cb035e784f66
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time
93
date
Wed, 20 Jul 2022 03:58:35 GMT
content-encoding
gzip
last-modified
Wed, 20 Jul 2022 03:58:35 GMT
server
tsa_f
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
758061646be010c5224dff5fa4ad3ba216cbd9fe0122843b1bf25bcb116877e2
content-length
260
pubads_impl_2022071401.js
securepubads.g.doubleclick.net/gpt/ 		377 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
sffe /
Resource Hash
fe7bd8cacf9680625b7da9649a92bee8ab705909190040bad2396b2d6ca9436e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 19 Jul 2022 20:03:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
28497
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131659
x-xss-protection
0
last-modified
Thu, 14 Jul 2022 08:36:10 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 19 Jul 2023 20:03:38 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		82 B
104 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=chtyvo.org.ua
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
09b76f2cc240cff74ece85ace2a78e9db76dabe83495b714f309b57787faaff3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Jul 2022 03:58:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
79
x-xss-protection
0
expires
Wed, 20 Jul 2022 03:58:35 GMT
button.fed83577e235944f1c02f314fdfd94dd.js
platform.twitter.com/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/button.fed83577e235944f1c02f314fdfd94dd.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6739) /
Resource Hash
dd73aaa40aaa3f68485ce0099ab91f2db304523f542b95da68397340d58d5c4f

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 20 Jul 2022 03:58:35 GMT
Content-Encoding
gzip
Age
28154
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length
2359
x-tw-cdn
VZ
Last-Modified
Tue, 19 Jul 2022 20:04:46 GMT
Server
ECS (frb/6739)
Etag
"c1233079fb145bc77c712143fa5dcd65+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
latest.json
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220720
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
543b3d51d2ab8b113fbdf23007fa7590c02948690e3ac8880e6dfd1fac160516
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://chtyvo.org.ua/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 20 Jul 2022 03:58:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
3458
x-jsd-version
1.0.1406
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19177-FRA, cache-itm18825-ITM
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"66c-vAc71gFAlTs/UCfu515aORJeYko"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2FbLVxlqgW2W2bcgNATEbU8EcPKItaWuM5QCas5MSSg%2BCo%2FZEth7BlWEGxvBFKFNBlwLxM7uqeqtZILCUPoUizRIgCsnthhgMah7tgJAgSpnTupvzsg7LC1GJDVlQvEcBPgKQQPE%2B4%2B3ix8KCHU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=604800, s-maxage=43200
cf-ray
72d8c782bb3d0635-LHR
access-control-expose-headers
*
tweet_button.dc05643fdb8d0e2b89e5cc3c1d26d1b5.uk.html
platform.twitter.com/widgets/ Frame 5BDE 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.dc05643fdb8d0e2b89e5cc3c1d26d1b5.uk.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6739) /
Resource Hash
da88068dbb94c56a698bd3f253ce7bda5ce8f8c7a08845d80dd3d9dc408b37cb

Request headers

Referer
https://chtyvo.org.ua/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
28102
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
14115
Content-Type
text/html; charset=utf-8
Date
Wed, 20 Jul 2022 03:58:35 GMT
Etag
"5c6eb624bef0afc552d8f179c4bb6e86+gzip"
Last-Modified
Tue, 19 Jul 2022 20:05:00 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/6739)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
jot
syndication.twitter.com/i/ 		43 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fchtyvo.org.ua%2F%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22uk%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1658289515844%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%226da0b7085cc99%3A1658260301864%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=79a4641da3b3ff1ea28409fcdf75065ad65870d0
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
93
pragma
no-cache
last-modified
Wed, 20 Jul 2022 03:58:35 GMT
server
tsa_f
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
758061646be010c5224dff5fa4ad3ba216cbd9fe0122843b1bf25bcb116877e2
x-transaction
584036e377ef133b
expires
Tue, 31 Mar 1981 05:00:00 GMT
integrator.js
adservice.google.co.uk/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.co.uk/adsid/integrator.js?domain=chtyvo.org.ua
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Jul 2022 03:58:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=chtyvo.org.ua
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Jul 2022 03:58:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		17 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3192664274956571&correlator=1120165523245277&eid=31068502%2C44755509%2C44769229%2C31062930&output=ldjh&gdfp_req=1&vrg=2022071401&ptt=17&impl=fif&iu_parts=121764058%3A22668023065%2Cop11-chtyvo.org.ua_157x600-STAT&enc_prev_ius=%2F0%2F1&prev_iu_szs=120x600%7C160x600&ifi=2&adks=4137613428&sfv=1-0-38&ecs=20220720&fsapi=false&sc=1&cookie=ID%3D0f2fa98a9f65f62f-22495aced0cd00d0%3AT%3D1658289515%3ART%3D1658289515%3AS%3DALNI_Mbb4FhK-9Z300AeQCDw7HrnZbvWhA&abxe=1&dt=1658289515881&lmt=1658289515&dlt=1658289514726&idt=1133&adxs=1459&adys=311&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fchtyvo.org.ua%2F&frm=20&vis=1&psz=0x0&msz=120x0&fws=128&ohw=0&ga_vid=562167579.1658289515&ga_sid=1658289515&ga_hid=1658150136&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
f8328de6ac788fc0d35717bd218e024702c440485871d6791ca9d07a9bb27f95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:36 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9632
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://chtyvo.org.ua
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8955 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://chtyvo.org.ua/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Jul 2022 03:58:36 GMT
expires
Thu, 20 Jul 2023 03:58:36 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 5BDE 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/svg+xml
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		165 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28e7618884506f14a2de91a3d1ebe2da312a6c90d8cb2fabd5556aace9e06149
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
56793
x-xss-protection
0
server
cafe
etag
15289200590941710508
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 20 Jul 2022 03:58:36 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220718&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207130101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5512390705137507&plah=chtyvo.org.ua
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d16d5b58e248eb57645940c49e0d6f1db9dd36a15b4569cd6ddc43f624821eed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Jul 2022 03:58:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11140
x-xss-protection
0
like.php
www.facebook.com/plugins/ Frame F775 		0
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df258ea8dc5ed34c%26domain%3Dchtyvo.org.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fchtyvo.org.ua%252Ff4cbda37eb639%26relation%3Dparent.parent&container_width=145&href=http%3A%2F%2Fchtyvo.org.ua%2F&layout=button_count&locale=uk_UA&sdk=joey&send=false&show_faces=false&width=100
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/uk_UA/all.js?hash=144bc252172c11de4f11c492de965161
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://chtyvo.org.ua/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 20 Jul 2022 03:58:36 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=3,i
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
S6lncHWvf4HXWEC75hwBSfN8W3wGCItWmFjS24FaaAoDNG3zfRa8Vzejb4x9yvL6/rFYSjxAJA6aMwaBj9u6WA==
x-xss-protection
0
container.html
a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E75D 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://chtyvo.org.ua/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Jul 2022 03:58:36 GMT
expires
Thu, 20 Jul 2023 03:58:36 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220718/r20190131/ Frame 7AE0 		10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220718/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://chtyvo.org.ua/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
22834
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4412
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 19 Jul 2022 21:38:02 GMT
etag
8616628553774171045
expires
Tue, 02 Aug 2022 21:38:02 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
integrator.js
adservice.google.co.uk/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.co.uk/adsid/integrator.js?domain=chtyvo.org.ua
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207130101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5512390705137507&plah=chtyvo.org.ua
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Jul 2022 03:58:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=chtyvo.org.ua
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207130101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5512390705137507&plah=chtyvo.org.ua
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Jul 2022 03:58:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame FECE 		0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5512390705137507&output=html&adk=1812271804&adf=3025194257&lmt=1658289516&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fchtyvo.org.ua%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658289516287&bpp=1&bdt=1562&idt=1&shv=r20220718&mjsv=m202207130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f2fa98a9f65f62f%3AT%3D1658289515%3AS%3DALNI_MbDGH3jSWRCujlfm725H4UzpH-p4Q&prev_slotnames=2039655029%2F9423194429&nras=1&correlator=8501788142164&frm=20&pv=1&ga_vid=562167579.1658289515&ga_sid=1658289515&ga_hid=1658150136&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763505%2C31067527%2C31068195%2C31062930&oid=2&pvsid=3192664274956571&tmod=2062978875&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=20
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207130101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5512390705137507&plah=chtyvo.org.ua
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://chtyvo.org.ua/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Jul 2022 03:58:36 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207130101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5512390705137507&plah=chtyvo.org.ua
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 20 Jul 2022 03:58:36 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9608 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://chtyvo.org.ua/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
age
30226
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 19 Jul 2022 19:34:50 GMT
expires
Wed, 19 Jul 2023 19:34:50 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame A23E 		783 B
1001 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
4e8b7d182260758d4e2d4cb0ce2895b9ab0898390acc17c39448ce99e485bc26
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-w7gtSAJxf4mxF_dR1mxLjQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://chtyvo.org.ua/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-w7gtSAJxf4mxF_dR1mxLjQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 20 Jul 2022 03:58:36 GMT
expires
Wed, 20 Jul 2022 03:58:36 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
pixel
googleads.g.doubleclick.net/xbbe/ Frame 01DD 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBDJv5SCAhjG7djOATAB&v=APEucNXR1JuaGRbjRLkym76BfLBDRONA83inlD6Rt5jgwfoEG0iiXtcG9GU-336yvDo-XsAxE6Urxl2E2J-6dwwDBNkxClmmrTko9jHTKKi0up5fFVhH_WzJabOhzTp1iYJweWsOLTOfI2Off14mT7XLqWq6aD0N7lc526z8uQ4VL9gGKzadge5lm4fXK_JStAYLaM2F-p8B5J_WDEiC8opqo5XGwn3J_g
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Jul 2022 03:58:36 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame E75D 		92 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CYr51dy54l_u0aM7LKU7EM6RpWVxJjVpUhtnrXI0sMKcD_wfI3S-Dm4j3fH9fBQJXPQ736g8pJdGmykmcSjnQquYH9A-kO72oEzRQDGpR9lbZ9OneTTEjg1cEsiL9wml7e97a_Hl68eQFXorNsVPRO7MpPtw&dbm_d=AKAmf-DDCcwbeN9E0Q0L4g64l0mEZPEWIZurKdA3UebAqvQmyz9thh62ThL-UWJ7gELLLRvupQ3tNu2ZjulavgyFbS_ce9aYxVWgNJNdExVIDkx51n59qB3AR4h6QEYf_gnfexOgrebO5wiIrIoNQttET0cOse3FTL79o0QqnDHP7R6w1OTx0ooa1jHqOwR3gMCWpVQVeu-VnJlums9qPISjONpYgskPVNXCe3hHgm1fJf4IjmrKSHPtH7hc3UjIyMT6WLqIuHecatHCzPCmJqiHCF-O1tumuHB-cMiAx70ik5FKMsai68TEUj9LJ7g2WGlbaxgmV3DPo4j9CUuQ7Jy2s53PYka6r_A9-s6ip71j6WCOS9wVJaucsNc1jCEd0zUa8kFT8lybfItPa0e-TbwLgHLM4xarcEjkuzw0a0ec97lMDAUoTVUmkJOo2mOOp_Lzze_yfZx0Nfh5NYNc6WcBUHlkDJvy_Nnxn9Kw-ZYG-ad-_3b7sq6W5EovQMn8DHgJfvWxEE2WEX5N20LyLRNBabYDFFuyycqBbn5537MqEeK8DUnH6l7bjM00hLD4zLrmuqtQ_iLlz-dK8mVaezfUEwY7Uow0ImYxmYHYT61PotcuZ6SFc4D5nSLE2oXS7A-iYLgHVDVjSlO4i_jIw5jgkPAQ5zB82Yvr2y9oVnwB3xXd33KxvZVack6rMeSJP7ky7YYZwS87WbjigHBqiKLMBTZmY1-fv66nX6G_Sh45C0P61lDDiin8-77Rc-yPHjCdNt94FeN0tuPH5lLKmiu5tZJ07_Zm547w0lSU4hosUl00nLuJyc9Vc6MPI0BWrQ3e4uv4bDka6NS2_gIgLKrgCBL1bN4DHjkNBNDKz80Al5kg9haZD1U3U_tVC5uVtdPgF3NQszJ1o7iBM9CBbiG1d_TA_UE2kE-dNZnBfCPAmXtDU2jTKJOtBXycXsggEVPf3CCaStIEfG-B2sbfrCTVPyug7_AlCC4A_VH5n5WhYmPu30ufBSvcpM8JZcxYFlCt6Il-NZ8j7VbscnmGr5gZp-3JCdjdol2OIgM34sVpsQ-6O4_0b9rnxLos-at8MmOstywaDoypbeZmxFH-xbpP92GXSah-nkjEpGKZIiYVSFln2UiMJf8e4iIE6E0kaAyu-U6QehyvThOOJgW7Ob3ZEChdfh4NZ51ar2elRZo2as3CLZJZDkEqu_kwC9xTZHcSsShVqoL50v_HTsNZVUYwfyv6s73x5Wjg8LyorU_sRU5BpVoZZ6hY4mYVKd7_kuQ0vvT-ei-PHVF5WJK_91-JyjB5Nt_UmD79RSoXUTb3nwdLhex4Em0QeTCWGMlYzhX6L1zFYm9fE9O2L3JlDeJZ6jzbTjOLvedMHIMBMRn0yKPGQXRKhSs-J9aXtrfUfzZPOi4XIPa4haiLZvufHCNhJBVZT2kUyXXqfMpRKu6dGnarUHZm8YNlFYLlKnfT9f489yQuSgpnB4nOHoehk97VEktzW84KGEcj6vYzVSqas6FkYZTWiydK-nakpEOzTn1qKBL3BAWCcD0SuTLwd2Mz-TbJaN45D59VghRBSVpUyYdJ3gE_b5Es4UfQ2tXt4tGGhRYsRzJTEaC051j2kO2RRigbA9DNPoHoAhbdcA7lQcYW6CKNheBsHcR1rWIMSC8tAZmnBMDBjqSKuSTIDIrKtiKFLc_y_ml8uwZUCJEIQEV-rOxUCNlrmc0RJ4By3sP5UuOpYBgjjmEZ0xVe0mdpQB8_7kVg_EA1Ypsdb02PrNRMQhY--8C4aBUokDnFT7lCe8Z9kShcsdgkVSJnxQokZv74JXTDvdkn6QZPfXAN8AKJpHJx_Zc3QMHeGQoHrqJ1TmtG17xJSj8U5alkEYHU1Eog1dVgggSVD5eZxVb61jm5P2Pz2ugpf89d_j9hA-wVO2ojUxCUxLiUdhPcqLMRli1X3_g46gK5dpB8UD2el1hAjR9sALBgHDrYwJnC_uM4em9uN3Gksrc-siNGIEPbFDqQtMxHtR5JhIQGBMWHwbJQwf93vg4l1Sk2L9HdvjZQzxJ5yZdhtzJLEU_ikKIi1Pfq2dXkXfUbW1FIW9mHVRgr-IEQA9Q9Bl3K9CKNQde5GCu9Uha_z6O-QYy2vDVCXqug14Gb7Z6eVEdjtxxf-DtRmdPnhIXK5QIyh2brRV4gMjVnlR2FH2Zqa5w0ex8UUl6LJEHhPOMzyzwfafeGfoJxUhdpuGcqIdygR54Z3LeMklKMH3AiYcWD3sH_2j6B-UKuce-zz7zjVq5Hx3wFNh-cnHQA9Xv3nvwqCDqFOU9O9eoR_c8HR0JowMTT264dtgW1Bype13HldjKU-iQIcTsPaoIJaGvTrIHxn_IVvfhNH_OoyWjiShVLGkRlffK93fwMf4l47kfbeazfDqKemITGAEZRCWHUxFmXamcbbkPm7px-ifN_xuKs0Z0pqhEjNAFTt9REbxFSl68NgW5wqdSFZhEvuMTFmD_OQWCxRtxPIB1tb6ClLiy7fymOlKVOu0RH9V3w4FtnwwKtk-eoCL6pGfhkSHqEs1Pv2h6fYr8isy7W4viydLDacX25SkfwL4TCmZpg7EZxi4yWpVYCFImjjXAXt_j3fQyz0B2IAaI3QnzQP8jcr8_MAJU_7LIuK3BuBODnCkW4FHtS5ihQkmdP5yd_nAs_0oaNSZd05lQqa7Yg3EtgCiCvvVk3dL9YnsQ0wEyp6jc-oqeqWrpHR5FEUWLIxvH7fjj6V-rDBzNhMrVhrn2VnysgkF9Ms2KN8mgkkRnbPX7MW1E_1EPrGjPrr9yxooZJjm-Pz9bX7NP3rIjrLC32NNN3zGQ7JcZ96KZPvqYVEGLGzz9L_EWHfPQu0iluiuH_zl8rg34xY0IGzTXFh8qo9M3W-mC-A269sPK6hP3eXkd9_taCc2s_lzMFBk7ydiU3JBFVu9hk5xqbBjXJeumjLXMS3DkaMvdFLADVRiTJLnvnV88GK4KxcppEH7-oWuXCelD6Vxz0BBf5a7EAS6lC3EkWOY0CI8TfqlVIVEAIuAvDLTTjmp1eG__7wji009z087Z4jcPvGb1AE45adcrXuO-Uk1ActfJmMJ7yqU0ebVXkY2wb2TmANoxjSsQJ3dTfyC-SLuW0u-1cKliWMUaCYX0GsoLwqZ_BVO8zoxDaSuyloWdXEMEgrgg9X0mWKoP_aydDT-Xpjb-Ggx6dQmyqo8XmAAOJFsvRjsdZWgjaUIG5D9Bd-YYi1-falBcc7Wl9RSXrvqAaWy4YUTLSHMp_HWdr9MwsRd58l2bB1vJCuQ&cid=CAASJORootCEyeQAp3B2hKPnhaBLfddFrZYsFTo_VXWcWPPUHpbM9w&rfl=1%2Chttps%253A%252F%252Fchtyvo.org.ua%252F%240
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d2dcb1b49f59a9c114198970bdf30a4b17fd4208175b4f851c83c36e437b7ade
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:36 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36671
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E75D 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CaEm5-fv-tXHm4uAzqRv2XOkPxAi1Yl70YDVNWnPAvDxWU9su-PIUD70rDq4i833aO9S4bqpNsdVirHN9-rFKfOIS0FXtTXMaCNSFJh0Aqw9lgJVk
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:36 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220718/r20110914/client/ Frame E75D 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220718/r20110914/client/window_focus_fy2021.js
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1954
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 03 Aug 2022 03:26:02 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220718/r20110914/client/ Frame E75D 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220718/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e352bd3598be515c20c398e90549e3f966fbce570d88adea32a7f43de7b08f83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:22:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2150
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7322
x-xss-protection
0
server
cafe
etag
17958847364917198933
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 03 Aug 2022 03:22:46 GMT
l
www.google.com/ads/measurement/ Frame E75D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQLSBlL8ZxmEH-H32IYtR85l-TWLMby4X3MFtzvPk9PwD7aydag5iOirgKCLjYzj-rpFl1iEdYEeaIbYv75jTy2qML-CA
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E75D 		137 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0de50a799ee39bde80bfb0943ba85616975f5c71e0e746b49c27c5b0d1731ef6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43203
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1658144321100200"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 20 Jul 2022 03:58:36 GMT
Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js
pagead2.googlesyndication.com/bg/ Frame 9608 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 17 Jul 2022 03:20:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
261472
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13868
x-xss-protection
0
last-modified
Thu, 07 Jul 2022 14:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 17 Jul 2023 03:20:44 GMT
rum
dsum-sec.casalemedia.com/ Frame 01DD
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0boA_pM76n_MndPvQnnhs&google_cver=1
43 B
910 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0boA_pM76n_MndPvQnnhs&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBDJv5SCAhjG7djOATAB&v=APEucNXR1JuaGRbjRLkym76BfLBDRONA83inlD6Rt5jgwfoEG0iiXtcG9GU-336yvDo-XsAxE6Urxl2E2J-6dwwDBNkxClmmrTko9jHTKKi0up5fFVhH_WzJabOhzTp1iYJweWsOLTOfI2Off14mT7XLqWq6aD0N7lc526z8uQ4VL9gGKzadge5lm4fXK_JStAYLaM2F-p8B5J_WDEiC8opqo5XGwn3J_g
Protocol
H3
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray
72d8c7883b1376d1-LHR
pragma
no-cache
date
Wed, 20 Jul 2022 03:58:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pj6R4gWKKIqPhz1hqJw8fJzjhjQPaMiLzoL6Be3t%2FoNRxxCnDO2T%2FLOLhIAcRcurC8k5ff4cCLabdmvKtgOjSPUC%2FOqO7oAXkUjaCGG3rpfq8BgBs6Gl0hFj%2B24NPyRKQ5WnfexE6X9Qaw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:36 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0boA_pM76n_MndPvQnnhs&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 01DD
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Ytd9bGN1VISn2LGE22zqGAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0boA_pM76n_MndPvQnnhs&google_cver=1
43 B
908 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0boA_pM76n_MndPvQnnhs&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBDJv5SCAhjG7djOATAB&v=APEucNXR1JuaGRbjRLkym76BfLBDRONA83inlD6Rt5jgwfoEG0iiXtcG9GU-336yvDo-XsAxE6Urxl2E2J-6dwwDBNkxClmmrTko9jHTKKi0up5fFVhH_WzJabOhzTp1iYJweWsOLTOfI2Off14mT7XLqWq6aD0N7lc526z8uQ4VL9gGKzadge5lm4fXK_JStAYLaM2F-p8B5J_WDEiC8opqo5XGwn3J_g
Protocol
H3
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray
72d8c7893bf576d1-LHR
pragma
no-cache
date
Wed, 20 Jul 2022 03:58:37 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YgPdslJF422GUdmCam0v5yzEfctiX6wPHF2kLBXUqWQUUuku1YCBGPMBqVdGknSErVNnkEUmwzPnmb5rK7SSswObxGEe1aHCWbhAVjqqxibqo1%2F%2Fc9CcUE2UmrKPVd5QI%2B2IX5ZLoPz92w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:36 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0boA_pM76n_MndPvQnnhs&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 01DD
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESENFu1YKKFR1_OJ0Tkpvewpc&google_cver=1
43 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESENFu1YKKFR1_OJ0Tkpvewpc&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBDJv5SCAhjG7djOATAB&v=APEucNXR1JuaGRbjRLkym76BfLBDRONA83inlD6Rt5jgwfoEG0iiXtcG9GU-336yvDo-XsAxE6Urxl2E2J-6dwwDBNkxClmmrTko9jHTKKi0up5fFVhH_WzJabOhzTp1iYJweWsOLTOfI2Off14mT7XLqWq6aD0N7lc526z8uQ4VL9gGKzadge5lm4fXK_JStAYLaM2F-p8B5J_WDEiC8opqo5XGwn3J_g
Protocol
HTTP/1.1
Server
185.89.210.101 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Jul 2022 03:58:36 GMT
X-Proxy-Origin
82.199.130.39; 82.199.130.39; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
683e2a53-e4d3-4688-aff0-a433e875255f
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:36 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESENFu1YKKFR1_OJ0Tkpvewpc&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 01DD
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE3ODk4MDU5NzY2MTc5MTEwNQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE3ODk4MDU5NzY2MTc5MTEwNQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBDJv5SCAhjG7djOATAB&v=APEucNXR1JuaGRbjRLkym76BfLBDRONA83inlD6Rt5jgwfoEG0iiXtcG9GU-336yvDo-XsAxE6Urxl2E2J-6dwwDBNkxClmmrTko9jHTKKi0up5fFVhH_WzJabOhzTp1iYJweWsOLTOfI2Off14mT7XLqWq6aD0N7lc526z8uQ4VL9gGKzadge5lm4fXK_JStAYLaM2F-p8B5J_WDEiC8opqo5XGwn3J_g
Protocol
H3
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:36 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 20 Jul 2022 03:58:36 GMT
X-Proxy-Origin
82.199.130.39; 82.199.130.39; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
65a6e04c-92d2-4544-87ac-c778561c85b9
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE3ODk4MDU5NzY2MTc5MTEwNQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame A23E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220718&jk=3192664274956571&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
skeleton.js
fw.adsafeprotected.com/rjss/st/1084840/64294887/ Frame E75D 		46 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/st/1084840/64294887/skeleton.js?ias_dspID=3&ias_campId=1008207074&ias_pubId=pub-5512390705137507&ias_chanId=1&ias_placementId=17666503408&bidurl=https://chtyvo.org.ua/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0g7BQfVKh1MFfcywsSEnZ_q
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.82.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-82-33.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4eb4b93aa3e0def68cab28dfe4568e65844e8a84959eb9092f661550c34e6b7f

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:36 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
express_html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame E75D 		106 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
Origin
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 19 Jul 2022 08:39:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
69538
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37872
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 20 Jul 2022 08:39:38 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220718/r20110914/elements/html/ Frame E75D 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220718/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CYr51dy54l_u0aM7LKU7EM6RpWVxJjVpUhtnrXI0sMKcD_wfI3S-Dm4j3fH9fBQJXPQ736g8pJdGmykmcSjnQquYH9A-kO72oEzRQDGpR9lbZ9OneTTEjg1cEsiL9wml7e97a_Hl68eQFXorNsVPRO7MpPtw&dbm_d=AKAmf-DDCcwbeN9E0Q0L4g64l0mEZPEWIZurKdA3UebAqvQmyz9thh62ThL-UWJ7gELLLRvupQ3tNu2ZjulavgyFbS_ce9aYxVWgNJNdExVIDkx51n59qB3AR4h6QEYf_gnfexOgrebO5wiIrIoNQttET0cOse3FTL79o0QqnDHP7R6w1OTx0ooa1jHqOwR3gMCWpVQVeu-VnJlums9qPISjONpYgskPVNXCe3hHgm1fJf4IjmrKSHPtH7hc3UjIyMT6WLqIuHecatHCzPCmJqiHCF-O1tumuHB-cMiAx70ik5FKMsai68TEUj9LJ7g2WGlbaxgmV3DPo4j9CUuQ7Jy2s53PYka6r_A9-s6ip71j6WCOS9wVJaucsNc1jCEd0zUa8kFT8lybfItPa0e-TbwLgHLM4xarcEjkuzw0a0ec97lMDAUoTVUmkJOo2mOOp_Lzze_yfZx0Nfh5NYNc6WcBUHlkDJvy_Nnxn9Kw-ZYG-ad-_3b7sq6W5EovQMn8DHgJfvWxEE2WEX5N20LyLRNBabYDFFuyycqBbn5537MqEeK8DUnH6l7bjM00hLD4zLrmuqtQ_iLlz-dK8mVaezfUEwY7Uow0ImYxmYHYT61PotcuZ6SFc4D5nSLE2oXS7A-iYLgHVDVjSlO4i_jIw5jgkPAQ5zB82Yvr2y9oVnwB3xXd33KxvZVack6rMeSJP7ky7YYZwS87WbjigHBqiKLMBTZmY1-fv66nX6G_Sh45C0P61lDDiin8-77Rc-yPHjCdNt94FeN0tuPH5lLKmiu5tZJ07_Zm547w0lSU4hosUl00nLuJyc9Vc6MPI0BWrQ3e4uv4bDka6NS2_gIgLKrgCBL1bN4DHjkNBNDKz80Al5kg9haZD1U3U_tVC5uVtdPgF3NQszJ1o7iBM9CBbiG1d_TA_UE2kE-dNZnBfCPAmXtDU2jTKJOtBXycXsggEVPf3CCaStIEfG-B2sbfrCTVPyug7_AlCC4A_VH5n5WhYmPu30ufBSvcpM8JZcxYFlCt6Il-NZ8j7VbscnmGr5gZp-3JCdjdol2OIgM34sVpsQ-6O4_0b9rnxLos-at8MmOstywaDoypbeZmxFH-xbpP92GXSah-nkjEpGKZIiYVSFln2UiMJf8e4iIE6E0kaAyu-U6QehyvThOOJgW7Ob3ZEChdfh4NZ51ar2elRZo2as3CLZJZDkEqu_kwC9xTZHcSsShVqoL50v_HTsNZVUYwfyv6s73x5Wjg8LyorU_sRU5BpVoZZ6hY4mYVKd7_kuQ0vvT-ei-PHVF5WJK_91-JyjB5Nt_UmD79RSoXUTb3nwdLhex4Em0QeTCWGMlYzhX6L1zFYm9fE9O2L3JlDeJZ6jzbTjOLvedMHIMBMRn0yKPGQXRKhSs-J9aXtrfUfzZPOi4XIPa4haiLZvufHCNhJBVZT2kUyXXqfMpRKu6dGnarUHZm8YNlFYLlKnfT9f489yQuSgpnB4nOHoehk97VEktzW84KGEcj6vYzVSqas6FkYZTWiydK-nakpEOzTn1qKBL3BAWCcD0SuTLwd2Mz-TbJaN45D59VghRBSVpUyYdJ3gE_b5Es4UfQ2tXt4tGGhRYsRzJTEaC051j2kO2RRigbA9DNPoHoAhbdcA7lQcYW6CKNheBsHcR1rWIMSC8tAZmnBMDBjqSKuSTIDIrKtiKFLc_y_ml8uwZUCJEIQEV-rOxUCNlrmc0RJ4By3sP5UuOpYBgjjmEZ0xVe0mdpQB8_7kVg_EA1Ypsdb02PrNRMQhY--8C4aBUokDnFT7lCe8Z9kShcsdgkVSJnxQokZv74JXTDvdkn6QZPfXAN8AKJpHJx_Zc3QMHeGQoHrqJ1TmtG17xJSj8U5alkEYHU1Eog1dVgggSVD5eZxVb61jm5P2Pz2ugpf89d_j9hA-wVO2ojUxCUxLiUdhPcqLMRli1X3_g46gK5dpB8UD2el1hAjR9sALBgHDrYwJnC_uM4em9uN3Gksrc-siNGIEPbFDqQtMxHtR5JhIQGBMWHwbJQwf93vg4l1Sk2L9HdvjZQzxJ5yZdhtzJLEU_ikKIi1Pfq2dXkXfUbW1FIW9mHVRgr-IEQA9Q9Bl3K9CKNQde5GCu9Uha_z6O-QYy2vDVCXqug14Gb7Z6eVEdjtxxf-DtRmdPnhIXK5QIyh2brRV4gMjVnlR2FH2Zqa5w0ex8UUl6LJEHhPOMzyzwfafeGfoJxUhdpuGcqIdygR54Z3LeMklKMH3AiYcWD3sH_2j6B-UKuce-zz7zjVq5Hx3wFNh-cnHQA9Xv3nvwqCDqFOU9O9eoR_c8HR0JowMTT264dtgW1Bype13HldjKU-iQIcTsPaoIJaGvTrIHxn_IVvfhNH_OoyWjiShVLGkRlffK93fwMf4l47kfbeazfDqKemITGAEZRCWHUxFmXamcbbkPm7px-ifN_xuKs0Z0pqhEjNAFTt9REbxFSl68NgW5wqdSFZhEvuMTFmD_OQWCxRtxPIB1tb6ClLiy7fymOlKVOu0RH9V3w4FtnwwKtk-eoCL6pGfhkSHqEs1Pv2h6fYr8isy7W4viydLDacX25SkfwL4TCmZpg7EZxi4yWpVYCFImjjXAXt_j3fQyz0B2IAaI3QnzQP8jcr8_MAJU_7LIuK3BuBODnCkW4FHtS5ihQkmdP5yd_nAs_0oaNSZd05lQqa7Yg3EtgCiCvvVk3dL9YnsQ0wEyp6jc-oqeqWrpHR5FEUWLIxvH7fjj6V-rDBzNhMrVhrn2VnysgkF9Ms2KN8mgkkRnbPX7MW1E_1EPrGjPrr9yxooZJjm-Pz9bX7NP3rIjrLC32NNN3zGQ7JcZ96KZPvqYVEGLGzz9L_EWHfPQu0iluiuH_zl8rg34xY0IGzTXFh8qo9M3W-mC-A269sPK6hP3eXkd9_taCc2s_lzMFBk7ydiU3JBFVu9hk5xqbBjXJeumjLXMS3DkaMvdFLADVRiTJLnvnV88GK4KxcppEH7-oWuXCelD6Vxz0BBf5a7EAS6lC3EkWOY0CI8TfqlVIVEAIuAvDLTTjmp1eG__7wji009z087Z4jcPvGb1AE45adcrXuO-Uk1ActfJmMJ7yqU0ebVXkY2wb2TmANoxjSsQJ3dTfyC-SLuW0u-1cKliWMUaCYX0GsoLwqZ_BVO8zoxDaSuyloWdXEMEgrgg9X0mWKoP_aydDT-Xpjb-Ggx6dQmyqo8XmAAOJFsvRjsdZWgjaUIG5D9Bd-YYi1-falBcc7Wl9RSXrvqAaWy4YUTLSHMp_HWdr9MwsRd58l2bB1vJCuQ&cid=CAASJORootCEyeQAp3B2hKPnhaBLfddFrZYsFTo_VXWcWPPUHpbM9w&rfl=1%2Chttps%253A%252F%252Fchtyvo.org.ua%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:43:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
887
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 03 Aug 2022 03:43:49 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220718/r20110914/ Frame E75D 		27 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220718/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CYr51dy54l_u0aM7LKU7EM6RpWVxJjVpUhtnrXI0sMKcD_wfI3S-Dm4j3fH9fBQJXPQ736g8pJdGmykmcSjnQquYH9A-kO72oEzRQDGpR9lbZ9OneTTEjg1cEsiL9wml7e97a_Hl68eQFXorNsVPRO7MpPtw&dbm_d=AKAmf-DDCcwbeN9E0Q0L4g64l0mEZPEWIZurKdA3UebAqvQmyz9thh62ThL-UWJ7gELLLRvupQ3tNu2ZjulavgyFbS_ce9aYxVWgNJNdExVIDkx51n59qB3AR4h6QEYf_gnfexOgrebO5wiIrIoNQttET0cOse3FTL79o0QqnDHP7R6w1OTx0ooa1jHqOwR3gMCWpVQVeu-VnJlums9qPISjONpYgskPVNXCe3hHgm1fJf4IjmrKSHPtH7hc3UjIyMT6WLqIuHecatHCzPCmJqiHCF-O1tumuHB-cMiAx70ik5FKMsai68TEUj9LJ7g2WGlbaxgmV3DPo4j9CUuQ7Jy2s53PYka6r_A9-s6ip71j6WCOS9wVJaucsNc1jCEd0zUa8kFT8lybfItPa0e-TbwLgHLM4xarcEjkuzw0a0ec97lMDAUoTVUmkJOo2mOOp_Lzze_yfZx0Nfh5NYNc6WcBUHlkDJvy_Nnxn9Kw-ZYG-ad-_3b7sq6W5EovQMn8DHgJfvWxEE2WEX5N20LyLRNBabYDFFuyycqBbn5537MqEeK8DUnH6l7bjM00hLD4zLrmuqtQ_iLlz-dK8mVaezfUEwY7Uow0ImYxmYHYT61PotcuZ6SFc4D5nSLE2oXS7A-iYLgHVDVjSlO4i_jIw5jgkPAQ5zB82Yvr2y9oVnwB3xXd33KxvZVack6rMeSJP7ky7YYZwS87WbjigHBqiKLMBTZmY1-fv66nX6G_Sh45C0P61lDDiin8-77Rc-yPHjCdNt94FeN0tuPH5lLKmiu5tZJ07_Zm547w0lSU4hosUl00nLuJyc9Vc6MPI0BWrQ3e4uv4bDka6NS2_gIgLKrgCBL1bN4DHjkNBNDKz80Al5kg9haZD1U3U_tVC5uVtdPgF3NQszJ1o7iBM9CBbiG1d_TA_UE2kE-dNZnBfCPAmXtDU2jTKJOtBXycXsggEVPf3CCaStIEfG-B2sbfrCTVPyug7_AlCC4A_VH5n5WhYmPu30ufBSvcpM8JZcxYFlCt6Il-NZ8j7VbscnmGr5gZp-3JCdjdol2OIgM34sVpsQ-6O4_0b9rnxLos-at8MmOstywaDoypbeZmxFH-xbpP92GXSah-nkjEpGKZIiYVSFln2UiMJf8e4iIE6E0kaAyu-U6QehyvThOOJgW7Ob3ZEChdfh4NZ51ar2elRZo2as3CLZJZDkEqu_kwC9xTZHcSsShVqoL50v_HTsNZVUYwfyv6s73x5Wjg8LyorU_sRU5BpVoZZ6hY4mYVKd7_kuQ0vvT-ei-PHVF5WJK_91-JyjB5Nt_UmD79RSoXUTb3nwdLhex4Em0QeTCWGMlYzhX6L1zFYm9fE9O2L3JlDeJZ6jzbTjOLvedMHIMBMRn0yKPGQXRKhSs-J9aXtrfUfzZPOi4XIPa4haiLZvufHCNhJBVZT2kUyXXqfMpRKu6dGnarUHZm8YNlFYLlKnfT9f489yQuSgpnB4nOHoehk97VEktzW84KGEcj6vYzVSqas6FkYZTWiydK-nakpEOzTn1qKBL3BAWCcD0SuTLwd2Mz-TbJaN45D59VghRBSVpUyYdJ3gE_b5Es4UfQ2tXt4tGGhRYsRzJTEaC051j2kO2RRigbA9DNPoHoAhbdcA7lQcYW6CKNheBsHcR1rWIMSC8tAZmnBMDBjqSKuSTIDIrKtiKFLc_y_ml8uwZUCJEIQEV-rOxUCNlrmc0RJ4By3sP5UuOpYBgjjmEZ0xVe0mdpQB8_7kVg_EA1Ypsdb02PrNRMQhY--8C4aBUokDnFT7lCe8Z9kShcsdgkVSJnxQokZv74JXTDvdkn6QZPfXAN8AKJpHJx_Zc3QMHeGQoHrqJ1TmtG17xJSj8U5alkEYHU1Eog1dVgggSVD5eZxVb61jm5P2Pz2ugpf89d_j9hA-wVO2ojUxCUxLiUdhPcqLMRli1X3_g46gK5dpB8UD2el1hAjR9sALBgHDrYwJnC_uM4em9uN3Gksrc-siNGIEPbFDqQtMxHtR5JhIQGBMWHwbJQwf93vg4l1Sk2L9HdvjZQzxJ5yZdhtzJLEU_ikKIi1Pfq2dXkXfUbW1FIW9mHVRgr-IEQA9Q9Bl3K9CKNQde5GCu9Uha_z6O-QYy2vDVCXqug14Gb7Z6eVEdjtxxf-DtRmdPnhIXK5QIyh2brRV4gMjVnlR2FH2Zqa5w0ex8UUl6LJEHhPOMzyzwfafeGfoJxUhdpuGcqIdygR54Z3LeMklKMH3AiYcWD3sH_2j6B-UKuce-zz7zjVq5Hx3wFNh-cnHQA9Xv3nvwqCDqFOU9O9eoR_c8HR0JowMTT264dtgW1Bype13HldjKU-iQIcTsPaoIJaGvTrIHxn_IVvfhNH_OoyWjiShVLGkRlffK93fwMf4l47kfbeazfDqKemITGAEZRCWHUxFmXamcbbkPm7px-ifN_xuKs0Z0pqhEjNAFTt9REbxFSl68NgW5wqdSFZhEvuMTFmD_OQWCxRtxPIB1tb6ClLiy7fymOlKVOu0RH9V3w4FtnwwKtk-eoCL6pGfhkSHqEs1Pv2h6fYr8isy7W4viydLDacX25SkfwL4TCmZpg7EZxi4yWpVYCFImjjXAXt_j3fQyz0B2IAaI3QnzQP8jcr8_MAJU_7LIuK3BuBODnCkW4FHtS5ihQkmdP5yd_nAs_0oaNSZd05lQqa7Yg3EtgCiCvvVk3dL9YnsQ0wEyp6jc-oqeqWrpHR5FEUWLIxvH7fjj6V-rDBzNhMrVhrn2VnysgkF9Ms2KN8mgkkRnbPX7MW1E_1EPrGjPrr9yxooZJjm-Pz9bX7NP3rIjrLC32NNN3zGQ7JcZ96KZPvqYVEGLGzz9L_EWHfPQu0iluiuH_zl8rg34xY0IGzTXFh8qo9M3W-mC-A269sPK6hP3eXkd9_taCc2s_lzMFBk7ydiU3JBFVu9hk5xqbBjXJeumjLXMS3DkaMvdFLADVRiTJLnvnV88GK4KxcppEH7-oWuXCelD6Vxz0BBf5a7EAS6lC3EkWOY0CI8TfqlVIVEAIuAvDLTTjmp1eG__7wji009z087Z4jcPvGb1AE45adcrXuO-Uk1ActfJmMJ7yqU0ebVXkY2wb2TmANoxjSsQJ3dTfyC-SLuW0u-1cKliWMUaCYX0GsoLwqZ_BVO8zoxDaSuyloWdXEMEgrgg9X0mWKoP_aydDT-Xpjb-Ggx6dQmyqo8XmAAOJFsvRjsdZWgjaUIG5D9Bd-YYi1-falBcc7Wl9RSXrvqAaWy4YUTLSHMp_HWdr9MwsRd58l2bB1vJCuQ&cid=CAASJORootCEyeQAp3B2hKPnhaBLfddFrZYsFTo_VXWcWPPUHpbM9w&rfl=1%2Chttps%253A%252F%252Fchtyvo.org.ua%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18091a39db3bc6d68a187de5d46d8f28e49beb8d9431e9c8e5e9db7cb071dc65
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:40:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1095
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10561
x-xss-protection
0
server
cafe
etag
14610481443806215460
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 03 Aug 2022 03:40:21 GMT
generate_204
tpc.googlesyndication.com/ Frame 9608 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?kCQ_ng
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame E75D 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 19 Jul 2022 10:19:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
63544
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 19 Jul 2023 10:19:32 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 4771 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
51845
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 19 Jul 2022 13:34:31 GMT
etag
48472445140208031
expires
Wed, 20 Jul 2022 13:34:31 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame E75D 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
077a409af3a9a930ecc34d0bba27ee0a5b266acd1fa851148e84d02e3c3619f8

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 5236 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
age
63543
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 19 Jul 2022 10:19:33 GMT
expires
Wed, 19 Jul 2023 10:19:33 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
/
google2waycm.netmng.com/cm/ Frame 4771 		0
0
pixel
cm.g.doubleclick.net/ Frame 4771
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEP9fMd9VW-Of5KAZMqtCDSc&google_push=AehlK4Dy0s3H3bHTeh5UdZiV4IlUjmJ3zO1RNXVA0FJk4GmQh6za-MfWuX...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEP9fMd9VW-Of5KAZMqtCDSc&google_push=AehlK4Dy0s3H3bHTeh5UdZiV4IlUjmJ3zO1RNXVA0FJk4GmQh6za-MfWuXVVqDv3Q0mp2rvvGgI93rBhbaHEaffQMwjRYnlYIhHm_g
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:37 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:36 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1658289517.920973,VS0,VE77
x-served-by
cache-lcy19240-LCY
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEP9fMd9VW-Of5KAZMqtCDSc&google_push=AehlK4Dy0s3H3bHTeh5UdZiV4IlUjmJ3zO1RNXVA0FJk4GmQh6za-MfWuXVVqDv3Q0mp2rvvGgI93rBhbaHEaffQMwjRYnlYIhHm_g
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-cache-hits
0
pixel
cm.g.doubleclick.net/ Frame 4771
Redirect Chain
  • https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEJlTJndfBdlQsUMMYRLEQcE&google_cver=1&google_push=AehlK4A672g2oQXMCRL8fXygVk2D5zdJ2UCVMGjFYW6fNwgAOqukvwkx23TNYIKPFj_bmlUIciV1dmdcwLs...
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AehlK4A672g2oQXMCRL8fXygVk2D5zdJ2UCVMGjFYW6fNwgAOqukvwkx23TNYIKPFj_bmlUIciV1dmdcwLsX4TPgkqzldWYW1lhDEA&google_hm=l749caZ6Ra-wJG132O...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AehlK4A672g2oQXMCRL8fXygVk2D5zdJ2UCVMGjFYW6fNwgAOqukvwkx23TNYIKPFj_bmlUIciV1dmdcwLsX4TPgkqzldWYW1lhDEA&google_hm=l749caZ6Ra-wJG132O1rYCc
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:37 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:35 GMT
via
1.1 google
server
Apache-Coyote/1.1
status
302
p3p
CP="NOI DSP COR NID CUR OUR NOR"
location
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AehlK4A672g2oQXMCRL8fXygVk2D5zdJ2UCVMGjFYW6fNwgAOqukvwkx23TNYIKPFj_bmlUIciV1dmdcwLsX4TPgkqzldWYW1lhDEA&google_hm=l749caZ6Ra-wJG132O1rYCc
cache-control
no-cache, must-revalidate
content-type
text/html;charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 4771
Redirect Chain
  • https://ads.travelaudience.com/google_pixel?google_gid=CAESEDUhZxrS0YqhbWvDKUCRayA&google_cver=1&google_push=AehlK4DFrVqZOmIh1Fja4nwB1CPaL5l0YniyWsXdNGNyQsXlaCDD2Hn4Arv6WQHiuPGYTf1J3d3lJ96r3PEDyarZ...
  • https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=M6A734_7SJ6f4CB5EWWtqg2&google_push=AehlK4DFrVqZOmIh1Fja4nwB1CPaL5l0YniyWsXdNGNyQsXlaCDD2Hn4Arv6WQHiuPGYTf1J3d3lJ96r3PEDyarZc9PlBq04pLEVoA
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=M6A734_7SJ6f4CB5EWWtqg2&google_push=AehlK4DFrVqZOmIh1Fja4nwB1CPaL5l0YniyWsXdNGNyQsXlaCDD2Hn4Arv6WQHiuPGYTf1J3d3lJ96r3PEDyarZc9PlBq04pLEVoA
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:37 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Wed, 20 Jul 2022 03:58:36 GMT
via
1.1 google
x-engine-version
0.0.0
server
nginx/1.21.6
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=M6A734_7SJ6f4CB5EWWtqg2&google_push=AehlK4DFrVqZOmIh1Fja4nwB1CPaL5l0YniyWsXdNGNyQsXlaCDD2Hn4Arv6WQHiuPGYTf1J3d3lJ96r3PEDyarZc9PlBq04pLEVoA
x-host
tde-deliveryengine-production-78dd496b74-ddstv
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
dot.gif
s0.2mdn.net/ Frame 4771 		43 B
577 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dot.gif?google_gid=CAESEF70PVnGHuiH_AiTSVWjQ9o&google_cver=1&google_push=AehlK4DlONIEXArN2qY35aXFMdeoNNFRRE8fxYqelQJNX5EfLSdyjwadY1FmqbYAhQh4QKUmbS5Uioz8EDVcroizlDEDdxHXKsFV4A
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 01 Feb 2009 08:00:00 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 21 Jul 2022 03:58:36 GMT
pixel
cm.g.doubleclick.net/ Frame 4771
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHcjD5PEHlcWVtq7aD3FYoQ&google_cver=1&google_push=AehlK4C2mG583cF_omXW6GK9axufyHlvQPC_MdNyiLQu0DwGLNLJ2TuMXkyhExMgIzOCNYtXjzY...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDVUMlJHRUItRy02WjdY&google_push=AehlK4C2mG583cF_omXW6GK9axufyHlvQPC_MdNyiLQu0DwGLNLJ2TuMXkyhExMgIzOCNYtXjzYnw0NuZILR-wFXQVSjWsV-6i7MSA
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDVUMlJHRUItRy02WjdY&google_push=AehlK4C2mG583cF_omXW6GK9axufyHlvQPC_MdNyiLQu0DwGLNLJ2TuMXkyhExMgIzOCNYtXjzYnw0NuZILR-wFXQVSjWsV-6i7MSA
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:37 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDVUMlJHRUItRy02WjdY&google_push=AehlK4C2mG583cF_omXW6GK9axufyHlvQPC_MdNyiLQu0DwGLNLJ2TuMXkyhExMgIzOCNYtXjzYnw0NuZILR-wFXQVSjWsV-6i7MSA
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Expires
0
dot.gif
s0.2mdn.net/ Frame 4771 		43 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dot.gif?google_gid=CAESEMtAlCikUVxhoJXUNh6bNFE&google_cver=1&google_push=AehlK4BlFBNlySl_wgTnYZbfayDKjavgpIq3sxbqON8zTy-8dzMAmfvCHh7M2QAf0eOLIzn8BQi9NDoAS-uaTBn6kAjW2H30eQeWY2Y
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 01 Feb 2009 08:00:00 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 21 Jul 2022 03:58:36 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 4771 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J0MkkgPsJr7qsZQDxtYtN6shiTR66U2RuyYJ1xrCRjN13ZfaRQ0u8tm13U-XVl2OrEzkFCBw
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:36 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js
pagead2.googlesyndication.com/bg/ Frame 5236 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 17 Jul 2022 03:20:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
261472
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13868
x-xss-protection
0
last-modified
Thu, 07 Jul 2022 14:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 17 Jul 2023 03:20:44 GMT
main.gr.19.8.327.js
static.adsafeprotected.com/ Frame E75D 		186 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/main.gr.19.8.327.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1084840/64294887/skeleton.js?ias_dspID=3&ias_campId=1008207074&ias_pubId=pub-5512390705137507&ias_chanId=1&ias_placementId=17666503408&bidurl=https://chtyvo.org.ua/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0g7BQfVKh1MFfcywsSEnZ_q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:f400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fa9efa00a715700d9dd94213288ca6924c7057dd521206c6d88b314bf096d788

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 19 Jul 2022 18:19:16 GMT
content-encoding
gzip
age
34762
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Tue, 19 Jul 2022 18:19:05 GMT
server
AmazonS3
etag
W/"29895ca47eaa0e27860bfbc1ef717cee"
vary
Accept-Encoding
x-amz-version-id
NHzcLihB4moHfQbnMqJAhSXgaIBWnCEe
via
1.1 0c39e892d8c809025c8f47425847f680.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
FRA56-P5
content-type
application/javascript
x-amz-cf-id
UFk1GJ32no7HPsO1_n2guadgrJh9Wjap7ATBULkVqSTHxyJdKcc7ew==
index.html
s0.2mdn.net/sadbundle/14416565629012286365/ Frame 8D90 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
acb8bd2ce323e855b7156f77afc11627c90b621de77971867949007a74414dc4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
170751
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
2130
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 18 Jul 2022 04:32:46 GMT
expires
Tue, 18 Jul 2023 04:32:46 GMT
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame E75D 		0
622 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsunTn0OfjeFmKhKLhbodd4woNhRYsbBmiUOLmehmOOdtwmDODuFniREQPjJtmgurdylNTs9SWmKd9n-ksuXcnivPxN5qepkeWQOLk8Q9BuBM7gKComePZPKEQOj7rKS07GtF0jmfO6Q_BQqEiwxtSK3z9Qd3bzIuqdtOMfx6NEoVv7LwA-ymBynPEksjQWy8U4wxrjce6INitSLQekCNCxWZMV_0jxvJ_oOl9oiyh7SmvQTMT_33OvOz69yQtXwuT0ISqvaX-B0LOQFR33tnwwopUH2XQjoLHmClt-LTjgNzI-7vDdudsOTqhrq3BDlMSbCCnmuyoeoUr07CBoGCxZrQYbDcOoB9Ewyt0p5ufsA-5wKSQXWLrwnL6d9SPsApTKjitZCjhxGmqIwNoqw11bPIuV5IXXlOZ6rsU0xrFStSqe4SQDW5j8jzhqyTmET0NmH8dBL4Z_HNRXLRIILEiqzpwNtX46ZEIt1_qO3HutebuztD3-OSjbgrUkyS8oJ_DBy_KJQP15_NHkxkOQ8w6zDraBwwKkowRxu7Ps_r7uxzDg23AiSuWIAAYB7BV-T28p131kfUF9z49Xb-GhLQ-f7kq4RSVHGivd_DPYa-p6VdGu1GIaxVTOwbc4bRwTbGFqfQ49zBycfhdWesE5sI7AQCp6ud5BlcdWOZtYYupEB3xpO5zj9c_aCLu4nB_9IqdT9MEanPV85_JvW5voi_nl-v2mgFC1FnQH4_8CQaE0GgE43351s5T21DZK0Ov4_8OS4lJM42E0rlAKcdqTvTl12MWoTRSxYJ3aF8LRdUOXwOprDC5bBJ6A8vPt1FltMYZOfYR8KZdLyYiYQ6q2RkJhvyz_TR3tJvaGO974xZmzSOQqz2ljV1sJ41DhGVjJOoReb5OPtej1IO43jrApAv5xkn1L5HFr0NzmMDToxU70kc3mqU3xPQSgZ1AYQJRn8dPrucjybyiZUxYO-GSvWSAq2I3Rfz9SYira-M0DY8u3XpbFFPwcjY4nDMpNSIFnGYxGahKitCfTq8CgFDqY45YSaDDuXGpzq6NRazTur_X4JuF5Jgt43VfWLnR9pQhOFoLMJ406o7rsq41vPIcWL1curpbuj4zQ7NRcqS6gVR-Ri2xqG67_h3JGTCwzq94XDZZEpcQjJKUZlf8uX3KQLG0rcP1W7_yeyW9qV0KfzwBySCRYtsNn4wlP1R7RVCAn6vD1a87C9XjH9bdCqH6GK4V5kAVs29WiT7_1F34ozRytsIcgDGHvmvNIkzOw&sai=AMfl-YRvjN3mNP_W0eRIqtyQFJK_VkJ-VM-Cwi2WdhSYoJFMkFFvFuFmv6RsWoaU5SXTXwSSQjWMIwpD1bBdlxfMh7nRbW_oA6f9a7Bs22WIht5EC5EewpJXFSBpw2eN1HRNvhIadKC3gHQ0fxJ72KcfGewIe_lmJyH3AXoX_5rv4O5QNi2pl-ylJI03dAd4d6sAGA_-_5YpeYnFIyaTq8zDGQ&sig=Cg0ArKJSzK2nFCJUUaSJEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=247&cbvp=1&cstd=244&cisv=r20220718.54919&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Wed, 20 Jul 2022 03:58:37 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5236 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B8g12bH3XYtf7H-ut9u8P0YCWmAoAAAAAOAHgBAI&bg=!i4iliMzNAAZlvz3gRb87ACkAdvg8WviNiyFOzyVhtqEV7O8RBs6VNzK3dCldFrTbLU-xOP8yWGkneQIAAABCUgAAAAFoAQeZAugVZ6O7VX1ugE7rel6ul1buNJnS8O5BT7R3VbpEGVlqAy1MI9cIT4XjOUnOmD4-brR7aFDLwtlru1vo1K6lp0Qh4ecdSRHKNMApycRChnx7jbbcuIFGEsumsu89u8dJqtCH1hDW5T6AIqceYeubYSs7W-vE0SL9sdYKVA64ko-tvP0kAu2pMf4VikIlR-Dq2ErzOWhQZG1MpSe5EMuyl_OTRxsMeq8XSsfahmQDoUw3vW3OJvgZ58GeSXKvtqhsejiFFX56uqfTRT3W0lIDpmhMEdyNul_VHX9AnLU27WNymXiPtRqIyWOs7oZZIeIQSW8nCvPzq2s-giK94RatmT9ng0x_VFnWdVuBjjNI1efTI1VB-hb9OKAfL89tKg_x8hopV0x51tlWCwUGQ6KQtsgktOFR0hpoZvI9EW6_BQ1SbFpzTS3vp9GI82NQ1BPE223Kj5Nej_X3ExMEbMgTClrt-er9H6HlJ6C2LBghrqm5S_fRuQTIhu2WgWkHCUsYowGA5PfxQje2xVFmMsABpaSsPe0y_X5XHpUu9OW68S4cQeH1DMDg_qzdH0uIB-0we4nY1XyrQFcnG5GxubL3LCXpbpf7_k8CWrlMwLVM0pInQOkcCyy7FNezXtUci8NEmRky9IcxbQggvidKX6Z2FxM3028d-ZKNdECNnlhF1f1mxVZ9rgfntuypDUEMKSASkVjEYBsrvW_v86mi4CU4TCpP7Pg01lF4xfBRFeasHtNR4iuVdCXo2fx2qr9MWrnsPrAzC49BouwhW9ehoPsiOU4xPNNDoxrg4y92vLvvS-487s9f-VJ-w1kCXoF7NVxy_SVt4PjEQNjMYPrZb4_ZRGBjY2Yyg56afWUbXx9Z2bAkWI9oVkN6YSVY30eS4JDfChCOxMsrgeFwlP1lIHOLLcaBLigRpnAdt8wgWHbJ8w-le2516JMXkAFu1HcBHXc1QZqz2dOtT9h5LzrOVQvCumjHGuX34cKYUyI
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:37 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
createjs_2019.11.15_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 8D90 		236 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
64275
x-xss-protection
0
last-modified
Fri, 15 Nov 2019 19:16:20 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 20 Jul 2022 03:58:37 GMT
index.js
s0.2mdn.net/sadbundle/14416565629012286365/ Frame 8D90 		165 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/index.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468412e0536f82c9e5c39e0ce2d6d26a80c19a28d00190927e4d8e2c04603806
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 17 Jul 2022 06:37:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
249684
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37103
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 17 Jul 2023 06:37:13 GMT
skeleton.js
static.adsafeprotected.com/ Frame E75D
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/1084840/64294887/skeleton.js?ias_dspID=3&ias_campId=1008207074&ias_pubId=pub-5512390705137507&ias_chanId=1&ias_placementId=17666503408&bidurl=https://chtyvo.or...
  • https://static.adsafeprotected.com/skeleton.js
17 B
465 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/skeleton.js
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Server
2600:9000:223f:f400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Feb 2022 13:58:04 GMT
via
1.1 0c39e892d8c809025c8f47425847f680.cloudfront.net (CloudFront)
age
13356034
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
17
last-modified
Mon, 17 Aug 2020 23:54:35 GMT
server
AmazonS3
etag
"53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id
nylqTweorRThFHMBJSrf_fHcWx3KVKN3
cache-control
max-age=315360000
x-amz-cf-pop
FRA56-P5
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
rx4xu6NhLuJUmURmM1JQhHQu3eNgo_BVrIW6qSEsy-ypAkUoh7HeUA==

Redirect headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:37 GMT
x-server-name
app09.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/skeleton.js
cache-control
no-cache
content-length
0
server
nginx
sca.17.5.12.js
static.adsafeprotected.com/ Frame 38BA 		80 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.5.12.js
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:f400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 16 May 2022 08:34:34 GMT
content-encoding
gzip
age
5599444
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 19 Aug 2021 16:31:24 GMT
server
AmazonS3
etag
W/"9304f57298c3834ff107ea7ccb547996"
vary
Accept-Encoding
x-amz-version-id
9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via
1.1 0c39e892d8c809025c8f47425847f680.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
FRA56-P5
content-type
application/javascript
x-amz-cf-id
_2PpWwX_zCbL8yjeTI8PUN6BFZnS7KmRCeOAq9dL-bHvfz7DL7DImA==
dt
dt.adsafeprotected.com/ Frame E75D 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1084840&asId=2345e11c-b464-9d00-c36b-eff9cf66425c&tv=%7Bc:iSpbVL,pingTime:-3,time:322,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:300%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:323,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:300,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B36~0%5D,as:%5B36~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tc61OCH+11%7C12%7C13%7C14%7C15%7C16%7C17*.1084840-64294887%7C171%7C172%7C173%7C174%7C18%7C19%7C1a%7C1b,idMap:17*,rmeas:1,rend:0,renddet:na%7D&br=c
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4281:4f5b:6550:560a:4298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:37 GMT
x-server-name
dt07.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame E75D 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1084840&asId=2345e11c-b464-9d00-c36b-eff9cf66425c&tv=%7Bc:iSpbVN,pingTime:-6,time:324,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:324,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:300,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B37~0%5D,as:%5B37~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tc61OCH+11%7C12%7C13%7C14%7C15%7C16%7C17*.1084840-64294887%7C171%7C172%7C173%7C174%7C18%7C19%7C1a%7C1b,idMap:17*,rmeas:1,rend:0,renddet:na%7D&tpiLookup=ao:chtyvo.org.ua*&br=c
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4281:4f5b:6550:560a:4298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:37 GMT
x-server-name
dt08.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220718&jk=3192664274956571&bg=!WlmlWR3NAAZlvz3gRb87ACkAdvg8WsolxevFhmeBj5c8qO00_52hx9Wf6lS6JKnSDOniZYgD6iTOGQIAAABcUgAAAAJoAQeZAo9YDspZezsvIJQjQEFmAssq-v5hn6M_PjJRbawA4AXoie9bvN_DLuHV9SsJUfpbfva5FsAygUjK0PqS7CYctSu2lEYH8ydhYgAxloqBb8oCKZ0EosXDzClzPAFpILaCeIKQ5jCXXvo1xliy1xI6IXelhoK6id_ggGt8w1svyZqur1LY1JHNmUoZ0kOj6PG2QfTX7Aui3eCC8kfhOXDAcq0-2Nx8xUoeitmrdCWP7LiEytUl7upvtu_ypWelbXqrDceLBSWWte762i7jrRcoabjXoEDlJPbkYQBmbGtNamkf7sDKbW2osp2UwcTsudTqO37wF6VPhPuznTW8YQcCpW3oNyFEoz2SGqYuHUi2ah3tHoUOrqCThiBwAFYCV1pwCUruAMTYi_S75tTWrGePwYkblbBkOPrCzzmoVqJdJ5F4MWy3D0i8pzz8xAl-83fZs8y7eOrrINnexwmmL6j1IUV7UYkdjK7-FhEFt0s127MVnmUZIveQwD2yoyq6_NLEmSV82yG2LJh3OTQaMqszE3d1pMGt59CH-dcA1XPGOuhvKB61GPfDtBaWRz8P5EuDzrSNZLB2YgU-veaC0fNflxaScTNhL6n3V20McJsBKu4fa-FcRsvSn3a_MIc7NTXg5REMyOwPIaEGt6tLZGTz1mvZhVBL0-_3aTjgD-JCke2M5nKo9M5GvTRTlU2YCmoV729ZV3jdFVFE1GOTokLNhOozSLEHr-a1qaiafAuz9ybJymvEFZjD2w2peAbwEFU0K3GDdj5Jd_2O8ySoPuOlBlWYkFuyMNExxsN-XSh7eSzfso1o2Cv9kumMV9VpS_3A9e3gNV8bhPAViZtpxXcg65qIir3V6ICLPqQvncXUr0Bw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://chtyvo.org.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
dt
dt.adsafeprotected.com/ Frame E75D 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1084840&asId=2345e11c-b464-9d00-c36b-eff9cf66425c&tv=%7Bc:iSpbVV,pingTime:-2,time:332,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:598,beZ:599,mfA:882,cmA:884,inA:884,inZ:887,prA:887,prZ:892,si:899,poA:901,poZ:914,cmZ:914,mfZ:914,loA:921,loZ:924,ltA:930,ltZ:930%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:300%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:333,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:300,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B46~0%5D,as:%5B46~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tc61OCH+11%7C12%7C13%7C14%7C15%7C16%7C17*.1084840-64294887%7C171%7C172%7C173%7C174%7C18%7C19%7C1a%7C1b,idMap:17*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:na,sinceFw:29,readyFired:true%7D&br=c
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4281:4f5b:6550:560a:4298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:37 GMT
x-server-name
dt04.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
back_160x600.jpg
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/back_160x600.jpg?1655391006158
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
df72b6616a73bb1f7bef5f5f1a74bf0600277d62f52889ec353b9d7e38c14f98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 14 Jul 2022 05:49:32 GMT
x-content-type-options
nosniff
age
511745
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8421
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 14 Jul 2023 05:49:32 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame E75D 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsunTn0OfjeFmKhKLhbodd4woNhRYsbBmiUOLmehmOOdtwmDODuFniREQPjJtmgurdylNTs9SWmKd9n-ksuXcnivPxN5qepkeWQOLk8Q9BuBM7gKComePZPKEQOj7rKS07GtF0jmfO6Q_BQqEiwxtSK3z9Qd3bzIuqdtOMfx6NEoVv7LwA-ymBynPEksjQWy8U4wxrjce6INitSLQekCNCxWZMV_0jxvJ_oOl9oiyh7SmvQTMT_33OvOz69yQtXwuT0ISqvaX-B0LOQFR33tnwwopUH2XQjoLHmClt-LTjgNzI-7vDdudsOTqhrq3BDlMSbCCnmuyoeoUr07CBoGCxZrQYbDcOoB9Ewyt0p5ufsA-5wKSQXWLrwnL6d9SPsApTKjitZCjhxGmqIwNoqw11bPIuV5IXXlOZ6rsU0xrFStSqe4SQDW5j8jzhqyTmET0NmH8dBL4Z_HNRXLRIILEiqzpwNtX46ZEIt1_qO3HutebuztD3-OSjbgrUkyS8oJ_DBy_KJQP15_NHkxkOQ8w6zDraBwwKkowRxu7Ps_r7uxzDg23AiSuWIAAYB7BV-T28p131kfUF9z49Xb-GhLQ-f7kq4RSVHGivd_DPYa-p6VdGu1GIaxVTOwbc4bRwTbGFqfQ49zBycfhdWesE5sI7AQCp6ud5BlcdWOZtYYupEB3xpO5zj9c_aCLu4nB_9IqdT9MEanPV85_JvW5voi_nl-v2mgFC1FnQH4_8CQaE0GgE43351s5T21DZK0Ov4_8OS4lJM42E0rlAKcdqTvTl12MWoTRSxYJ3aF8LRdUOXwOprDC5bBJ6A8vPt1FltMYZOfYR8KZdLyYiYQ6q2RkJhvyz_TR3tJvaGO974xZmzSOQqz2ljV1sJ41DhGVjJOoReb5OPtej1IO43jrApAv5xkn1L5HFr0NzmMDToxU70kc3mqU3xPQSgZ1AYQJRn8dPrucjybyiZUxYO-GSvWSAq2I3Rfz9SYira-M0DY8u3XpbFFPwcjY4nDMpNSIFnGYxGahKitCfTq8CgFDqY45YSaDDuXGpzq6NRazTur_X4JuF5Jgt43VfWLnR9pQhOFoLMJ406o7rsq41vPIcWL1curpbuj4zQ7NRcqS6gVR-Ri2xqG67_h3JGTCwzq94XDZZEpcQjJKUZlf8uX3KQLG0rcP1W7_yeyW9qV0KfzwBySCRYtsNn4wlP1R7RVCAn6vD1a87C9XjH9bdCqH6GK4V5kAVs29WiT7_1F34ozRytsIcgDGHvmvNIkzOw&sai=AMfl-YRvjN3mNP_W0eRIqtyQFJK_VkJ-VM-Cwi2WdhSYoJFMkFFvFuFmv6RsWoaU5SXTXwSSQjWMIwpD1bBdlxfMh7nRbW_oA6f9a7Bs22WIht5EC5EewpJXFSBpw2eN1HRNvhIadKC3gHQ0fxJ72KcfGewIe_lmJyH3AXoX_5rv4O5QNi2pl-ylJI03dAd4d6sAGA_-_5YpeYnFIyaTq8zDGQ&sig=Cg0ArKJSzK2nFCJUUaSJEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=583&vt=11&dtpt=336&dett=3&cstd=244&cisv=r20220718.54919&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: chtyvo.org.ua
URL: https://chtyvo.org.ua/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Jul 2022 03:58:37 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
dt
dt.adsafeprotected.com/ Frame E75D 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1084840&asId=2345e11c-b464-9d00-c36b-eff9cf66425c&tv=%7Bc:iSpbWO,time:387,type:e,im:%7Bpci:%7Btdr:62%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:387,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:300,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B100~0%5D,as:%5B100~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tc61OCH+11%7C12%7C13%7C14%7C15%7C16%7C17*.1084840-64294887%7C171%7C172%7C173%7C174%7C18%7C19%7C1a%7C1b,idMap:17*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4281:4f5b:6550:560a:4298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:37 GMT
x-server-name
dt09.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
bg_grey_300x600.jpg
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/bg_grey_300x600.jpg?1655391006158
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81416f6f04ecfc4cb4ff74e02f949d4257a587484b6ac064d0e7aa2448ff3493
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 19 Jul 2022 14:37:26 GMT
x-content-type-options
nosniff
age
48071
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4579
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 19 Jul 2023 14:37:26 GMT
bg_W_gold_2.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/bg_W_gold_2.png?1655391006158
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f975834808cb2b3a182f193607b7932a5965491ce877fc3a934d7124522c58c9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:37 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6076
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 20 Jul 2023 03:58:37 GMT
boost_fx_front.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/boost_fx_front.png?1655391006158
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b90803bf38a7a113dec91593b0dabc42f7416f4767b2f889e0c6455dbfd06d97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 19 Jul 2022 10:02:01 GMT
x-content-type-options
nosniff
age
64596
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4598
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 19 Jul 2023 10:02:01 GMT
cta_300x600.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/cta_300x600.png?1655391006158
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e79f45aedea93c1a14911cfdea11f44ba7f54da0cdad7d6c7a7194cbecedd738
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 03:58:37 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5836
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 20 Jul 2023 03:58:37 GMT
divider_300x600.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/divider_300x600.png?1655391006158
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c51116bd972ca178360867dca89eb3fc01373e5e45872ee6ec4c1e6353f1c194
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 19 Jul 2022 02:25:27 GMT
x-content-type-options
nosniff
age
91990
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1938
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 19 Jul 2023 02:25:27 GMT
dt
dt.adsafeprotected.com/ Frame E75D 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1084840&asId=2345e11c-b464-9d00-c36b-eff9cf66425c&tv=%7Bc:iSpc1S,pingTime:-10,time:701,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1658289517564%7C%7C89b08e4fa64ad21e4a12c34281897b25%7C%7C6b9a00393fb1607b0ada13520f814ab5%7C%7Cb044500d2d1ec271241aacd82371527c%7C%7Ca4a001e9441f454838694c3895e3a436%7C%7Cdba6b7fca2ba598c7360900616477ea5%7C%7C24200c16ed1734359eed06ad5d718cf2%7C%7C763dbfed3c9c7fa1807f71b70b169598%7C%7C1629390669%7D
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4281:4f5b:6550:560a:4298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:37 GMT
x-server-name
dt02.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
goodie_boost_base.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/goodie_boost_base.png?1655391006158
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ec931c4557733c8aedfbbfd875cd308d6ca86a59aceb7f040917f4592a0519d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 13 Jul 2022 21:16:42 GMT
x-content-type-options
nosniff
age
542515
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9722
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 13 Jul 2023 21:16:42 GMT
goodie_boost_fx_back2.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/goodie_boost_fx_back2.png?1655391006158
Requested by
Host: a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
URL: https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8cbcd9342d4c3ae72464f2b32012d725807ab9c861f44ceafaadb7973084030b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 19 Jul 2022 02:25:27 GMT
x-content-type-options
nosniff
age
91990
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9645
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 19 Jul 2023 02:25:27 GMT
goodie_boost_fx_front2.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/goodie_boost_fx_front2.png?1655391006158
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
12e1ae6caa8ed39f090cb3492a99bad5c8d389ecc0f8048fd888d1e551543853
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 17 Jul 2022 06:37:13 GMT
x-content-type-options
nosniff
age
249684
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6910
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 17 Jul 2023 06:37:13 GMT
goodie_Diadem.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/goodie_Diadem.png?1655391006158
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ac0c57a8c93db7a4e2133b5669d7411c6858fc083485c784f8db314293b6ed7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 17 Jul 2022 01:31:16 GMT
x-content-type-options
nosniff
age
268041
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13125
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 17 Jul 2023 01:31:16 GMT
goodie_Hearthing.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/goodie_Hearthing.png?1655391006158
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5af6897b47a2ee0add8f0c95d3744612db184a583bfe91d56e63427c0c3d4a36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 17 Jul 2022 03:23:10 GMT
x-content-type-options
nosniff
age
261327
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27436
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 17 Jul 2023 03:23:10 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame E75D 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsupX_C5ermbdt-vrseDMEgNaRJ1ldT8XW79KHXglG2WIaQijmlzO8tjW3s_20RhLxP38m0MHGrVqoq3qtIRZXFisTJy4DSdb4P5scTkbcXPw-XcM8znb0L7gXG5CIPyZ894jFNWBXL9D4jE&sai=AMfl-YQwxQKDwM16vIQteUMU9jqlFYinFGpOWZbSQ1JSmk8vsmRDtuLgfZPMCDdo2GwrYP-HvFmPKS3JPQsopmfh6D4HMMOIrTfoYEIWqL-AojHRvLD8i8IjyHs8SrI&sig=Cg0ArKJSzO_uNGkctT2ZEAE&cid=CAASJORootCEyeQAp3B2hKPnhaBLfddFrZYsFTo_VXWcWPPUHpbM9w&id=lidar2&mcvt=1000&p=311,1559,351,1600&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220718&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4137613428&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1658289516265&rpt=494&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:37 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
goodie_Hearthing_Screen.jpg
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/goodie_Hearthing_Screen.jpg?1655391006158
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
35ff336b358f9b0fbdcf69c456edc98ad4624be35b778d47fefcf1cdb2b1df52
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 17 Jul 2022 01:31:18 GMT
x-content-type-options
nosniff
age
268039
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11818
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 17 Jul 2023 01:31:18 GMT
goodie_mount_small_300x600.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/goodie_mount_small_300x600.png?1655391006158
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c5080e726223fd5dac7a94cb8e686d98913d3319f1113cee678648b052b1eb15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 18 Jul 2022 16:14:50 GMT
x-content-type-options
nosniff
age
128628
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 18 Jul 2023 16:14:50 GMT
goodie_Murkastrasza.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/goodie_Murkastrasza.png?1655391006158
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e137ef6a31741d9167963b8dc0b9f7b5f254aa6034d810916962709e1017144b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 13 Jul 2022 21:16:43 GMT
x-content-type-options
nosniff
age
542515
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8424
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 13 Jul 2023 21:16:43 GMT
goodie_pet2.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/goodie_pet2.png?1655391006158
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae115d01326e379750027215065ec3f8c8a88af05cc290f190bd34d1849c8708
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 17 Jul 2022 01:31:19 GMT
x-content-type-options
nosniff
age
268039
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5547
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 17 Jul 2023 01:31:19 GMT
goodie_transmog2.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/goodie_transmog2.png?1655391006158
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9cea9d9cd36643e03aa19798461b2a65b679905f093439ba9f2de945f7a053a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 19 Jul 2022 18:39:49 GMT
x-content-type-options
nosniff
age
33529
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7351
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 19 Jul 2023 18:39:49 GMT
lightburst_gold_sml.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/lightburst_gold_sml.png?1655391006158
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
228d320aa181b6adeb7fcec7090bb47c82645784272f2d5fe2c3f4c30e4cf368
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 19 Jul 2022 02:25:27 GMT
x-content-type-options
nosniff
age
91991
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6431
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 19 Jul 2023 02:25:27 GMT
pegi12.png
s0.2mdn.net/sadbundle/14416565629012286365/images/ Frame 8D90 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/14416565629012286365/images/pegi12.png?1655391006158
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
59a411ebbac4af90360ee7686c668359c42ed139aa4fa1cfd2476e506fb2e839
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14416565629012286365/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 18 Jul 2022 04:33:11 GMT
x-content-type-options
nosniff
age
170727
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10431
x-xss-protection
0
last-modified
Tue, 05 Jul 2022 15:46:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 18 Jul 2023 04:33:11 GMT
dt
dt.adsafeprotected.com/ Frame E75D 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1084840&asId=2345e11c-b464-9d00-c36b-eff9cf66425c&tv=%7Bc:iSpcsj,pingTime:1,time:2340,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:300%7D,%7Bpiv:100,vs:i,r:,t:1334%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1007,o:1334,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:300,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1047~0,0~100%5D,as:%5B1047~160.600%5D%7D%7D,%7Bsl:i,t:1334,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1007~100%5D,as:%5B1007~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:171,fm:tc61OCH+11%7C12%7C13%7C14%7C15%7C16%7C17*.1084840-64294887%7C171%7C172%7C173%7C174%7C18%7C19%7C1a%7C1b,idMap:17*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4281:4f5b:6550:560a:4298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:39 GMT
x-server-name
dt10.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame E75D 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1084840&asId=2345e11c-b464-9d00-c36b-eff9cf66425c&tv=%7Bc:iSpcsl,pingTime:1,time:2342,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:300%7D,%7Bpiv:100,vs:i,r:,t:1334%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1008,o:1334,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:300,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1047~0,0~100%5D,as:%5B1047~160.600%5D%7D%7D,%7Bsl:i,t:1334,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1008~100%5D,as:%5B1008~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:171,fm:tc61OCH+11%7C12%7C13%7C14%7C15%7C16%7C17*.1084840-64294887%7C171%7C172%7C173%7C174%7C18%7C19%7C1a%7C1b,idMap:17*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4281:4f5b:6550:560a:4298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jul 2022 03:58:39 GMT
x-server-name
dt11.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
google2waycm.netmng.com
URL
https://google2waycm.netmng.com/cm/?google_gid=CAESEBrCMjsttYxpoSgPlKdoyMs&google_cver=1&google_push=AehlK4D1-Rd0ZHYEb18N4TckHWVzvnShhhk_HGfca-ct0kjvyxKu50tG8OrCXL4ckRkgDEIxCT-vXXrznHXgaAL01Y2Cpj1u0rqYSg

Verdicts & Comments Add Verdict or Comment

210 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| markAllRows function| unMarkAllRows function| incAttachments function| ShowWin function| toggleAuthorBooks function| CheckGroupForm function| CheckUserForm function| CheckCommentForm function| transliterate function| jsHover object| _gaq object| google_ad_client object| google_ad_slot object| google_ad_width object| google_ad_height object| _gat object| gaGlobal function| setCookie function| getCookie function| createGeoRestrictionCookie object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| google_tag_data object| google_sa_queue function| google_process_slots number| google_unique_id object| google_ad_block object| google_ad_channel object| google_ad_format object| google_ad_host object| google_ad_host_channel object| google_ad_host_tier_id object| google_ad_layout object| google_ad_layout_key object| google_ad_output object| google_ad_region object| google_ad_section object| google_ad_type object| google_ad_unit_key object| google_ad_dom_fingerprint object| google_ad_semantic_area object| google_placement_id object| google_adtest object| google_allow_expandable_ads object| google_alternate_ad_url object| google_alternate_color object| google_apsail object| google_captcha_token object| google_city object| google_color_bg object| google_color_border object| google_color_line object| google_color_link object| google_color_text object| google_color_url object| google_container_id object| google_content_recommendation_ad_positions object| google_content_recommendation_columns_num object| google_content_recommendation_rows_num object| google_content_recommendation_ui_type object| google_content_recommendation_use_square_imgs object| google_contents object| google_country object| google_cpm object| google_ctr_threshold object| google_cust_age object| google_cust_ch object| google_cust_criteria object| google_cust_gender object| google_cust_id object| google_cust_interests object| google_cust_job object| google_cust_l object| google_cust_lh object| google_cust_u_url object| google_disable_video_autoplay object| google_enable_content_recommendations object| google_enable_ose object| google_encoding object| google_font_face object| google_font_size object| google_frame_id object| google_full_width_responsive_allowed object| efwr object| google_full_width_responsive object| gfwroh object| gfwrow object| gfwroml object| gfwromr object| gfwroz object| gfwrnh object| gfwrnwer object| gfwrnher object| google_gl object| google_hints object| google_image_size object| google_kw object| google_kw_type object| google_language object| google_loeid object| google_max_num_ads object| google_max_radlink_len object| google_max_responsive_height object| google_ml_rank object| google_mtl object| google_native_ad_template object| google_native_settings_key object| google_num_radlinks object| google_num_radlinks_per_unit object| google_override_format object| google_page_url object| google_pgb_reactive object| google_pucrd object| google_referrer_url object| google_region object| google_resizing_allowed object| google_resizing_height object| google_resizing_width object| rpe object| google_responsive_formats object| google_responsive_auto_format object| armr object| google_rl_dest_url object| google_rl_filtering object| google_rl_mode object| google_rt object| google_safe object| google_safe_for_responsive_override object| google_video_play_muted object| google_source_type object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_tag_origin object| google_tag_partner object| google_targeting object| google_tfs object| google_video_doc_id object| google_video_product_type object| google_webgl_support object| google_package object| google_debug_params object| dash object| google_restrict_data_processing object| google_ad_public_floor object| google_ad_private_floor object| google_traffic_source object| easpf object| easpi object| easpa boolean| google_apltlad object| google_sv_map string| google_user_agent_client_hint object| AdSlotCollection object| WebComponents function| __CE_installPolyfill object| ShadyCSS object| regeneratorRuntime boolean| __isGoogleAllowed object| googletag object| pbjs325474 object| FB function| google_sa_impl object| google_persistent_state_async object| googleToken object| googleIMState boolean| _gfp_p_ boolean| _gfp_a_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| __twttrll object| twttr object| __twttr object| __buffer function| pbjs325474Chunk object| _pbjsGlobals object| ADAGIO object| adsbygoogle number| tmod function| google_spfd number| google_rum_task_id_counter object| GoogleGcLKhOms object| google_image_requests

19 Cookies

Domain/Path Name / Value
chtyvo.org.ua/ Name: PHPSESSID
Value: ja3js1hs1rv7s0r4is17ha6tq4
.chtyvo.org.ua/ Name: __utma
Value: 206820033.562167579.1658289515.1658289515.1658289515.1
.chtyvo.org.ua/ Name: __utmc
Value: 206820033
.chtyvo.org.ua/ Name: __utmz
Value: 206820033.1658289515.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.chtyvo.org.ua/ Name: __utmt
Value: 1
.chtyvo.org.ua/ Name: __utmb
Value: 206820033.1.10.1658289515
chtyvo.org.ua/ Name: __oagr
Value: true
.doubleclick.net/ Name: IDE
Value: AHWqTUkH4hWjITJCr4G1dNlP6eurlHMTy03T9VVNJuNMJ8K-n62BNbplxVTUtbEISTs
.chtyvo.org.ua/ Name: __gads
Value: ID=0f2fa98a9f65f62f:T=1658289515:S=ALNI_MbDGH3jSWRCujlfm725H4UzpH-p4Q
.adnxs.com/ Name: uuid2
Value: 9178980597661791105
.casalemedia.com/ Name: CMID
Value: Ytd9bGN1VISn2LGE22zqGAAA
.casalemedia.com/ Name: CMPS
Value: 5121
.casalemedia.com/ Name: CMPRO
Value: 5121
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2E?`qlH2G!]tbPl1M>e)ZlrFUfJ+tGXxp6BL+(/a%tW)DH)DE8yL2gAde7N_K?w>KKmb?3If)y3KL9D3I?+c:5Ne#
.travelaudience.com/ Name: _tracker
Value: %7B%22UUID%22%3A%2233A03BDF-8FFB-489E-9FE0-20791165ADAA%22%7D
.ctnsnet.com/ Name: gid_CAESEJlTJndfBdlQsUMMYRLEQcE
Value: 1
.ctnsnet.com/ Name: cid_97be3d71a67a45afb0246d77d8ed6b60
Value: 1
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Ytd9bAAAAdhcmQAK
.casalemedia.com/ Name: CMTS
Value: 1143

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a8e0ba29df80bb4039e121b623c5ffc9.safeframe.googlesyndication.com
ads.travelaudience.com
adservice.google.co.uk
adservice.google.com
cdn.jsdelivr.net
chtyvo.org.ua
cm.g.doubleclick.net
cmp.optad360.io
connect.facebook.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fw.adsafeprotected.com
gcm.ctnsnet.com
get.optad360.io
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
platform.twitter.com
s0.2mdn.net
securepubads.g.doubleclick.net
ssl.google-analytics.com
static.adsafeprotected.com
sync-tm.everesttech.net
syndication.twitter.com
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.statsforads.com
google2waycm.netmng.com
104.18.18.126
104.244.42.200
142.250.186.34
142.250.186.66
142.250.74.194
151.101.194.49
174.138.9.142
18.66.97.25
185.89.210.101
2600:1f18:1aca:4281:4f5b:6550:560a:4298
2600:9000:223c:3000:6:b871:4f00:93a1
2600:9000:223f:f400:8:48e:53c0:93a1
2600:9000:225e:7400:11:a4de:2580:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:5614
2a00:1450:4001:800::200e
2a00:1450:4001:802::2008
2a00:1450:4001:803::2006
2a00:1450:4001:80b::2002
2a00:1450:4001:810::2004
2a00:1450:4001:812::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
35.186.193.173
35.190.0.66
52.17.82.33
69.173.144.138
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
077a409af3a9a930ecc34d0bba27ee0a5b266acd1fa851148e84d02e3c3619f8
09b76f2cc240cff74ece85ace2a78e9db76dabe83495b714f309b57787faaff3
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0de50a799ee39bde80bfb0943ba85616975f5c71e0e746b49c27c5b0d1731ef6
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12e1ae6caa8ed39f090cb3492a99bad5c8d389ecc0f8048fd888d1e551543853
18091a39db3bc6d68a187de5d46d8f28e49beb8d9431e9c8e5e9db7cb071dc65
228d320aa181b6adeb7fcec7090bb47c82645784272f2d5fe2c3f4c30e4cf368
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121
28e7618884506f14a2de91a3d1ebe2da312a6c90d8cb2fabd5556aace9e06149
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2ac0c57a8c93db7a4e2133b5669d7411c6858fc083485c784f8db314293b6ed7
2b6a495c4ace02a5a17dc157938d69188e71535365efb39eaceff9137ca92166
35ff336b358f9b0fbdcf69c456edc98ad4624be35b778d47fefcf1cdb2b1df52
3c3937e879ab5c2667a719eedce3987c48e0fc79de26dba48f9bdb2ed621ab8f
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
41b382c527a99a4a8a21143d07bd88777b959ae7785a7e0ed5e6a6347864e5de
468412e0536f82c9e5c39e0ce2d6d26a80c19a28d00190927e4d8e2c04603806
48498682e46a2798b2cc5b57f085f280b9c41ae55efb3f7d28762e2372bc94c7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e8b7d182260758d4e2d4cb0ce2895b9ab0898390acc17c39448ce99e485bc26
4eb4b93aa3e0def68cab28dfe4568e65844e8a84959eb9092f661550c34e6b7f
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
543b3d51d2ab8b113fbdf23007fa7590c02948690e3ac8880e6dfd1fac160516
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59a411ebbac4af90360ee7686c668359c42ed139aa4fa1cfd2476e506fb2e839
5af6897b47a2ee0add8f0c95d3744612db184a583bfe91d56e63427c0c3d4a36
601bd7335ad1fa7f2befb7230901cf8946056bba0ad7825148bc5f402a5c93ab
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6e6666d1d9b9a978f4359712f86eea5e417de503cc144266763541b732b04b19
7109518959a6958168f639860050324f4f063fd1697f32677cf9d0180ab02453
81416f6f04ecfc4cb4ff74e02f949d4257a587484b6ac064d0e7aa2448ff3493
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85021f3169e197fff54e01145509eae6539ff625fa6ebfbf3ba9d583b565710b
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8cbcd9342d4c3ae72464f2b32012d725807ab9c861f44ceafaadb7973084030b
9a1e3d8485e3e6c737073c0cf0b0a5908ec1b69002e22f59629f6331fdc15864
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a502f79cb5fa985d8b516eeb3b2ce66e500731cd1999e64b3bb1cb035e784f66
a62841b9e5b955e345c1c642935163dc9e2044c542b2f40e863b54be4eceb010
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acb8bd2ce323e855b7156f77afc11627c90b621de77971867949007a74414dc4
ae115d01326e379750027215065ec3f8c8a88af05cc290f190bd34d1849c8708
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5e45c1317da4dfc410ab6c1d707c04e5013936bbcece030ef1a6d9cd0c98ac6
b90803bf38a7a113dec91593b0dabc42f7416f4767b2f889e0c6455dbfd06d97
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c5080e726223fd5dac7a94cb8e686d98913d3319f1113cee678648b052b1eb15
c51116bd972ca178360867dca89eb3fc01373e5e45872ee6ec4c1e6353f1c194
ccaf59e06eb4f607fdedb30b166d8ab31ae2f92eaf4a2f998504204f1a2bf526
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d16d5b58e248eb57645940c49e0d6f1db9dd36a15b4569cd6ddc43f624821eed
d2dcb1b49f59a9c114198970bdf30a4b17fd4208175b4f851c83c36e437b7ade
da88068dbb94c56a698bd3f253ce7bda5ce8f8c7a08845d80dd3d9dc408b37cb
dd73aaa40aaa3f68485ce0099ab91f2db304523f542b95da68397340d58d5c4f
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
df72b6616a73bb1f7bef5f5f1a74bf0600277d62f52889ec353b9d7e38c14f98
e137ef6a31741d9167963b8dc0b9f7b5f254aa6034d810916962709e1017144b
e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59
e352bd3598be515c20c398e90549e3f966fbce570d88adea32a7f43de7b08f83
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e79f45aedea93c1a14911cfdea11f44ba7f54da0cdad7d6c7a7194cbecedd738
e9cea9d9cd36643e03aa19798461b2a65b679905f093439ba9f2de945f7a053a
ec931c4557733c8aedfbbfd875cd308d6ca86a59aceb7f040917f4592a0519d5
ee6de4d9b2e6bc565ea39eb179c68db02518db45f4f2ae88465bef991a971458
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f8328de6ac788fc0d35717bd218e024702c440485871d6791ca9d07a9bb27f95
f865937f82b393dbc417221e346454ef61a81d9653e67bf374ccea1d607ba904
f975834808cb2b3a182f193607b7932a5965491ce877fc3a934d7124522c58c9
fa9efa00a715700d9dd94213288ca6924c7057dd521206c6d88b314bf096d788
fcaa5bbb668b3b26e7b3d2c97e3acba59a834da830b0726815c7f5ebf360ccf6
fe7bd8cacf9680625b7da9649a92bee8ab705909190040bad2396b2d6ca9436e