www.buhoblik.org.ua Open in urlscan Pro
2a06:6440:0:2d02::1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://buhoblik.org.ua/
Effective URL:
https://www.buhoblik.org.ua/
Submission: On November 28 via api (November 28th 2022, 2:02:27 am UTC) from GB — Scanned from GB

Summary HTTP 151 Redirects Behaviour Indicators

Summary

This website contacted 34 IPs in 8 countries across 26 domains to perform 151 HTTP transactions. The main IP is 2a06:6440:0:2d02::1, located in Ukraine and belongs to UKRAINE-AS, UA. The main domain is www.buhoblik.org.ua.
TLS certificate: Issued by R3 on October 3rd 2022. Valid for: 3 months.

This is the only time www.buhoblik.org.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 11	2a06:6440:0:2... 2a06:6440:0:2d02::1	200000 (UKRAINE-AS) (UKRAINE-AS)
1 1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
10	2a03:90c0:41:... 2a03:90c0:41:2801::62	199524 (GCORE) (GCORE)
2	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
2	95.216.186.40 95.216.186.40	24940 (HETZNER-AS) (HETZNER-AS)
1	2001:41d0:602... 2001:41d0:602:3b8e::	16276 (OVH) (OVH)
8	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
9	204.62.13.72 204.62.13.72	46636 (NATCOWEB) (NATCOWEB)
23	2001:67c:4e8:... 2001:67c:4e8:f004::9	62041 (TELEGRAM) (TELEGRAM)
9	34.111.35.152 34.111.35.152	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
8	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 3	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	193.200.65.6 193.200.65.6	6681 (GIVEME-CLOUD) (GIVEME-CLOUD)
1 2	185.83.142.19 185.83.142.19	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	185.64.190.79 185.64.190.79	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1 1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	198.47.127.20 198.47.127.20	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
3 3	52.29.215.78 52.29.215.78	16509 (AMAZON-02) (AMAZON-02)
1 1	141.95.97.231 141.95.97.231	16276 (OVH) (OVH)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638::b 2a02:2638::b	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	178.250.0.160 178.250.0.160	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:214... 2600:9000:214f:b400:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a02:2638:1::1a 2a02:2638:1::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
11	2a02:2638::c 2a02:2638::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638::21 2a02:2638::21	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
151	34

11 2a06:6440:0:2d02::1 (Ukraine) 2 redirects

ASN200000 (UKRAINE-AS, UA)

buhoblik.org.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.buhoblik.org.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a03:90c0:41:2801::62 (Frankfurt am Main, Germany)

ASN199524 (GCORE, LU)

cdn.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.216.186.40 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.40.186.216.95.clients.your-server.de

xn--r1a.website	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:41d0:602:3b8e:: (France)

ASN16276 (OVH, FR)

avto-oblik.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 204.62.13.72 (Clifton, United States)

ASN46636 (NATCOWEB, US)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2001:67c:4e8:f004::9 (Virgin Islands (British))

ASN62041 (TELEGRAM, VG)

telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.111.35.152 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 152.35.111.34.bc.googleusercontent.com

cdn4.telegram-cdn.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.184.8.90 (Amsterdam, Netherlands) 1 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.200.65.6 (Amsterdam, Netherlands)

ASN6681 (GIVEME-CLOUD, PL)
PTR: adforce.team

m.trafmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.83.142.19 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.79 (United Kingdom) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.20 (United States) 1 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.29.215.78 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-215-78.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.97.231 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: haproxy-eu-002.roqad.pl

ws.rqtrk.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::b (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.160 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:b400:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:1::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:2638::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::21 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 131 tpc.googlesyndication.com — Cisco Umbrella Rank: 182	319 KB
23	telegram.org telegram.org — Cisco Umbrella Rank: 7136	273 KB
21	criteo.net static.criteo.net — Cisco Umbrella Rank: 590 pix.eu.criteo.net — Cisco Umbrella Rank: 4492 csm.eu.criteo.net — Cisco Umbrella Rank: 4579	84 KB
19	admixer.net cdn.admixer.net — Cisco Umbrella Rank: 38602 inv-nets.admixer.net — Cisco Umbrella Rank: 3700	202 KB
11	buhoblik.org.ua 2 redirects buhoblik.org.ua www.buhoblik.org.ua	230 KB
10	criteo.com 1 redirects rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 9126 ads.eu.criteo.com — Cisco Umbrella Rank: 4506 cat.fr.eu.criteo.com — Cisco Umbrella Rank: 5718 bidder.criteo.com — Cisco Umbrella Rank: 814 gum.criteo.com — Cisco Umbrella Rank: 434 mug.criteo.com — Cisco Umbrella Rank: 1897	63 KB
9	telegram-cdn.org cdn4.telegram-cdn.org — Cisco Umbrella Rank: 29958	789 KB
9	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 64 cm.g.doubleclick.net — Cisco Umbrella Rank: 271	139 KB
7	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 370	133 KB
5	pubmatic.com 5 redirects image8.pubmatic.com — Cisco Umbrella Rank: 857 image2.pubmatic.com — Cisco Umbrella Rank: 1258 image4.pubmatic.com — Cisco Umbrella Rank: 1287	2 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	67 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 381	1 KB
3	creativecdn.com 1 redirects prebid-eu.creativecdn.com — Cisco Umbrella Rank: 5233 creativecdn.com — Cisco Umbrella Rank: 581	861 B
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 219	95 KB
2	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 276	2 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 121 www.google.com — Cisco Umbrella Rank: 16	2 KB
2	xn--r1a.website xn--r1a.website — Cisco Umbrella Rank: 923642	13 KB
2	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 412	17 KB
1	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 2236	752 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 107	1 KB
1	rqtrk.eu 1 redirects ws.rqtrk.eu — Cisco Umbrella Rank: 3023	335 B
1	trafmag.com m.trafmag.com — Cisco Umbrella Rank: 95205	351 B
1	google.de adservice.google.de — Cisco Umbrella Rank: 5200	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 961	699 B
1	avto-oblik.com.ua avto-oblik.com.ua	72 KB
1	google.com.ua 1 redirects www.google.com.ua — Cisco Umbrella Rank: 15026	325 B
151	26

	Domain	Requested by
23	telegram.org	xn--r1a.website telegram.org
15	tpc.googlesyndication.com	googleads.g.doubleclick.net cdn.ampproject.org pagead2.googlesyndication.com tpc.googlesyndication.com
11	pix.eu.criteo.net	ads.eu.criteo.com
10	cdn.admixer.net	www.buhoblik.org.ua cdn.admixer.net
9	cdn4.telegram-cdn.org	xn--r1a.website
9	inv-nets.admixer.net	cdn.admixer.net www.buhoblik.org.ua
9	pagead2.googlesyndication.com	www.buhoblik.org.ua pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
9	www.buhoblik.org.ua	www.buhoblik.org.ua
8	static.criteo.net	cdn.admixer.net ads.eu.criteo.com
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
7	cdn.ampproject.org	googleads.g.doubleclick.net pagead2.googlesyndication.com
4	bidder.criteo.com	static.criteo.net
3	fonts.gstatic.com	fonts.googleapis.com
3	x.bidswitch.net	3 redirects
3	image8.pubmatic.com	3 redirects
2	gum.criteo.com	1 redirects static.criteo.net
2	csm.eu.criteo.net	ads.eu.criteo.com
2	www.googletagservices.com	googleads.g.doubleclick.net
2	ib.adnxs.com	1 redirects www.buhoblik.org.ua
2	creativecdn.com	1 redirects www.buhoblik.org.ua
2	xn--r1a.website	www.buhoblik.org.ua telegram.org
2	ssl.google-analytics.com	www.buhoblik.org.ua
2	www.gstatic.com	www.buhoblik.org.ua googleads.g.doubleclick.net
2	buhoblik.org.ua	2 redirects
1	mug.criteo.com
1	www.google.com	tpc.googlesyndication.com
1	secure-gl.imrworldwide.com	ads.eu.criteo.com
1	cat.fr.eu.criteo.com	ads.eu.criteo.com
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	rtb.fr.eu.criteo.com	googleads.g.doubleclick.net
1	ws.rqtrk.eu	1 redirects
1	image4.pubmatic.com	1 redirects
1	image2.pubmatic.com	1 redirects
1	cm.g.doubleclick.net	1 redirects
1	m.trafmag.com	www.buhoblik.org.ua
1	prebid-eu.creativecdn.com	cdn.admixer.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	avto-oblik.com.ua	www.buhoblik.org.ua
1	www.google.com.ua	1 redirects
151	42

This site contains no links.

Subject Issuer	Validity	Valid
www.buhoblik.org.ua R3	`2022-10-03` - `2023-01-01`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.admixer.net Sectigo RSA Domain Validation Secure Server CA	`2022-06-08` - `2023-06-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
xn--r1a.website R3	`2022-10-23` - `2023-01-21`	3 months	crt.sh
www.avto-oblik.com.ua R3	`2022-10-07` - `2023-01-05`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.telegram.org Go Daddy Secure Certificate Authority - G2	`2022-08-10` - `2023-09-11`	a year	crt.sh
cdn4.telegram-cdn.org GTS CA 1D4	`2022-10-18` - `2023-01-16`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-08` - `2023-02-04`	3 months	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
*.trafmag.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-14` - `2023-06-14`	a year	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-27` - `2022-12-29`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-14` - `2023-01-13`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-31` - `2023-01-26`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-01` - `2023-02-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh

This page contains 14 frames:

Primary Page: https://www.buhoblik.org.ua/
Frame ID: 4C55415535B5E703EFFF7251B933785F
Requests: 49 HTTP requests in this frame

Frame: https://xn--r1a.website/s/buhoblik_org_ua
Frame ID: 63AC2DB33552347A809AE1DF35A42F99
Requests: 35 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
Frame ID: 1EBD7DF661A4520559199B3B199C7FB8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&adk=1812271804&adf=3025194257&lmt=1669600940&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&ea=0&pra=5&wgl=1&easpi=1&easai=1&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=1000&asna=5&asnd=5&asnp=5&asns=5&asmat=-1&asptt=-1&aspe=0&asro=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941556&bpp=5&bdt=677&idt=195&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8032909778416&frm=20&pv=2&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=214
Frame ID: 2BB94B6FF6A07FCA2452D56412C5A0E2
Requests: 1 HTTP requests in this frame

Frame: https://cdn.admixer.net/scripts3/51428/c.html?b=51428
Frame ID: A59E5A7ABE3D61B6997067AAB71CBA7E
Requests: 1 HTTP requests in this frame

Frame: https://cdn.admixer.net/scripts3/51428/c.html?b=51428
Frame ID: B895748B6BB511BD03704066133AB79D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941561&bpp=3&bdt=683&idt=259&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=OTju3rWFtq&p=https%3A//www.buhoblik.org.ua&dtd=266
Frame ID: 039DF30B74A1EAC1CE75889AD359C5E5
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1669600940&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941564&bpp=1&bdt=685&idt=289&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=irC6IANZ6r&p=https%3A//www.buhoblik.org.ua&dtd=294
Frame ID: C6FAD3A57D366AE654E72917F24C6494
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=4207227173&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941565&bpp=2&bdt=687&idt=298&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=3773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEebr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=y6vGoTZ6X1&p=https%3A//www.buhoblik.org.ua&dtd=304
Frame ID: 4A0B85196ECD5C7AE7E9713A5E02CC18
Requests: 15 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y4QWrQAOLg8H_Z4CAAKguI-rbeZrOUj-QNc3PA&u=%7CmFnMdRckbN3s%2F2pptoxEehioBxi7CdvAQWy5n%2Be7peg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi6ziEzHnRQPmm8hAoZUVgSTX_AWgdAO64ie0U4sFPu7ENo1NEkSI7vSA5WoTxrzNKnML50pN-1TWlOYhBmsQIxpcBP_L5QrCICDFz7Z39gJ1txSOryi19RL4hdSBm86uGmz73U40V_39wuOM8EXnoi11MmsjPB2ISo9uYgLnBX6449KOmuNZXXeHdBqpgYPIQGWQn3DyWtuRDrL0A4yolUXJUjgN2YkIKnUyUxaqMISmvADaQny-iggkyckufkkaZvmvQpCbywF9LHocTFSBs1LZCU_2K86hqVN0Sby8otZ17Z9kUvhA7aRyP5Oxz8gBvqCBa71n8mzB-XAZYSQqvmVVVwtFOgQfxguRr5TZXzyazvns-Q75pDwUVyCgZy9IdZ3qbtNRGAr8Ctlml9DeEuh03bxcFjUUYWQGSUlHqmkasS5V0dI6OhukPl703Dur6S3PB8KZluqMpGLIX4DvuhbmI_8OKk5wjQi1wKKYJSIhX0zLsXlVMgWfYfnvZrg6sRp_xS5hlbtyM9ToqIAxZ2C0MIB_DPcdKtHDOG0jIPzQyIMamRNCqzKI&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvqv-rRaEY4_cOIK89u8PuMGKmAjJntKxXPWR3r6xAcCNtwEQASAAYJUCggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAv1d4nqfcLE-qAMBqgTkAU_QLAQb2Qe381FP9uz0fhHhby0CxlcP3reS20rLbPaCT6YMgLXhTt8cv6LuPYh2bKvziR9DX733extRFKKpYnbZvZXElIu4G4AtTeFaJ2XMaBMUpRmAun88OBVOc1fOW1XHB-o1QsdPj9rUE8HPtUiyTyUdThTNOq_KU8vyUYQEpi__qA1DXkexk1ijf5O1O-kRtcLNOeMn-tgK8tN1RskzW6lTH_KwnkKh3w_phzpFY9bwmVg4i6nRdTarxKiF_8PSbtdJFUeSEq1TLIakNOuWSJG5S0mNAn0dKNNhp-e0I192yYAGx83PmN-e7an5AaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3KcSMmYDFQJ9dgoaOTW7O-JQTvlQ%26client%3Dca-pub-5630956766216465%26adurl%3D
Frame ID: 4F4C91EB28317B13070BF72610BEC42E
Requests: 23 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/rVlqs_C6MEoymNIgrpYBY2eJfhVJuMjEUeWab4z9yRM.js
Frame ID: B6F10F4973C358B86F890D2848DA1D7A
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.buhoblik.org.ua
Frame ID: B5FCFE5B8731CA95EA021674B8BA2FD6
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CAC1D4629E7839E61BA3FD6A5F2C155D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 57D0D125206CDA19541AE99FE6D99AF0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Бухучет в Украине : Бухгалтерский и налоговый учет

Page URL History Show full URLs

http://buhoblik.org.ua/ HTTP 301
https://buhoblik.org.ua/ HTTP 301
https://www.buhoblik.org.ua/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

151
Requests

96 %
HTTPS

65 %
IPv6

26
Domains

42
Subdomains

34
IPs

8
Countries

2502 kB
Transfer

5412 kB
Size

28
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://buhoblik.org.ua/ HTTP 301
https://buhoblik.org.ua/ HTTP 301
https://www.buhoblik.org.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://www.google.com.ua/cse/brand?form=cse-search-box%E2%8C%A9=ru HTTP 301
https://www.gstatic.com/prose/brandjs.js

Request Chain 52

https://creativecdn.com/cm-notify?pi=admixer HTTP 302
https://creativecdn.com/cm-notify?pi=admixer&tc=1

Request Chain 54

https://ib.adnxs.com/setuid?entity=533&code=2a357c1d8e964dda95ff7416f24834c4 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D533%26code%3D2a357c1d8e964dda95ff7416f24834c4

Request Chain 55

https://image8.pubmatic.com/AdServer/ImgSync?p=160846&gdpr={gdpr}&gdpr_consent={consent}&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D160846%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Finv-nets.admixer.net%252Fadxcm.aspx%253Fssp%253D8B7CB874-411E-4307-9BD3-661F1CB0A0E6%2526id%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=160846&gdpr={gdpr}&gdpr_consent={consent}&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D160846%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Finv-nets.admixer.net%252Fadxcm.aspx%253Fssp%253D8B7CB874-411E-4307-9BD3-661F1CB0A0E6%2526id%253D%2523PMUID&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QzM0NTcwQzYtN0EyMS00NUY5LTlCNTktODU5OUMwQkU1MTRG&gdpr=0&gdpr_consent={consent} HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent={consent} HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent={consent} HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=160846&pmc=1&pr=https%3A%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3D8B7CB874-411E-4307-9BD3-661F1CB0A0E6%26id%3DC34570C6-7A21-45F9-9B59-8599C0BE514F HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=8B7CB874-411E-4307-9BD3-661F1CB0A0E6&id=C34570C6-7A21-45F9-9B59-8599C0BE514F

Request Chain 56

https://x.bidswitch.net/sync?ssp=admixer&user_id=2a357c1d8e964dda95ff7416f24834c4&gdpr=&gdpr_consent=&us_privacy=[usPrivacy] HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=admixer&user_id=2a357c1d8e964dda95ff7416f24834c4&gdpr=&gdpr_consent=&us_privacy=[usPrivacy] HTTP 302
https://ws.rqtrk.eu/pull?redirect=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D193%26user_id%3D%24BROWSER_ID%26expires%3D1%26ssp%3D%24bidswitch_ssp_id&return-unstable=true&eb=&bidswitch_ssp_id=admixer&g=1&gdpr_pd=&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=193&user_id=&expires=1&ssp=admixer HTTP 302
https://inv-nets.admixer.net/bs/cm.aspx?id=10ca0609-e3e3-499c-90cf-e6393d81ef4f&gdpr=&consent=&gdpr_pd=

Request Chain 153

https://gum.criteo.com/sid/json?origin=publishertag&domain=buhoblik.org.ua&sn=ChromeSyncframe&so=0&topUrl=www.buhoblik.org.ua&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=iG91QXx3RjdRS3BteHI4R0xqdkZGV0lLa3BEamZXYmQyRXdRYWdDRy9EcE5ZMVpqTTNuQmF2eFhSdjB1SzBlcXdFNjFReDNKdEQ4cUFsRWpoNThiNWNjSDVRV2tYcDFNN2Z3bmdIUkVNYUhQay9jVFJKUm5BMm1uNDBUYWtZaG52SWdQZFE4dWhWSy9saE5VcFRGemlUdVpUYUV0K3VGTFpBZXA0Q0ZYQ1ROQ1d4eWlZYWpOdFpHZENrRFhyekdQUXNQb3NMUnFEV0FSTE5TcWZ5cEliV3VzaHhBaHR1NVBCbWVDWlBWcUc4NWFlenRmNVVLSHJKblR2MXNTU25MZU9YK2FFeHMrKzR6S0hqUWdsS21MMU50dTdWQT09fA&cppv=2

151 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.buhoblik.org.ua/
Redirect Chain

http://buhoblik.org.ua/
https://buhoblik.org.ua/
https://www.buhoblik.org.ua/

85 KB
15 KB

435ms
338ms

Document
text/html

2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: b15281d85ac9fa9a3e3618fe1e7eb9284acedd8f66de03c8f690b34e17e9b79e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 public
content-encoding: gzip
content-length: 15385
content-type: text/html; charset=utf-8
date: Mon, 28 Nov 2022 02:02:20 GMT
expires: Wed, 17 Aug 2005 00:00:00 GMT
last-modified: Mon, 28 Nov 2022 02:02:20 GMT
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-ray: p953:0.170/wn25401:0.170/wa25401:D=173470

Redirect headers

cache-control: max-age=0
content-length: 236
content-type: text/html; charset=iso-8859-1
date: Mon, 28 Nov 2022 02:02:20 GMT
expires: Mon, 28 Nov 2022 02:02:20 GMT
location: https://www.buhoblik.org.ua/
server: nginx
x-ray: p953:0.002/wn25401:0.000/wa25401:D=3878

GET
H2 200 937d2c2ee43bca358b9b71d8167863c767f6a3e64cf2ba0703a7f07c0a987df3.css
www.buhoblik.org.ua/media/com_jchoptimize/cache/css/ 161 KB
23 KB 168ms
168ms Stylesheet
text/css 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buhoblik.org.ua/media/com_jchoptimize/cache/css/937d2c2ee43bca358b9b71d8167863c767f6a3e64cf2ba0703a7f07c0a987df3.css
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 88467b23c1044f571783e76997720036df1c0a9925eee5f428c7ff150fa7da56

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:20 GMT
x-ray: p953:0.010/wn25401:0.000/
content-encoding: br
last-modified: Sat, 15 Oct 2022 17:58:43 GMT
server: nginx
etag: W/"634af4d3-28387"
content-type: text/css
cache-control: max-age=2592000
expires: Wed, 28 Dec 2022 02:02:20 GMT

GET
H2 200 937d2c2ee43bca358b9b71d8167863c7fe11058a8effe382178f5c9b88baefc8.js Show response
www.buhoblik.org.ua/media/com_jchoptimize/cache/js/ 137 KB
44 KB 332ms
332ms Script
application/javascript 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buhoblik.org.ua/media/com_jchoptimize/cache/js/937d2c2ee43bca358b9b71d8167863c7fe11058a8effe382178f5c9b88baefc8.js
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 377d27d86822418762eb956a7d4eec9823d6a9d3fd6f6d3ca0d63fdf374a0b69

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:20 GMT
x-ray: p953:0.010/wn25401:0.000/
content-encoding: br
last-modified: Sat, 15 Oct 2022 17:58:43 GMT
server: nginx
etag: W/"634af4d3-223b2"
content-type: application/javascript
cache-control: max-age=2592000
expires: Wed, 28 Dec 2022 02:02:20 GMT

GET
H2

200

brandjs.js Show response
www.gstatic.com/prose/
Redirect Chain

https://www.google.com.ua/cse/brand?form=cse-search-box%E2%8C%A9=ru
https://www.gstatic.com/prose/brandjs.js

14 KB
6 KB

178ms
57ms

Script
text/javascript

2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/prose/brandjs.js

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 06:32:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70193
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5807
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 15:14:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Mon, 28 Nov 2022 06:32:28 GMT

Redirect headers

date: Mon, 28 Nov 2022 01:47:31 GMT
x-content-type-options: nosniff
server: sffe
age: 890
content-type: text/html; charset=UTF-8
location: https://www.gstatic.com/prose/brandjs.js
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
expires: Mon, 28 Nov 2022 02:17:31 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
49 KB 201ms
79ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7842df77c4fd8574cb1a844719cf11a5fd1e14db38d2c0a5fe7c515fdc64f38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49167
x-xss-protection: 0
server: cafe
etag: 8462202137662006309
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 28 Nov 2022 02:02:21 GMT

GET
H2 200 list_black.png
www.buhoblik.org.ua/images/ 417 B
634 B 83ms
82ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/list_black.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 002a93857ca724d4828a347c2b419a56eabfd275f206a5febc48246ccfe5830d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
x-ray: p953:0.000/wn25401:0.000/
last-modified: Thu, 27 Aug 2015 18:43:06 GMT
server: nginx
etag: "55df5a3a-1a1"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 417
expires: Wed, 28 Dec 2022 02:02:21 GMT

GET
H2 200 youtube-32.png
www.buhoblik.org.ua/images/ 918 B
1 KB 85ms
83ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/youtube-32.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: c6d254ee6b05a14666952b2b7629dedc518103bfed8a8d6ee0c1cbe28f76c6fd

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
x-ray: p953:0.010/wn25401:0.000/
last-modified: Sat, 21 Mar 2020 22:41:20 GMT
server: nginx
etag: "5e769810-396"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 918
expires: Wed, 28 Dec 2022 02:02:21 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
48 KB 193ms
78ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5630956766216465

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f25251c35bda9c440ec8242d7fe99f4c421f8674dc5f5b9916b932ce7f4953f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Origin: https://www.buhoblik.org.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49147
x-xss-protection: 0
server: cafe
etag: 14530198809215615391
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 28 Nov 2022 02:02:21 GMT

GET
H2 200 loader2.js Show response
cdn.admixer.net/scripts3/ 176 KB
55 KB 211ms
63ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/loader2.js
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 7728946db189aa5afd0b17d585fd24521909793a688ec2ef72c019a8bf92dc97

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Mon, 28 Nov 2022 02:02:21 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:22:42 GMT
server: nginx
etag: W/"6375fd62-2c101"
x-cached-since: 2022-11-28T01:58:51+00:00
content-type: application/javascript
cache-control: max-age=600
cache: HIT
expires: Thu, 17 Nov 2022 09:34:09 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 180ms
58ms Script
text/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 28 Nov 2022 01:51:04 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 677
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Mon, 28 Nov 2022 03:51:04 GMT

GET
H2 200 module-main3.png
www.buhoblik.org.ua/images/ 70 KB
70 KB 149ms
149ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/module-main3.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 8dfbfa16c85400143f85eb24eef8df723fd19c190f841c2c5ff22b8d0a5eeb09

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
x-ray: p953:0.001/wn25401:0.000/
last-modified: Sun, 13 Feb 2022 17:15:45 GMT
server: nginx
etag: "62093cc1-11743"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 71491
expires: Wed, 28 Dec 2022 02:02:21 GMT

GET
H/1.1 200
OK buhoblik_org_ua Show response
xn--r1a.website/s/ Frame 63AC 98 KB
13 KB 630ms
388ms Document
text/html 95.216.186.40
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://xn--r1a.website/s/buhoblik_org_ua

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.186.40 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.40.186.216.95.clients.your-server.de

Software

nginx /

Resource Hash

cf80c6f6f5c71b1904aa07c176da26b9713bc4c763e42c09408ee1de5a509abd

Security Headers

Name	Value
Strict-Transport-Security	max-age=35768000

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-control: no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 28 Nov 2022 02:02:21 GMT
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=35768000
Transfer-Encoding: chunked

GET
H2 200 num_star.png
www.buhoblik.org.ua/images/ 2 KB
2 KB 313ms
313ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/num_star.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: a4d35007c83b3689910808811412e63293a2ae2abf1180a2dbaf4b3f7bb91ce9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
x-ray: p953:0.000/wn25401:0.000/
last-modified: Tue, 03 Jan 2017 22:58:31 GMT
server: nginx
etag: "586c2c97-652"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1618
expires: Wed, 28 Dec 2022 02:02:21 GMT

GET
H2 200 pdf-sborniki-vnizu-115-2022.png
avto-oblik.com.ua/images/ 72 KB
72 KB 365ms
80ms Image
image/png 2001:41d0:602:3b8e::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avto-oblik.com.ua/images/pdf-sborniki-vnizu-115-2022.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:41d0:602:3b8e:: , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 89c114dc23d61c6b428f26c214e96d1fd49b43c8f777c8fcbb9ffdee7a84d81f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
x-ray: wn37539:0.000/
last-modified: Mon, 27 Dec 2021 15:47:26 GMT
server: nginx
etag: "61c9e00e-1201c"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 73756
expires: Wed, 28 Dec 2022 02:02:21 GMT

GET
H2 200 dovidnik-buhgaltera-238.png
www.buhoblik.org.ua/normativka/spravochniki/spravochnik-buhgaltera/ 16 KB
16 KB 311ms
310ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/normativka/spravochniki/spravochnik-buhgaltera/dovidnik-buhgaltera-238.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 052155039c13b233f324882bd10dc38150b5bd74fb44f27c0ead4d518fbc901b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
x-ray: p953:0.000/wn25401:0.000/
last-modified: Wed, 26 Jul 2017 08:14:12 GMT
server: nginx
etag: "59784f54-3eb3"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 16051
expires: Wed, 28 Dec 2022 02:02:21 GMT

GET
H2 200 sidebar-uchet-2021.png
www.buhoblik.org.ua/images/ 58 KB
58 KB 311ms
311ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/sidebar-uchet-2021.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 6a82502c1baab28ba6f410aa012fff53bd4f01d8de430e54589e583a0dc3ce80

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
x-ray: p953:0.000/wn25401:0.000/
last-modified: Wed, 06 Apr 2022 09:28:41 GMT
server: nginx
etag: "624d5d49-e758"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 59224
expires: Wed, 28 Dec 2022 02:02:21 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/ 355 KB
117 KB 89ms
88ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5630956766216465&plah=www.buhoblik.org.ua

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c6269d98660443db9f9578af480b83a1c511c5a3a24602492fec3fd3dde2b62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119607
x-xss-protection: 0
server: cafe
etag: 15994130142540813998
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 28 Nov 2022 02:02:21 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/ Frame 1EBD 10 KB
5 KB 183ms
56ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 55214
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 27 Nov 2022 10:42:07 GMT
etag: 10353107486223812946
expires: Sun, 11 Dec 2022 10:42:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
54 B 169ms
61ms Image
image/gif 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=861019528&utmhn=www.buhoblik.org.ua&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%91%D1%83%D1%85%D1%83%D1%87%D0%B5%D1%82%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5%20%3A%20%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%81%D0%BA%D0%B8%D0%B9%20%D0%B8%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D0%B9%20%D1%83%D1%87%D0%B5%D1%82&utmhid=1997540141&utmr=-&utmp=%2F&utmht=1669600941684&utmac=UA-23922474-1&utmcc=__utma%3D21695912.873224747.1669600942.1669600942.1669600942.1%3B%2B__utmz%3D21695912.1669600942.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=2834335&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 02:02:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 397 B
699 B 191ms
64ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.buhoblik.org.ua&callback=_gfp_s_&client=ca-pub-5630956766216465&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5630956766216465&plah=www.buhoblik.org.ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

066500e00bcf6a8660ebb9d0b4cf02114fbce3150b250e1fcc6e872f71c4c85a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 254
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 191ms
65ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.buhoblik.org.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 191ms
66ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.buhoblik.org.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2BB9 0
19 B 257ms
139ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&adk=1812271804&adf=3025194257&lmt=1669600940&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&ea=0&pra=5&wgl=1&easpi=1&easai=1&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=1000&asna=5&asnd=5&asnp=5&asns=5&asmat=-1&asptt=-1&aspe=0&asro=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941556&bpp=5&bdt=677&idt=195&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8032909778416&frm=20&pv=2&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=214

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 02:02:21 GMT
expires: Mon, 28 Nov 2022 02:02:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 c.html Show response
cdn.admixer.net/scripts3/51428/ Frame A59E 738 B
519 B 59ms
58ms Document
text/html 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/c.html?b=51428
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache: HIT
cache-control: max-age=31622400
content-encoding: gzip
content-type: text/html
date: Mon, 28 Nov 2022 02:02:21 GMT
etag: W/"6375fd72-2e2"
expires: Sat, 18 Nov 2023 09:24:09 GMT
last-modified: Thu, 17 Nov 2022 09:22:58 GMT
server: nginx
vary: Accept-Encoding
x-cached-since: 2022-11-17T09:24:09+00:00
x-id: fr5-up-gc35

GET
H2 200 a21031c0f6a0994b3314.b.js Show response
cdn.admixer.net/scripts3/51428/ 23 KB
8 KB 61ms
60ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/a21031c0f6a0994b3314.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 680f6e9a0e9f9d8c145e11d6937f688ff4299215d44bf0a54368ffc6acdbfc51

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Mon, 28 Nov 2022 02:02:21 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:22:56 GMT
server: nginx
etag: W/"6375fd70-5d41"
vary: Accept-Encoding
x-cached-since: 2022-11-17T09:24:09+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 18 Nov 2023 09:24:09 GMT

GET
H2 200 0a75d04ce9f53a1a35b6.b.js Show response
cdn.admixer.net/scripts3/51428/ 75 KB
20 KB 69ms
69ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/0a75d04ce9f53a1a35b6.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: ecd2e45fcd6ed0f17eaefccd72cdb8253be8673636adcbf3f8902aeeed654fe2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Mon, 28 Nov 2022 02:02:21 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:22:47 GMT
server: nginx
etag: W/"6375fd67-12c39"
vary: Accept-Encoding
x-cached-since: 2022-11-24T10:50:59+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 25 Nov 2023 10:50:59 GMT

GET
H2 200 c.html Show response
cdn.admixer.net/scripts3/51428/ Frame B895 738 B
405 B 57ms
57ms Document
text/html 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/c.html?b=51428
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache: HIT
cache-control: max-age=31622400
content-encoding: gzip
content-type: text/html
date: Mon, 28 Nov 2022 02:02:21 GMT
etag: W/"6375fd72-2e2"
expires: Sat, 18 Nov 2023 09:24:09 GMT
last-modified: Thu, 17 Nov 2022 09:22:58 GMT
server: nginx
vary: Accept-Encoding
x-cached-since: 2022-11-17T09:24:09+00:00
x-id: fr5-up-gc35

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 039D 23 KB
10 KB 465ms
404ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941561&bpp=3&bdt=683&idt=259&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=OTju3rWFtq&p=https%3A//www.buhoblik.org.ua&dtd=266

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

715bf308061c5de7a70365cff0a647d085c3bec4d0a127ce8a71d2efba610a86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 9903
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 02:02:22 GMT
expires: Mon, 28 Nov 2022 02:02:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C6FA 303 KB
93 KB 351ms
322ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1669600940&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941564&bpp=1&bdt=685&idt=289&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=irC6IANZ6r&p=https%3A//www.buhoblik.org.ua&dtd=294

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd6b2a5cea9e9c3918ec4081a13c2b8a7f70ffaadcbeeb03bbe17b35d4d44712

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-expose-headers: x-google-amp-ad-validated-version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 95034
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 02:02:22 GMT
expires: Mon, 28 Nov 2022 02:02:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4A0B 90 KB
32 KB 447ms
430ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=4207227173&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941565&bpp=2&bdt=687&idt=298&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=3773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEebr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=y6vGoTZ6X1&p=https%3A//www.buhoblik.org.ua&dtd=304

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf373aac619e59eb859f1d3a6bd256e380a6d6e63c3cff8ce5f9f6cbea9bfd88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 32308
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 02:02:22 GMT
expires: Mon, 28 Nov 2022 02:02:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK dsp.aspx Show response
inv-nets.admixer.net/ 5 KB
2 KB 350ms
116ms Script
application/javascript 204.62.13.72
NATCOWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/dsp.aspx?sender=admixer&rct=4&v=2.0&rnd=6800353022483756&cpv=62d5eb64-5191-c13a-6dd2-22bd43f800ff&responseType=default&uids=%7B%7D&fpd=%7B%7D&kvTargeting=%7B%7D&data=%7B%22id%22%3A%22d5e90188-6ba1-86ca-27dd-fd33f12eaf7a%22%2C%22site%22%3A%7B%22page%22%3A%22https%253A%252F%252Fwww.buhoblik.org.ua%252F%22%2C%22ref%22%3A%22%22%2C%22sf%22%3A0%7D%2C%22device%22%3A%7B%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F99.0.4844.51%20Safari%2F537.36%22%2C%22sr%22%3A%221600x1200%22%7D%2C%22labels%22%3A%7B%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22d1c0380e-1e90-3e7c-4373-a9187ec15c46%22%2C%22tagid%22%3A%22dab6be62-b1e7-4d05-a12c-0a70b3291504%22%2C%22ext%22%3A%7B%22ph%22%3A%22admixer_dab6be62b1e74d05a12c0a70b3291504_zone_1393_sect_956_site_943%22%2C%22pos%22%3A1%2C%22inView%22%3A1%7D%2C%22i%22%3A%22inv-nets%22%2C%22sender%22%3A%22admixer%22%7D%5D%2C%22allimps%22%3A1%7D&am-uid=null&3rdEnabled=true&3rd=true

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

204.62.13.72 Clifton, United States, ASN46636 (NATCOWEB, US),

Reverse DNS

Software

nginx /

Resource Hash

4270dba3c611a8728db0c1788167423d3d3fd76d3620e6e33194f1515743aa80

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 28 Nov 2022 02:02:22 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=25
Content-Length: 1681
X-Xss-Protection: 0

GET
H2 200 font-roboto.css
telegram.org/css/ Frame 63AC 6 KB
893 B 200ms
63ms Stylesheet
text/css 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/css/font-roboto.css?1

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
server: nginx/1.18.0
etag: W/"63512b7d-1816"
content-type: text/css
cache-control: max-age=345600
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 widget-frame.css
telegram.org/css/ Frame 63AC 81 KB
21 KB 263ms
126ms Stylesheet
text/css 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/css/widget-frame.css?64

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

33a2f32349a6984f77f2cd427708c9ae0002bfc90594182bbc809b71ee0cdfde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 21 Nov 2022 12:06:59 GMT
server: nginx/1.18.0
etag: W/"637b69e3-14544"
content-type: text/css
cache-control: max-age=345600
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 telegram-web.css
telegram.org/css/ Frame 63AC 27 KB
6 KB 269ms
132ms Stylesheet
text/css 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/css/telegram-web.css?36

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

94ee379c2fd3a709a328f067157f8845510400db1fd4825ad1e491efb4d47f69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 21 Nov 2022 12:06:59 GMT
server: nginx/1.18.0
etag: W/"637b69e3-6b2d"
content-type: text/css
cache-control: max-age=345600
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 chZSD0YmeW2tMWay2BYS6Bh90CLFts3D6IRTyEF7otS6YohsX0e9H7XphyPL2HmiARmz-3PuaLb4YknGilJYe9e0mAx1n00YgiNG8rOi7JABxxU4MPJP7Id6TPuvv-nnv-3MSk7Wdg3UoJtW4cUEyi3eKjctzOAUYtQoNkp3bil20thoCTCu6nD9vW3sX1OCxUK8g...
cdn4.telegram-cdn.org/file/ Frame 63AC 5 KB
5 KB 206ms
69ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/chZSD0YmeW2tMWay2BYS6Bh90CLFts3D6IRTyEF7otS6YohsX0e9H7XphyPL2HmiARmz-3PuaLb4YknGilJYe9e0mAx1n00YgiNG8rOi7JABxxU4MPJP7Id6TPuvv-nnv-3MSk7Wdg3UoJtW4cUEyi3eKjctzOAUYtQoNkp3bil20thoCTCu6nD9vW3sX1OCxUK8gs966ARe5s6hyKJAy_GvhLuoJF76ctID_3IZ4X8vmTs7AILbokPpBIEnBvfgF1MxGr0nwbT1Bkjjze0n_JANHf4FdjZ-MlP65RgwWOR-F1blX7B3JoHauwREFFnhBqjU4eZHQwPC3Qjx5Bwgqg.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

1da67e20c0a4ac1486f38f01e01cdb805992a3f857ef49dccd9529e6b7571d0c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4611
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "c306c2f92fde71f3d8b7f957309116d3efaf27c1"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 jquery.min.js Show response
telegram.org/js/ Frame 63AC 94 KB
38 KB 67ms
65ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/jquery.min.js

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-1762a"
content-type: application/javascript
cache-control: max-age=345600
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 jquery-ui.min.js Show response
telegram.org/js/ Frame 63AC 96 KB
32 KB 128ms
128ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/jquery-ui.min.js

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

eb46d82ef6f86859f18e379660e0f45b85c6f69fa97111905f0c125a08506376

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-181a9"
content-type: application/javascript
cache-control: max-age=345600
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 tgwallpaper.min.js Show response
telegram.org/js/ Frame 63AC 3 KB
2 KB 127ms
126ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/tgwallpaper.min.js?3

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 03 Mar 2022 19:57:25 GMT
server: nginx/1.18.0
etag: W/"62211da5-ba3"
content-type: application/javascript
cache-control: max-age=345600
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 tgsticker.js Show response
telegram.org/js/ Frame 63AC 24 KB
7 KB 128ms
127ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/tgsticker.js?29

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

dd6e691a27d07125e04993917cfb3f75ac9d8926f6b66d7c2e45368aa130e660

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 29 Jun 2022 21:52:44 GMT
server: nginx/1.18.0
etag: W/"62bcc9ac-5faf"
content-type: application/javascript
cache-control: max-age=345600
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 widget-frame.js Show response
telegram.org/js/ Frame 63AC 91 KB
25 KB 129ms
128ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/widget-frame.js?60

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

b4dc7118464c434f7caac42fd0535dac1102dfcace0feb4c35e3bb29594b14c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Sat, 08 Oct 2022 23:46:30 GMT
server: nginx/1.18.0
etag: W/"63420bd6-16c85"
content-type: application/javascript
cache-control: max-age=345600
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 telegram-web.js Show response
telegram.org/js/ Frame 63AC 12 KB
4 KB 129ms
128ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/telegram-web.js?14

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

e4b7033bdd850b9dd9847fb31e63627e352e38a3cb5cf5a483ca3d2cc1093c58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 18 Mar 2022 10:32:52 GMT
server: nginx/1.18.0
etag: W/"62345fd4-2e63"
content-type: application/javascript
cache-control: max-age=345600
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame C6FA 221 KB
60 KB 310ms
166ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1669600940&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941564&bpp=1&bdt=685&idt=289&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=irC6IANZ6r&p=https%3A//www.buhoblik.org.ua&dtd=294

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 24 Nov 2022 16:29:52 GMT
age: 293550
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 24 Nov 2023 16:29:52 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame C6FA 14 KB
5 KB 273ms
129ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 24 Nov 2022 16:29:52 GMT
age: 293550
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 24 Nov 2023 16:29:52 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame C6FA 94 KB
28 KB 213ms
71ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 24 Nov 2022 16:29:52 GMT
age: 293550
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 24 Nov 2023 16:29:52 GMT

GET
H2 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame C6FA 72 KB
16 KB 276ms
135ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-animation-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe75d0fb01c62e14b75d418f8e5bb6e413e49610f564e90248669d7e3513403

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 21 Nov 2022 18:08:54 GMT
age: 546808
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16659
x-xss-protection: 0
server: sffe
etag: "94fac542ca9cc297"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 21 Nov 2023 18:08:54 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame C6FA 5 KB
2 KB 306ms
165ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 24 Nov 2022 16:29:52 GMT
age: 293550
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 24 Nov 2023 16:29:52 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame C6FA 40 KB
14 KB 198ms
57ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 24 Nov 2022 16:29:52 GMT
age: 293550
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 24 Nov 2023 16:29:52 GMT

GET
H2 200 uk.png
tpc.googlesyndication.com/pagead/images/abg/ Frame C6FA 3 KB
3 KB 182ms
65ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/uk.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 19:08:23 GMT
x-content-type-options: nosniff
server: cafe
age: 24839
etag: 14587847488922671356
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3073
x-xss-protection: 0
expires: Mon, 28 Nov 2022 19:08:23 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame C6FA 344 B
474 B 174ms
58ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 10:22:22 GMT
x-content-type-options: nosniff
server: cafe
age: 56400
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Mon, 28 Nov 2022 10:22:22 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C6FA 0
21 B 112ms
111ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CMu9jrRaEY97gONmT9u8Pqb270AzipKLLbe60g7GMEMC1lphDEAEg5-TyFmCVAqAB8O6B4QPIAQmpAv1d4nqfcLE-qAMByAMIqgTyAU_QD6Ia-J_GmRXLQ2xDuTvnpFNG-P94sIh5-bUoO5JPUj28FjJMkyaqKYCZuzoQ-S3Z_UJlemxn5pjjixXnmatsEyL9Hbbsvpn55ird4E9Hd3B9CEnzD7BwLtm2wFrdRVgyVtSrVTBE1e6FYuiqAnEoJxrHq1oX1jOSCjPt5022MZqlMAsrSzFnOCxCk__zkJJW7nxCEyDzyhdIi3XaiefwyslNt1EwQtbbp4dnr-lAqyxH1Om9jsNgp9f_Kb7MBZlTyGTg-wU7cd1anFsSe2lP2DRrhtSefFCfxxF2ZZhcLedoE1YXfC0_xDTI4ToTxUomwAT_ycWwyAOSBQQIBBgBkgUECAUYBKAGLoAH-JD-HqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEPGyBtIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMK0BUBmBYBgBcBshccChoIABIUcHViLTU2MzA5NTY3NjYyMTY0NjUYAA&sigh=_uRlsCvItf8&uach_m=[UACH]&cid=CAQSGwDq26N9U4LrDWzqm2SR_IO1v_rUC3cAUIMsBRgBIBM&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1669600940&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941564&bpp=1&bdt=685&idt=289&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=irC6IANZ6r&p=https%3A//www.buhoblik.org.ua&dtd=294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 28 Nov 2022 02:02:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 28 Nov 2022 02:02:22 GMT

GET
DATA 200
OK truncated
/ Frame C6FA 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0f207100aa3d7211bce9ad48d93781f0c069df7c12a729b6f6ffc5f90bf62eca

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ 121 KB
40 KB 349ms
58ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

87f31cded62015a1d11cce6be7a32b77405de2fb36f4b8a7c2c5a4ccabd6a403

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-1e444"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 29 Nov 2022 02:02:22 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
182 B 173ms
51ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/51428/a21031c0f6a0994b3314.b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.buhoblik.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.buhoblik.org.ua
date: Mon, 28 Nov 2022 02:02:22 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

GET
H2

200

cm-notify
creativecdn.com/
Redirect Chain

https://creativecdn.com/cm-notify?pi=admixer
https://creativecdn.com/cm-notify?pi=admixer&tc=1

42 B
243 B

50ms
49ms

Image
image/gif

185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativecdn.com/cm-notify?pi=admixer&tc=1
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 28 Nov 2022 02:02:22 GMT, Mon, 28 Nov 2022 02:02:22 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 42
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://creativecdn.com/cm-notify?pi=admixer&tc=1
date: Mon, 28 Nov 2022 02:02:22 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 1px-matching-admixer.gif
m.trafmag.com/images/ 35 B
351 B 217ms
51ms Image
image/gif 193.200.65.6
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.trafmag.com/images/1px-matching-admixer.gif?id=2a357c1d8e964dda95ff7416f24834c4
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 193.200.65.6 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: adforce.team
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif
Date: Mon, 28 Nov 2022 02:02:22 GMT
Server: nginx
Connection: keep-alive
Content-Length: 35
P3P: CP="NON DSP COR CURa TIA"

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://ib.adnxs.com/setuid?entity=533&code=2a357c1d8e964dda95ff7416f24834c4
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D533%26code%3D2a357c1d8e964dda95ff7416f24834c4

43 B
844 B

66ms
66ms

Image
image/gif

185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D533%26code%3D2a357c1d8e964dda95ff7416f24834c4

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Nov 2022 02:02:22 GMT
AN-X-Request-Uuid: 58a118a1-76fe-40b8-852a-2972102c34a5
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 82.199.130.41; 82.199.130.41; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 28 Nov 2022 02:02:22 GMT
AN-X-Request-Uuid: efeb6494-271d-42c4-b193-bd5df20d2faf
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D533%26code%3D2a357c1d8e964dda95ff7416f24834c4
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 82.199.130.41; 82.199.130.41; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

adxcm.aspx
inv-nets.admixer.net/
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=160846&gdpr={gdpr}&gdpr_consent={consent}&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D160846%26pmc%3DPM_PMC%26pr%3Dhttps%253A...
https://image8.pubmatic.com/AdServer/ImgSync?p=160846&gdpr={gdpr}&gdpr_consent={consent}&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D160846%26pmc%3DPM_PMC%26pr%3Dhttps%253A...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QzM0NTcwQzYtN0EyMS00NUY5LTlCNTktODU5OUMwQkU1MTRG&gdpr=0&gdpr_consent={consent}
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent={consent}
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent={consent}
https://image4.pubmatic.com/AdServer/SPug?partnerID=160846&pmc=1&pr=https%3A%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3D8B7CB874-411E-4307-9BD3-661F1CB0A0E6%26id%3DC34570C6-7A21-45F9-9B59-8599C...
https://inv-nets.admixer.net/adxcm.aspx?ssp=8B7CB874-411E-4307-9BD3-661F1CB0A0E6&id=C34570C6-7A21-45F9-9B59-8599C0BE514F

43 B
463 B

113ms
113ms

Image
image/gif

204.62.13.72
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/adxcm.aspx?ssp=8B7CB874-411E-4307-9BD3-661F1CB0A0E6&id=C34570C6-7A21-45F9-9B59-8599C0BE514F

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Server

204.62.13.72 Clifton, United States, ASN46636 (NATCOWEB, US),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 28 Nov 2022 02:02:23 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

location: https://inv-nets.admixer.net/adxcm.aspx?ssp=8B7CB874-411E-4307-9BD3-661F1CB0A0E6&id=C34570C6-7A21-45F9-9B59-8599C0BE514F
date: Mon, 28 Nov 2022 02:02:21 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

cm.aspx
inv-nets.admixer.net/bs/
Redirect Chain

https://x.bidswitch.net/sync?ssp=admixer&user_id=2a357c1d8e964dda95ff7416f24834c4&gdpr=&gdpr_consent=&us_privacy=[usPrivacy]
https://x.bidswitch.net/ul_cb/sync?ssp=admixer&user_id=2a357c1d8e964dda95ff7416f24834c4&gdpr=&gdpr_consent=&us_privacy=[usPrivacy]
https://ws.rqtrk.eu/pull?redirect=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D193%26user_id%3D%24BROWSER_ID%26expires%3D1%26ssp%3D%24bidswitch_ssp_id&return-unstable=true&eb=&bidswitch_ssp_id=a...
https://x.bidswitch.net/sync?dsp_id=193&user_id=&expires=1&ssp=admixer
https://inv-nets.admixer.net/bs/cm.aspx?id=10ca0609-e3e3-499c-90cf-e6393d81ef4f&gdpr=&consent=&gdpr_pd=

43 B
463 B

115ms
115ms

Image
image/gif

204.62.13.72
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/bs/cm.aspx?id=10ca0609-e3e3-499c-90cf-e6393d81ef4f&gdpr=&consent=&gdpr_pd=

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Server

204.62.13.72 Clifton, United States, ASN46636 (NATCOWEB, US),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 28 Nov 2022 02:02:22 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

location: //inv-nets.admixer.net/bs/cm.aspx?id=10ca0609-e3e3-499c-90cf-e6393d81ef4f&gdpr=&consent=&gdpr_pd=
date: Mon, 28 Nov 2022 02:02:22 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
DATA 200
OK truncated
/ Frame C6FA 56 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e5eb27dce9681337b02a363fa1ffb28b0889ced23e0eba592fea3db0f76d2417

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ Frame C6FA 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c4bb4b37f05bc5752d618ab4828f2a6749b9046ddec75fbc50d7943befd31e6

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C6FA 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 863becff90bf1df06057ece7de31b1873e4b7a56e7b5b2e2d8b48fd10b44c228

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 039D 3 KB
2 KB 92ms
57ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941561&bpp=3&bdt=683&idt=259&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=OTju3rWFtq&p=https%3A//www.buhoblik.org.ua&dtd=266

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 20:39:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19343
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 20:39:59 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 039D 18 KB
7 KB 94ms
59ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941561&bpp=3&bdt=683&idt=259&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=OTju3rWFtq&p=https%3A//www.buhoblik.org.ua&dtd=266

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 12:23:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49114
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 12:23:48 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 039D 0
0 102ms
101ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=COcK-rRaEY4_cOIK89u8PuMGKmAjJntKxXPWR3r6xAcCNtwEQASAAYJUCggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAv1d4nqfcLE-qAMBqgThAU_QLAQb2Qe381FP9uz0fhHhby0CxlcP3reS20rLbPaCT6YMgLXhTt8cv6LuPYh2bKvziR9DX733extRFKKpYnbZvZXElIu4G4AtTeFaJ2XMaBMUpRmAun88OBVOc1fOW1XHB-o1QsdPj9rUE8HPtUiyTyUdThTNOq_KU8vyUYQEpi__qA1DXkexk1ijf5O1O-kRtcLNOeMn-tgK8tN1RskzW6lTH_KwnkKh3w_phzpFY9bwmVg4i6nRdTbpxokXeExOfWjVAeRCLwurJZKuguG4UBMNg3Qr8MIDBMvkDWOnnIAGx83PmN-e7an5AaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNTYzMDk1Njc2NjIxNjQ2NRgA&sigh=jf8QxWBehJA&uach_m=[UACH]&cid=CAQSGwDq26N9N_xsuEqyNop6gm_Jlpy3Mt2BR7lA2xgBIBM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941561&bpp=3&bdt=683&idt=259&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=OTju3rWFtq&p=https%3A//www.buhoblik.org.ua&dtd=266

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941561&bpp=3&bdt=683&idt=259&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=OTju3rWFtq&p=https%3A//www.buhoblik.org.ua&dtd=266
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 28 Nov 2022 02:02:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 28 Nov 2022 02:02:22 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 039D 0
0 172ms
57ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kpCTFMz6RNoFmAKdg2ICAgAAAL3dF7qT-P8r2nHJuhCtFoRj5mNxBMYIl6wnoHkAEgAA&wp=Y4QWrQAOLg8H_Z4CAAKguI-rbeZrOUj-QNc3PA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941561&bpp=3&bdt=683&idt=259&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=OTju3rWFtq&p=https%3A//www.buhoblik.org.ua&dtd=266

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:21 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 279550
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 4F4C 174 KB
54 KB 287ms
152ms Document
text/html 2a02:2638::b
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Y4QWrQAOLg8H_Z4CAAKguI-rbeZrOUj-QNc3PA&u=%7CmFnMdRckbN3s%2F2pptoxEehioBxi7CdvAQWy5n%2Be7peg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi6ziEzHnRQPmm8hAoZUVgSTX_AWgdAO64ie0U4sFPu7ENo1NEkSI7vSA5WoTxrzNKnML50pN-1TWlOYhBmsQIxpcBP_L5QrCICDFz7Z39gJ1txSOryi19RL4hdSBm86uGmz73U40V_39wuOM8EXnoi11MmsjPB2ISo9uYgLnBX6449KOmuNZXXeHdBqpgYPIQGWQn3DyWtuRDrL0A4yolUXJUjgN2YkIKnUyUxaqMISmvADaQny-iggkyckufkkaZvmvQpCbywF9LHocTFSBs1LZCU_2K86hqVN0Sby8otZ17Z9kUvhA7aRyP5Oxz8gBvqCBa71n8mzB-XAZYSQqvmVVVwtFOgQfxguRr5TZXzyazvns-Q75pDwUVyCgZy9IdZ3qbtNRGAr8Ctlml9DeEuh03bxcFjUUYWQGSUlHqmkasS5V0dI6OhukPl703Dur6S3PB8KZluqMpGLIX4DvuhbmI_8OKk5wjQi1wKKYJSIhX0zLsXlVMgWfYfnvZrg6sRp_xS5hlbtyM9ToqIAxZ2C0MIB_DPcdKtHDOG0jIPzQyIMamRNCqzKI&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvqv-rRaEY4_cOIK89u8PuMGKmAjJntKxXPWR3r6xAcCNtwEQASAAYJUCggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAv1d4nqfcLE-qAMBqgTkAU_QLAQb2Qe381FP9uz0fhHhby0CxlcP3reS20rLbPaCT6YMgLXhTt8cv6LuPYh2bKvziR9DX733extRFKKpYnbZvZXElIu4G4AtTeFaJ2XMaBMUpRmAun88OBVOc1fOW1XHB-o1QsdPj9rUE8HPtUiyTyUdThTNOq_KU8vyUYQEpi__qA1DXkexk1ijf5O1O-kRtcLNOeMn-tgK8tN1RskzW6lTH_KwnkKh3w_phzpFY9bwmVg4i6nRdTarxKiF_8PSbtdJFUeSEq1TLIakNOuWSJG5S0mNAn0dKNNhp-e0I192yYAGx83PmN-e7an5AaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3KcSMmYDFQJ9dgoaOTW7O-JQTvlQ%26client%3Dca-pub-5630956766216465%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941561&bpp=3&bdt=683&idt=259&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=OTju3rWFtq&p=https%3A//www.buhoblik.org.ua&dtd=266

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::b , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a5669688020ce830e03d9cf7f5e76e649b21cd2a52acb418c16fa10b7df9db1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 02:02:22 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=Zz_OxZ08eoEb-Q27li2G7iyIYyqKzMlW7d11tbfj1YlAYwDgydYM1Iz5tqWs0DOvhrRBvKUIe026vsgRzZ2jvXqi1fRUykTRAE1KJX77ZcbsNlQ1mNOAjq3yJebee6-D9PYzysFO9EKpa_7A7Z9UBxZlD5Wzl8miVeBWH6OzlUFLTm1LJzRp5WOr7Xt82YyK9KSaY-xHI7fm7vXpjq8u33HbfzmB8xPggPy29xEoYNMMSzj5EsMtwqVlsWtVKDoy_SV5YA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 87050042
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 039D 154 KB
48 KB 194ms
72ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941561&bpp=3&bdt=683&idt=259&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=OTju3rWFtq&p=https%3A//www.buhoblik.org.ua&dtd=266

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 28 Nov 2022 02:02:22 GMT

GET
DATA 200
OK truncated
/ Frame C6FA 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d130141331999d0830ff4d31900720d58382d820f5a6df810780193a4cb0eccc

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C6FA 879 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bda0abf7f8615298475242a005ccfc0bfe887c43a71555288c4fd42d42d380f8

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C6FA 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f44a512b87b9a63da9b969a44054d0264649b776d682894db413f1d3c45aa28

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 4A0B 6 KB
1 KB 182ms
66ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=4207227173&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941565&bpp=2&bdt=687&idt=298&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=3773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEebr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=y6vGoTZ6X1&p=https%3A//www.buhoblik.org.ua&dtd=304

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 28 Nov 2022 02:02:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 01:07:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Nov 2022 02:02:22 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 4A0B 2 KB
846 B 57ms
57ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 11:55:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50827
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:55:15 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4A0B 0
0 102ms
102ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CjJ5HrRaEY4TpOMOs9u8P4NmQ0A6zmo3eZbKM8ciqCYiU-IezAhABIOfk8hZglQKgAamK8P4DyAEJqQL9XeJ6n3CxPqgDAcgDywSqBOkBT9DN4vS_j7S1PhAXCcPCWlM36MO0BLmhcf6LEecE1eZOOpMITKzp_02D0sqs3s0a209UC3S0rN9iz4FHRUL8SJlENYb9jKvEajJPg7_aeLkaXYd5t-etE5iDu6k_kGwZMdfjyz7-Kl6dbV49ZZDkJtBBIEbTHSctfajtn2E0gW-heIcf3z1Wwd7W7hR0_hDNLnhJN9q1MPB3w6NZJHB2hTHi-MxGNIxeqN1bAkar2w2NbJ12oSfLAoPlOeF9hyZkB7mnZgy0LCzo3PRnLx4bD6_nsTv-TYLseJA9p2yEJVuEqhxjanda1eXABPCM8YqGApIFBAgEGAGSBQQIBRgEoAYugAe_9Y8BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQr_cB0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwG4E-QD2BMNiBQE0BUBgBcBshccChoIABIUcHViLTU2MzA5NTY3NjYyMTY0NjUYAA&sigh=eANtGdgbk6w&uach_m=[UACH]&cid=CAQSGwDq26N9dPdEWwf18CDZub7l36XaWg_t9pi-AxgBIBM&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=4207227173&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941565&bpp=2&bdt=687&idt=298&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=3773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEebr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=y6vGoTZ6X1&p=https%3A//www.buhoblik.org.ua&dtd=304
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 28 Nov 2022 02:02:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame 4A0B 23 KB
9 KB 69ms
69ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 07:15:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 67620
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9428
x-xss-protection: 0
server: cafe
etag: 246362764157784863
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 07:15:22 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 4A0B 3 KB
1 KB 112ms
111ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 20:39:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19343
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 20:39:59 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 4A0B 18 KB
7 KB 115ms
114ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 12:23:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49114
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 12:23:48 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4A0B 154 KB
47 KB 243ms
153ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 28 Nov 2022 02:02:22 GMT

GET
H3 200 f7733d2b54a65c984752ab0a98c7def9.js Show response
www.gstatic.com/mysidia/ Frame 4A0B 34 KB
14 KB 172ms
57ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f7733d2b54a65c984752ab0a98c7def9.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d028ff06991dab0e77014a91995a9c0d6672a90e68edc339cd62a566fe361ace

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 15:56:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 295571
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14118
x-xss-protection: 0
last-modified: Mon, 14 Nov 2022 13:59:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 22 Feb 2023 15:56:11 GMT

GET
H2 200 2728354180183721846
tpc.googlesyndication.com/simgad/3989421941205656321/ Frame 4A0B 14 KB
14 KB 121ms
121ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3989421941205656321/2728354180183721846?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

360937ad284033aad16f203ee44b9659aa0beaf952f6bc2ecaed1e2b130f2e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 21:34:45 GMT
x-content-type-options: nosniff
age: 16057
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14402
x-xss-protection: 0
last-modified: Thu, 21 Jul 2022 13:47:13 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 27 Nov 2023 21:34:45 GMT

GET
H2 200 2728354180183721846
tpc.googlesyndication.com/simgad/1504279965329857114/ Frame 4A0B 3 KB
3 KB 136ms
136ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1504279965329857114/2728354180183721846?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66c2228852043aa80c2a6ed1489557620b6f4f1daefb74ee035e0f4713437a15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 20:11:32 GMT
x-content-type-options: nosniff
age: 193850
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2626
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 07:40:13 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 25 Nov 2023 20:11:32 GMT

GET
H2 200 E280BC.png
telegram.org/img/emoji/40/ Frame 63AC 1 KB
1 KB 115ms
113ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E280BC.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 4a003dc58f3e95a18e44712b9161181319e6a40613242cbcac158f6dc8d7339d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-4a6"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1190
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 E28FB1.png
telegram.org/img/emoji/40/ Frame 63AC 3 KB
4 KB 115ms
113ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E28FB1.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: b7b093955e7487be1bbec86d8a7ab2012c4716b5cf31b2b6df500edc04c06255

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-d5a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 3418
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 F09F9385.png
telegram.org/img/emoji/40/ Frame 63AC 2 KB
2 KB 115ms
113ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F9385.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 5abe4ec1b14120ec963c7bec8267ed0bbdcd52694f48daf0f1a57279748a1c6a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-7f3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 2035
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
DATA 200
OK truncated
/ Frame 63AC 683 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9f40990683165a6c0b9eabab4ffbb1b6a2fb9617b2fe3101ee64299245dfe743

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 E29C85.png
telegram.org/img/emoji/40/ Frame 63AC 2 KB
2 KB 114ms
113ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E29C85.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: d097bda59092b06b5bb3051bbef1791e8a7fc533a5aa62e40e898b3ec9308249

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-666"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1638
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 F09F92BB.png
telegram.org/img/emoji/40/ Frame 63AC 2 KB
2 KB 114ms
113ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F92BB.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 26345a9625172670562d7ab2395db6bd15311e0f6cf5e66f2b4478bd994a7f6d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-71b"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1819
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 BcRnFmg1xYTpkmjYorR9k0FEW0Sau-DcJvRwcN61DHYLu3cChL0HJwEuEb0T7MpLYHaLzVlPgRWLizD-i3gmfd4Aa_6GUMxdeHnYNteJXPlo8wl89xnTY2GFzJhdP8crpRAkPx9CNhPe9yMaMCj8qgIa4SqLtFxzY9-wTFdWxG9W6lnOqiCNAtfdqrFmZR0wso2pL...
cdn4.telegram-cdn.org/file/ Frame 63AC 111 KB
112 KB 197ms
78ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/BcRnFmg1xYTpkmjYorR9k0FEW0Sau-DcJvRwcN61DHYLu3cChL0HJwEuEb0T7MpLYHaLzVlPgRWLizD-i3gmfd4Aa_6GUMxdeHnYNteJXPlo8wl89xnTY2GFzJhdP8crpRAkPx9CNhPe9yMaMCj8qgIa4SqLtFxzY9-wTFdWxG9W6lnOqiCNAtfdqrFmZR0wso2pL6tH3Rig-n2K6i-ew1sEHPcmMnmMsgpuNP0hupJlNxDpV_zwPfHYr7cdL7Aixadn_mELxrgEnjBiyDA86XbBtd1aNCz7KL5IPMd9GzFUwKDR_pZabfFG0_MAaL2UxFfrePFc7YUkF6WnH2ecvw.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

3ab6bdc45b9e7ecded30d4f1c7b2215e990f446f331d3b646dffd6bb2c081c1c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 114107
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "776bbe9870fa58d9602df6d056a2227030b36098"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 E28FB0.png
telegram.org/img/emoji/40/ Frame 63AC 4 KB
4 KB 115ms
115ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E28FB0.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 32ae77196cf412d763b87b2aa85b038f536201a0df7164ed74581402b4733511

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-10e4"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 4324
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 vZZ6EsMTLQyAKhdgJGMo-p5tbwVGKD0TBZESuAytpZi6jCMhTbihcdDqyr-IcLrMkzNnHSBDeo9D6y9a6ihyMjf8lykiw31jxs0Nc7uJprGIRMwr2iKrHdUg-xTP9o5eqX7V47WGoTkLiU1VC1JfG9z8PPLbf9P7znbxTHU7jv0e78HNPOjprrxuIcazdDuCeQanR...
cdn4.telegram-cdn.org/file/ Frame 63AC 74 KB
74 KB 284ms
165ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/vZZ6EsMTLQyAKhdgJGMo-p5tbwVGKD0TBZESuAytpZi6jCMhTbihcdDqyr-IcLrMkzNnHSBDeo9D6y9a6ihyMjf8lykiw31jxs0Nc7uJprGIRMwr2iKrHdUg-xTP9o5eqX7V47WGoTkLiU1VC1JfG9z8PPLbf9P7znbxTHU7jv0e78HNPOjprrxuIcazdDuCeQanRv6HMQCG1KKRaUhuLehevriAH70K2TYGZuujWp8QOzIpqPOzAqC5S8vcasx51fdsnvkgwR-H9LJPgao6hUBv66sNNOyFOyOlYh97nBUtxZvQD0SqvQnqZNuDt2cnVnXREUAo_IeSYFTOuRgdnw.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

1d08840a75c155fca6642bcc3d7ecc34497f6e0d19d030b1f2e0e249c753cfa3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75518
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "b6ef20de73f0107d5f6e8727b2951a9fcf7b3174"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 rW3M0eCxgXzd8dxfvkujgTIUkaX1DXwiL2zsKml9bYoysQi40kHBaTWywJxbBS6o7RXhzqAFYlpqkXI2S7tQSkRiWTY00-v4FuDWpFctiTQ36oL92rNsGZivtAGi03eLzXZizJ-z-Z4pTkPclcSuWS532W-wI5dlFAa5gY_Yn3GF5qAiISyLb2jMUTeui0quesRAz...
cdn4.telegram-cdn.org/file/ Frame 63AC 59 KB
59 KB 310ms
191ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/rW3M0eCxgXzd8dxfvkujgTIUkaX1DXwiL2zsKml9bYoysQi40kHBaTWywJxbBS6o7RXhzqAFYlpqkXI2S7tQSkRiWTY00-v4FuDWpFctiTQ36oL92rNsGZivtAGi03eLzXZizJ-z-Z4pTkPclcSuWS532W-wI5dlFAa5gY_Yn3GF5qAiISyLb2jMUTeui0quesRAzNWj9ELt_ahIwtv_u_uwe6_cWymZAkHa4RIgaPBCfiY_Ughpk6E3gRnSAr4e-wtRdgFZ3R_zZnOvovTQ_NTO0w9_b4xTz4v49F1efo_lhjff_3R4cTMJs_GeylXt8mhmUaI5Pb6y3mIhCKswLw.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

536dab3f6cefa51f81e172ead35c79e2de704da110f4ee6e8286c3fa782467f2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60176
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "d8a30d193d651c7f503ab8ed688505e5c21a7241"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 E296B6.png
telegram.org/img/emoji/40/ Frame 63AC 2 KB
2 KB 115ms
115ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E296B6.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: cf834601aa3e59f6a61453790dc88447b3d3910cc297be5f7891c41cc0ca21e9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-67a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1658
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 p-RL1Z_a-xy7xMuUpzvq8Tzwsk2ypVirRDH7_AkMmcM5HSnrToOfjdSMHJCbfOVNZhrFDQhPdvBJ5Y1V5nI_xGbisrfUHp0hbCS9vdHfn4eO1AWi_jHt14VbhAbewxOT-tmPRvJ5ve7X36-FeMW2SjUzM0odLgdHD0NHqOZxTyZz5CRYbuCUr1yqMrh4NziP6Ib-k...
cdn4.telegram-cdn.org/file/ Frame 63AC 139 KB
139 KB 251ms
134ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/p-RL1Z_a-xy7xMuUpzvq8Tzwsk2ypVirRDH7_AkMmcM5HSnrToOfjdSMHJCbfOVNZhrFDQhPdvBJ5Y1V5nI_xGbisrfUHp0hbCS9vdHfn4eO1AWi_jHt14VbhAbewxOT-tmPRvJ5ve7X36-FeMW2SjUzM0odLgdHD0NHqOZxTyZz5CRYbuCUr1yqMrh4NziP6Ib-kIydvgYiPInFAAtCKLGjAEaO-L93szKMxB5ITSlflxgV5sip5e_4YxU6xOzGdPoZvEkL0WCK5tz8SeYL8tKaGB4UesZIqObx5cDcxco2lwh5GcntYO8EUqqzelqGTngQFS4LDWwsbwrkNyWMUA.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

8f134d02dbaaa69fde869549843924df75159df9a772686e86d6621235df5f61

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 142102
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "f105f66d4250bb4dc1e574dc506c118227fa18ae"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 iIxU4b5uoAJh_V3pnhJh8YkjSNQB-yQ5gFAvOROZUGZVQGkhxLsmDF8D8YAuzkvys2OawO4_i72hrs0kO8MVXXiJTSqSDgU2wkQlTJyd5Wg284OqPHAZkDHWxJUvQbVkIwwFsJEL8UC-tSBRCy6zKlp-k7mvxbWJMVRe4e_8kaaGXWr4QUDzuZDlmG8Xr0VvfW81N...
cdn4.telegram-cdn.org/file/ Frame 63AC 127 KB
127 KB 379ms
262ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/iIxU4b5uoAJh_V3pnhJh8YkjSNQB-yQ5gFAvOROZUGZVQGkhxLsmDF8D8YAuzkvys2OawO4_i72hrs0kO8MVXXiJTSqSDgU2wkQlTJyd5Wg284OqPHAZkDHWxJUvQbVkIwwFsJEL8UC-tSBRCy6zKlp-k7mvxbWJMVRe4e_8kaaGXWr4QUDzuZDlmG8Xr0VvfW81NjlhARm8hF1FOZvynp5Eo35ezjZV42TKFuYas67TMJEkbHLoK28VqZiSdIYiqpUN30Ea4cU9IM8AMkM5IMUnIiBhoyF_UzJ08oxgMF3aT3Vmm5MTgU4_QnQPQrvUGQJL3n1ZdLoTHZCflXTmqA.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

270da210042927d64ae9d90ac346efb9251673a97dca3bce20cb86bac11fe8de

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 130295
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "eb966f90854da668ec7d873dbcfebae49abbc00a"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 KjN1OFBa_APvEgDl4JzwoO-KhBhCzittsOftdyWAT4cQF0xeQAgQSuHbr8bJFE-7sJXf-3OWVZN6eRbKUgRS0B5hjiMSmrPBEW4euyxS5aMDBTqoRl40z8MWpddzcMnZoEtldIEbLZSvoRqhfpMad9W2fe7vCHQi8EjtkxU3diSurMHYUwFbGEUNr4FOoU7d88Owq...
cdn4.telegram-cdn.org/file/ Frame 63AC 117 KB
117 KB 286ms
285ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/KjN1OFBa_APvEgDl4JzwoO-KhBhCzittsOftdyWAT4cQF0xeQAgQSuHbr8bJFE-7sJXf-3OWVZN6eRbKUgRS0B5hjiMSmrPBEW4euyxS5aMDBTqoRl40z8MWpddzcMnZoEtldIEbLZSvoRqhfpMad9W2fe7vCHQi8EjtkxU3diSurMHYUwFbGEUNr4FOoU7d88OwqBE0nygUol4BWdJPMdyocIBSF-Xzqfo91-EDalWuVITQ_N5iGkdZ397bwM9HvRVyVivqv3DjArayQM9okTJLpsxyf9zK2t7vYSUgK7tr9gccnUA_ifY3vnEtPynemRhKWoxt1R1GvZM6BairnQ.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

fea9410090e77370f2d0d4d67902794536bada2b9db8bb8b5fa859c65d2c4e2c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119403
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "b2c5e2ed09060f068c53e8e78bdc33b5372bfcea"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 bVN2MTrmr3x2SHBmY89W0vVu03DR1lX4xJ1nqfFwX5DBOa1JMMV6jruwP54Rxn-znJtzmTm41X5JNRVcd-YPljMBPOgGOubkaQmx_1KJxDxNkehmojS6DMgSg50cauVv0XMMlttOgk0bduMvZkPVNH5PvYcB9VnWGTNP7nGPZ1-n3n0luzmf2qBvA1dNw4wlohHCY...
cdn4.telegram-cdn.org/file/ Frame 63AC 70 KB
70 KB 294ms
294ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/bVN2MTrmr3x2SHBmY89W0vVu03DR1lX4xJ1nqfFwX5DBOa1JMMV6jruwP54Rxn-znJtzmTm41X5JNRVcd-YPljMBPOgGOubkaQmx_1KJxDxNkehmojS6DMgSg50cauVv0XMMlttOgk0bduMvZkPVNH5PvYcB9VnWGTNP7nGPZ1-n3n0luzmf2qBvA1dNw4wlohHCYhimQwGB_YwYyHd3Ol_Ria6wlR7andk3pwwy_gcmn_JMPMU8qFjCt5qrXCVzCVbnPHHLhtOlCEzd6UoBgRTRI4yZ0vDVzpE9nwEJiK7SLAWWB-SFs7xR0H4yWahboWt4_5-EG1uSew6XebSt7w.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

2c9a2879929c9fdef7095f7a7e50abcce73f7479a9739e30be86f9cc5bb5de64

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71509
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "b9d3b03c9231bff915b4666eaf0f54c17253fbfd"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 F09F96A5.png
telegram.org/img/emoji/40/ Frame 63AC 1 KB
2 KB 113ms
113ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F96A5.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 25acfe84806b66b7cd6fa3c4f94183e78a32025415c2bd01d3dfb16340ab2e47

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-595"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1429
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 F09F968C.png
telegram.org/img/emoji/40/ Frame 63AC 2 KB
2 KB 113ms
113ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F968C.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: b87673d5f4085602ca52a2a9f1e923a436cfd682dce3050cf78fb11630e8f682

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-82a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 2090
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 YOFkMvyQjgXHzQwZRSXPQ9enuQz9IC0Kw4JOusiwqx5bGyNZ_7wmtaFLWykw-_rbsHiAFGs_UWxRGtIGQ8Bl9G8npurJ7fsyimrHaRxLnGX9sZmDvgjvplOytpkhTEgCFb9l5v6hDWJwIxzkuJh5mJRe74DkJ8AFMrrCTcTDxegmRF8xbvdsQUwxWNP9P6aEUJJZn...
cdn4.telegram-cdn.org/file/ Frame 63AC 87 KB
87 KB 252ms
252ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/YOFkMvyQjgXHzQwZRSXPQ9enuQz9IC0Kw4JOusiwqx5bGyNZ_7wmtaFLWykw-_rbsHiAFGs_UWxRGtIGQ8Bl9G8npurJ7fsyimrHaRxLnGX9sZmDvgjvplOytpkhTEgCFb9l5v6hDWJwIxzkuJh5mJRe74DkJ8AFMrrCTcTDxegmRF8xbvdsQUwxWNP9P6aEUJJZnPZ0mrnzxgh9OtWQgAslH5KQDPEeRSjGF4XpRVulXlvKhyloMv1Nlo3gz4mfTQUsemzNeWFY2tlNOdc9P85eily-ci1mYi36QxIyKYJGifAPoHAaSlt8wVzCeRNdsjli8JHCs37eUUDmhTU0Kg.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

e59d8c09b277f6914f2ff5b4f28a68e60f162530bb5eb6025763955f132fb93b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 88601
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "249c1ae250527f7a6a09d1f245d846d9b7992832"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
telegram.org/fonts/Roboto/ Frame 63AC 11 KB
11 KB 201ms
67ms Font
application/octet-stream 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL: https://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by: Host: telegram.org
URL: https://telegram.org/css/font-roboto.css?1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

Request headers

Referer: https://telegram.org/css/font-roboto.css?1
Origin: https://xn--r1a.website
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
server: nginx/1.18.0
etag: "63512b7d-2b14"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 11028
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
telegram.org/fonts/Roboto/ Frame 63AC 11 KB
11 KB 267ms
133ms Font
application/octet-stream 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL: https://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by: Host: telegram.org
URL: https://telegram.org/css/font-roboto.css?1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: bce2f309470952b7affa62ff4d91b454334c68cefa541429b502904d20696875

Request headers

Referer: https://telegram.org/css/font-roboto.css?1
Origin: https://xn--r1a.website
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
server: nginx/1.18.0
etag: "63512b7d-2b40"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 11072
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fABc4AMP6lbBP.woff2
telegram.org/fonts/Roboto/ Frame 63AC 6 KB
7 KB 264ms
134ms Font
application/octet-stream 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL: https://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fABc4AMP6lbBP.woff2
Requested by: Host: telegram.org
URL: https://telegram.org/css/font-roboto.css?1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 3e70e149a35f394bb78ef7842de11a06359fed7828f30331594a28d196c54012

Request headers

Referer: https://telegram.org/css/font-roboto.css?1
Origin: https://xn--r1a.website
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
server: nginx/1.18.0
etag: "63512b7d-19e8"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 6632
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2
telegram.org/fonts/Roboto/ Frame 63AC 6 KB
7 KB 262ms
132ms Font
application/octet-stream 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL: https://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2
Requested by: Host: telegram.org
URL: https://telegram.org/css/font-roboto.css?1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 41b5c3b25f4258190937deb900fa57a6db6d450ce7dd2af2259af760119a1c41

Request headers

Referer: https://telegram.org/css/font-roboto.css?1
Origin: https://xn--r1a.website
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
server: nginx/1.18.0
etag: "63512b7d-193c"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 6460
expires: Fri, 02 Dec 2022 02:02:22 GMT

GET
DATA 200
OK truncated
/ Frame 039D 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5f87e2c65587da1947f98df650a5cb14b9ec2c76731e8e93ef875acd1299327e

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 204
No Content ev_prebid.aspx
inv-nets.admixer.net/ 0
220 B 114ms
113ms Image
text/plain 204.62.13.72
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/ev_prebid.aspx?cc=DE&am-uid=2a357c1d8e964dda95ff7416f24834c4&zone=DAB6BE62-B1E7-4D05-A12C-0A70B3291504&device=28&rule=A115463E-E95D-4D45-91E3-2BE636EF4375&requestId=2a53a283-fda9-4875-a36a-98366b8ff969&hp=-967666016&page=www.buhoblik.org.ua%2F&ts=638051977422142206&ap=MA%3D%3D&asign=-891405884&sync=3%2C51%2C22%2C88&bt=3&carr=Core-Backbone&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=1A4D80BD-B81F-427C-A6F6-12DD363AA495&inst=ADS-NYC-1&pxl=0&pvid=8d42bcd2-4b42-44b0-af91-79abd943566b&ip=82.199.130.41&item=2C5EF17D-B996-4A90-AEDF-0FF46DF1CE39&crid=2C5EF17D-B996-4A90-AEDF-0FF46DF1CE39&size=350x240&profile=A0E4EF3E-1F40-4319-A1CF-B36A82B3ABD5&isopt=0&adv=N%2FA&dsp=Admixer+Display&dstUrl=&cet=18&sw=[e=screen.width]&sh=[e=screen.height]

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

204.62.13.72 Clifton, United States, ASN46636 (NATCOWEB, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 28 Nov 2022 02:02:22 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
DATA 200
OK truncated
/ Frame 4A0B 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bee3c5a62a6bf13e063add2528bbce5c0b4ae312559a6bb9e75c943291264510

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pattern.svg
telegram.org/img/tgme/ Frame 63AC 225 KB
81 KB 66ms
66ms Image
image/svg+xml 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/tgme/pattern.svg
Requested by: Host: telegram.org
URL: https://telegram.org/css/telegram-web.css?36
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: daa086b24cbd2610eb3261446100ff513a4526c5b2bce41e758629f5cd8a6a20

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://telegram.org/css/telegram-web.css?36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-encoding: gzip
last-modified: Thu, 03 Mar 2022 09:45:08 GMT
server: nginx/1.18.0
etag: W/"62208e24-385d7"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=345600
expires: Fri, 02 Dec 2022 02:02:22 GMT

POST
H/1.1 200
OK / Show response
xn--r1a.website/v/ Frame 63AC 4 B
349 B 189ms
189ms XHR
application/json 95.216.186.40
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://xn--r1a.website/v/

Requested by

Host: telegram.org
URL: https://telegram.org/js/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.186.40 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.40.186.216.95.clients.your-server.de

Software

nginx /

Resource Hash

b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Security Headers

Name	Value
Strict-Transport-Security	max-age=35768000

Request headers

Accept: */*
Referer: https://xn--r1a.website/s/buhoblik_org_ua
X-Requested-With: XMLHttpRequest
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Mon, 28 Nov 2022 02:02:22 GMT
Strict-Transport-Security: max-age=35768000
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-control: no-store
Connection: keep-alive

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 4F4C 2 KB
1 KB 57ms
56ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y4QWrQAOLg8H_Z4CAAKguI-rbeZrOUj-QNc3PA&u=%7CmFnMdRckbN3s%2F2pptoxEehioBxi7CdvAQWy5n%2Be7peg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi6ziEzHnRQPmm8hAoZUVgSTX_AWgdAO64ie0U4sFPu7ENo1NEkSI7vSA5WoTxrzNKnML50pN-1TWlOYhBmsQIxpcBP_L5QrCICDFz7Z39gJ1txSOryi19RL4hdSBm86uGmz73U40V_39wuOM8EXnoi11MmsjPB2ISo9uYgLnBX6449KOmuNZXXeHdBqpgYPIQGWQn3DyWtuRDrL0A4yolUXJUjgN2YkIKnUyUxaqMISmvADaQny-iggkyckufkkaZvmvQpCbywF9LHocTFSBs1LZCU_2K86hqVN0Sby8otZ17Z9kUvhA7aRyP5Oxz8gBvqCBa71n8mzB-XAZYSQqvmVVVwtFOgQfxguRr5TZXzyazvns-Q75pDwUVyCgZy9IdZ3qbtNRGAr8Ctlml9DeEuh03bxcFjUUYWQGSUlHqmkasS5V0dI6OhukPl703Dur6S3PB8KZluqMpGLIX4DvuhbmI_8OKk5wjQi1wKKYJSIhX0zLsXlVMgWfYfnvZrg6sRp_xS5hlbtyM9ToqIAxZ2C0MIB_DPcdKtHDOG0jIPzQyIMamRNCqzKI&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvqv-rRaEY4_cOIK89u8PuMGKmAjJntKxXPWR3r6xAcCNtwEQASAAYJUCggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAv1d4nqfcLE-qAMBqgTkAU_QLAQb2Qe381FP9uz0fhHhby0CxlcP3reS20rLbPaCT6YMgLXhTt8cv6LuPYh2bKvziR9DX733extRFKKpYnbZvZXElIu4G4AtTeFaJ2XMaBMUpRmAun88OBVOc1fOW1XHB-o1QsdPj9rUE8HPtUiyTyUdThTNOq_KU8vyUYQEpi__qA1DXkexk1ijf5O1O-kRtcLNOeMn-tgK8tN1RskzW6lTH_KwnkKh3w_phzpFY9bwmVg4i6nRdTarxKiF_8PSbtdJFUeSEq1TLIakNOuWSJG5S0mNAn0dKNNhp-e0I192yYAGx83PmN-e7an5AaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3KcSMmYDFQJ9dgoaOTW7O-JQTvlQ%26client%3Dca-pub-5630956766216465%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Nov 2023 02:02:22 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame 4F4C 2 KB
1 KB 68ms
68ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Nov 2023 02:02:22 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 4F4C 308 B
636 B 57ms
56ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 23 Nov 2023 02:02:22 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 4F4C 293 B
621 B 57ms
56ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 23 Nov 2023 02:02:22 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame 4F4C 43 B
348 B 211ms
68ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=SSY3MiB1GfGKclueEhCYwN_E1nhGJF-jrE63W2_R5Q0a6WIVU4RdNORP0S8FdoNJLK7XRNKuBt9XqQ5-SujxTKU4FwkhV8wNIC84gXew2wZ5o3YRxU4lUjcSPRL9eYDDBZzo6cScBc65R7cNF6nCMy8lUc3JJrOGBTmqwCPkw2jG3gqs_6EcQr275hWs8F44Gtya8vYv56uoTHhvyu-W9_IItoMTC0z1t7DfdsFCWyPQ7rGvh8f4bgS5Ivo3x8MP2SpgvUmMOaJYwxzGsgWXb-9xRXrGEbJD3d2noQ_9Av9iXCHjeJEnzKG9CpueOI5kyecJ48JAg2VO4wmqKUuu3t6ycls0qN14izebWFmZdL9GcPr3_m4bC2AecGsvcE4jFxx3U0i2mbE3khWgXs7jQTDmmCq5FN0nAzAVVCbD4TTkl2z6eHXuqHPQzlSbckUuz22Dhg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3086516
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame 4F4C 44 B
752 B 282ms
161ms Image
image/gif 2600:9000:214f:b400:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1669600942
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y4QWrQAOLg8H_Z4CAAKguI-rbeZrOUj-QNc3PA&u=%7CmFnMdRckbN3s%2F2pptoxEehioBxi7CdvAQWy5n%2Be7peg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi6ziEzHnRQPmm8hAoZUVgSTX_AWgdAO64ie0U4sFPu7ENo1NEkSI7vSA5WoTxrzNKnML50pN-1TWlOYhBmsQIxpcBP_L5QrCICDFz7Z39gJ1txSOryi19RL4hdSBm86uGmz73U40V_39wuOM8EXnoi11MmsjPB2ISo9uYgLnBX6449KOmuNZXXeHdBqpgYPIQGWQn3DyWtuRDrL0A4yolUXJUjgN2YkIKnUyUxaqMISmvADaQny-iggkyckufkkaZvmvQpCbywF9LHocTFSBs1LZCU_2K86hqVN0Sby8otZ17Z9kUvhA7aRyP5Oxz8gBvqCBa71n8mzB-XAZYSQqvmVVVwtFOgQfxguRr5TZXzyazvns-Q75pDwUVyCgZy9IdZ3qbtNRGAr8Ctlml9DeEuh03bxcFjUUYWQGSUlHqmkasS5V0dI6OhukPl703Dur6S3PB8KZluqMpGLIX4DvuhbmI_8OKk5wjQi1wKKYJSIhX0zLsXlVMgWfYfnvZrg6sRp_xS5hlbtyM9ToqIAxZ2C0MIB_DPcdKtHDOG0jIPzQyIMamRNCqzKI&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvqv-rRaEY4_cOIK89u8PuMGKmAjJntKxXPWR3r6xAcCNtwEQASAAYJUCggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAv1d4nqfcLE-qAMBqgTkAU_QLAQb2Qe381FP9uz0fhHhby0CxlcP3reS20rLbPaCT6YMgLXhTt8cv6LuPYh2bKvziR9DX733extRFKKpYnbZvZXElIu4G4AtTeFaJ2XMaBMUpRmAun88OBVOc1fOW1XHB-o1QsdPj9rUE8HPtUiyTyUdThTNOq_KU8vyUYQEpi__qA1DXkexk1ijf5O1O-kRtcLNOeMn-tgK8tN1RskzW6lTH_KwnkKh3w_phzpFY9bwmVg4i6nRdTarxKiF_8PSbtdJFUeSEq1TLIakNOuWSJG5S0mNAn0dKNNhp-e0I192yYAGx83PmN-e7an5AaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3KcSMmYDFQJ9dgoaOTW7O-JQTvlQ%26client%3Dca-pub-5630956766216465%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:b400:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
via: 1.1 86ef89199388021c33b079c598103b12.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
cross-origin-resource-policy: cross-origin
content-length: 44
pragma: no-cache
server: nginx
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-methods: POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
x-amz-cf-id: 52VDNiiFgQ1ViFBN8tSaMLKU3D6b0LGQ2crgVrwwVwj4lnEYga9lrA==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012211060024000/ 23 KB
8 KB 172ms
57ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-host-v0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7054618d6d88e0ec7d1065f8dcc60911c9ad2cdb1ab832f3a2d4602a9dc5a34

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 21 Nov 2022 18:08:57 GMT
age: 546805
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7860
x-xss-protection: 0
server: sffe
etag: "a403c481d3db7074"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 21 Nov 2023 18:08:57 GMT

GET
H3 200 uk.png
tpc.googlesyndication.com/pagead/images/abg/ Frame C6FA 3 KB
3 KB 173ms
57ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/uk.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 19:08:23 GMT
x-content-type-options: nosniff
server: cafe
age: 24839
etag: 14587847488922671356
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3073
x-xss-protection: 0
expires: Mon, 28 Nov 2022 19:08:23 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame C6FA 344 B
368 B 176ms
61ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 10:22:22 GMT
x-content-type-options: nosniff
server: cafe
age: 56400
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Mon, 28 Nov 2022 10:22:22 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ 227 B
472 B 183ms
58ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=132&profileId=184&cb=89296821994

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

f35c1fd4d91098792209d550e833f22f5f5d0813fbcb33762693b08155095b03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.buhoblik.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.buhoblik.org.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 198

POST
H2 200 cdb Show response
bidder.criteo.com/ 227 B
471 B 181ms
58ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=132&profileId=184&cb=75223844164

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

2972fd0f20df75a566153fc08753822c5497e87e5708165513c35c401ce6413e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.buhoblik.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.buhoblik.org.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 198

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 4A0B 15 KB
15 KB 236ms
119ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 20:40:44 GMT
x-content-type-options: nosniff
age: 192099
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Nov 2023 20:40:44 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 4A0B 15 KB
16 KB 186ms
70ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 16:44:52 GMT
x-content-type-options: nosniff
age: 551851
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Nov 2023 16:44:52 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 4A0B 15 KB
16 KB 172ms
57ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 19:42:15 GMT
x-content-type-options: nosniff
age: 282008
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Nov 2023 19:42:15 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 4F4C 12 KB
6 KB 57ms
56ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Nov 2023 02:02:22 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4F4C 7 KB
7 KB 171ms
56ms Image
image/png 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=556&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F79f2c646e3f74b54931cff1f39d769d0_blue.png&v=3&w=196&s=nkm37OBN4xyh5x9UPHeLVYZl

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

bfcd7a262745ac2a8520d46dbe261c5db424c001970e9ebe83c440bfb48454f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29660677
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6722
expires: Mon, 06 Nov 2023 09:07:00 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4F4C 1 KB
1 KB 224ms
110ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FC%2FlogoMercedes-Benz-AG-237414DE-2106010949.gif%3Feb%3D1&v=3&w=400&s=CmlLSbiWqKPLWam-_BOBNCRi&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

9a73fe4f2b3f00d5f680adb3d4affae2a924b6ae4e8d3ea009c36f2f9177c0ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2512504
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1052
expires: Tue, 27 Dec 2022 03:57:27 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4F4C 4 KB
5 KB 225ms
111ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F5%2FlogoLandeshauptstadt-Stuttgart-188529DE-2209211117.gif%3Feb%3D1&v=3&w=400&s=IotawYJ9mdkd0jzqGaTZ9Ap9&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

bbfd72ec4afe43ac0ce82488bdc79607229b8dd73fcf3d0012e67262130c10e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1945478
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 4462
expires: Tue, 20 Dec 2022 14:27:01 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4F4C 1 KB
1 KB 171ms
57ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FD%2FlogoWissenschaftsstadt-Darmstadt-122888DE.gif%3Feb%3D1&v=3&w=400&s=vPgHQoG-WffKCcGTU9xhrm3C&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

fc58de93a820a0d6b26c24cc445a8bc1834171a3cb2a31abe90084e4161d6520

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1004927
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1156
expires: Fri, 09 Dec 2022 17:11:11 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4F4C 2 KB
2 KB 225ms
111ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FF%2FlogoHAPEKO-Hanseatisches-Personalkontor-GmbH-22545DE-2207151306.gif%3Feb%3D1&v=3&w=400&s=zH_aB-TZcYaKEZXb_Ob_hAoN&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

3af7fe1b576fbbead49a81b51265eeb971e54447ed2809aca0f1eef52214da6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1273472
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2158
expires: Mon, 12 Dec 2022 19:46:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4F4C 3 KB
3 KB 224ms
110ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F4%2FlogoRolls-Royce-Power-Systems-AG-130717DE-1909171210.gif%3Feb%3D1&v=3&w=400&s=tbu9TkCzJDKZZwvCZmMJr1vL&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

a1cc6e5552d7ea09fde7bfce60605e909bdf0deacd60bff122d99f0945048ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1520574
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2606
expires: Thu, 15 Dec 2022 16:25:17 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4F4C 2 KB
2 KB 188ms
188ms Image
image/png 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FL%2FlogoL-Stroetmann-Lebensmittel-GmbH-Co-KG-98628DE.gif%3Feb%3D1&v=3&w=400&s=lifwMDrM71_ay9-b9mOPwNmU&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

d4cee1988179996680eefe132dfa1b960f28f5c23a0e57e921985efd83621618

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=2015386
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1697
expires: Wed, 21 Dec 2022 09:52:09 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4F4C 2 KB
2 KB 93ms
93ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FC%2FlogoAdecco-Deutschland-57598DE-2206101205.gif%3Feb%3D1&v=3&w=400&s=dvNhU4Ck7-p0W-U9324Tt8FS&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

68e85ddf76b98bb06e4fb9e7cef3a0bf4864a5e8235c226e087158ad41e90a00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2478631
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2224
expires: Mon, 26 Dec 2022 18:32:54 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4F4C 2 KB
2 KB 94ms
93ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F8%2FlogoTUV-Rheinland-Group-46685DE.gif%3Feb%3D1&v=3&w=400&s=rZcrVIWxSOFZA_Dtg4vOwnhl&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

fc17fe03b1848f1d6c15e7d1c072d8afb2bc66157d3fe275c2ca8701f79428a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=147
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2160
expires: Mon, 28 Nov 2022 02:04:50 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4F4C 3 KB
3 KB 98ms
97ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F3%2FlogoVolkswagen-Automobile-Berlin-GmbH-75897DE-1910111537.gif%3Feb%3D1&v=3&w=400&s=omneKIWrU_FidOdZnbAcEe3S&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

9dc2d4aa3ebd0c74a199ef3c73a4a6e90ecdcfd2a84c9ddaa71ee8e7f6d388c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1170159
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2958
expires: Sun, 11 Dec 2022 15:05:02 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4F4C 2 KB
2 KB 104ms
103ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FS%2FlogoShell-Germany-171104DE.gif%3Feb%3D1&v=3&w=400&s=gnfYQRexeL6WrS5aePmY7C7q&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

17fb8daa420f517a4e2edfb4a05a152bec043a1c9c55625c318c23d4bc57f015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1277
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1942
expires: Mon, 28 Nov 2022 02:23:40 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 4F4C 0
128 B 191ms
65ms Ping
text/plain 2a02:2638::21
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=Zz_OxZ08eoEb-Q27li2G7iyIYyqKzMlW7d11tbfj1YlAYwDgydYM1Iz5tqWs0DOvhrRBvKUIe026vsgRzZ2jvXqi1fRUykTRAE1KJX77ZcbsNlQ1mNOAjq3yJebee6-D9PYzysFO9EKpa_7A7Z9UBxZlD5Wzl8miVeBWH6OzlUFLTm1LJzRp5WOr7Xt82YyK9KSaY-xHI7fm7vXpjq8u33HbfzmB8xPggPy29xEoYNMMSzj5EsMtwqVlsWtVKDoy_SV5YA&sds=2&rev=83599&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::21 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 4F4C 2 KB
1 KB 56ms
56ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Nov 2023 02:02:22 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 4F4C 2 KB
1 KB 57ms
56ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Nov 2023 02:02:22 GMT

GET
H2 200 e1eee23f36481a69453f.b.js Show response
cdn.admixer.net/scripts3/51428/ 28 KB
11 KB 63ms
61ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/e1eee23f36481a69453f.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 734b1760dd6b1371613bc5f380dc18f0d17ef81c0edf4622d5a1400c7ad9518a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Mon, 28 Nov 2022 02:02:23 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:23:01 GMT
server: nginx
etag: W/"6375fd75-702f"
vary: Accept-Encoding
x-cached-since: 2022-11-17T09:24:10+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 18 Nov 2023 09:24:10 GMT

GET
H2 200 fdabe098f34289659a17.b.js Show response
cdn.admixer.net/scripts3/51428/ 42 KB
18 KB 69ms
68ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/fdabe098f34289659a17.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: f6247007e2b6a2b034c5ac6bb537e9451f7b5ed1dd8a23979068cd4e9160e72b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Mon, 28 Nov 2022 02:02:23 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:23:02 GMT
server: nginx
etag: W/"6375fd76-a793"
vary: Accept-Encoding
x-cached-since: 2022-11-24T10:51:04+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 25 Nov 2023 10:51:04 GMT

GET
H2 200 84011c43c3075e543c6d.b.js Show response
cdn.admixer.net/scripts3/51428/ 13 KB
5 KB 64ms
63ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/84011c43c3075e543c6d.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 1083eef8b7598af7e021ae80d04890c3d02220b616f472acc64656ab024ba484

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Mon, 28 Nov 2022 02:02:23 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:22:54 GMT
server: nginx
etag: W/"6375fd6e-326c"
vary: Accept-Encoding
x-cached-since: 2022-11-24T10:51:04+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 25 Nov 2023 10:51:04 GMT

GET
H2 200 7103cce7fa6705169441.b.js Show response
cdn.admixer.net/scripts3/51428/ 11 KB
4 KB 72ms
71ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/7103cce7fa6705169441.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: da5a6aaf22887d6be1d6aaf85b1bf31db6372817faeef47bd9f21b89fcb78109

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Mon, 28 Nov 2022 02:02:23 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:22:53 GMT
server: nginx
etag: W/"6375fd6d-2a79"
vary: Accept-Encoding
x-cached-since: 2022-11-24T10:51:04+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 25 Nov 2023 10:51:04 GMT

GET
H2 200 f744d5275c14e0b3b41a.b.js Show response
cdn.admixer.net/scripts3/51428/ 216 KB
75 KB 77ms
76ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/f744d5275c14e0b3b41a.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 7dc2f5e7cae7a1e20249f7624c440a190bdc76f3a11ac17e6676cc5acd8eedb4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Mon, 28 Nov 2022 02:02:23 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:23:02 GMT
server: nginx
etag: W/"6375fd76-360b6"
vary: Accept-Encoding
x-cached-since: 2022-11-24T10:51:04+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 25 Nov 2023 10:51:04 GMT

POST
H2 204 events
bidder.criteo.com/csm/ 0
220 B 54ms
54ms Ping
text/plain 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.buhoblik.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 28 Nov 2022 02:02:23 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://www.buhoblik.org.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H/1.1 204
No Content ev_prebid.aspx
inv-nets.admixer.net/ 0
220 B 142ms
114ms Image
text/plain 204.62.13.72
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/ev_prebid.aspx?cc=DE&am-uid=2a357c1d8e964dda95ff7416f24834c4&zone=DAB6BE62-B1E7-4D05-A12C-0A70B3291504&device=28&rule=A115463E-E95D-4D45-91E3-2BE636EF4375&requestId=2a53a283-fda9-4875-a36a-98366b8ff969&hp=-967666016&page=www.buhoblik.org.ua%2F&ts=638051977422142206&ap=MA%3D%3D&asign=-891405884&sync=3%2C51%2C22%2C88&bt=3&carr=Core-Backbone&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=1A4D80BD-B81F-427C-A6F6-12DD363AA495&inst=ADS-NYC-1&pxl=0&pvid=8d42bcd2-4b42-44b0-af91-79abd943566b&ip=82.199.130.41&item=A0F0C54C-7ED4-485E-97FF-9946099AE54A&crid=A0F0C54C-7ED4-485E-97FF-9946099AE54A&size=240x350&profile=A08F3A11-214F-401E-9933-D17F544E4BE0&isopt=0&adv=Criteo+RU&dsp=Criteo+DE&dstUrl=http%3A%2F%2F&cet=18&sw=[e=screen.width]&sh=[e=screen.height]

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

204.62.13.72 Clifton, United States, ASN46636 (NATCOWEB, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 28 Nov 2022 02:02:23 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H/1.1 204
No Content ev_prebid.aspx
inv-nets.admixer.net/ 0
220 B 255ms
113ms Image
text/plain 204.62.13.72
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/ev_prebid.aspx?cc=DE&am-uid=2a357c1d8e964dda95ff7416f24834c4&zone=DAB6BE62-B1E7-4D05-A12C-0A70B3291504&device=28&rule=A115463E-E95D-4D45-91E3-2BE636EF4375&requestId=2a53a283-fda9-4875-a36a-98366b8ff969&hp=-967666016&page=www.buhoblik.org.ua%2F&ts=638051977422142206&ap=MA%3D%3D&asign=-891405884&sync=3%2C51%2C22%2C88&bt=3&carr=Core-Backbone&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=1A4D80BD-B81F-427C-A6F6-12DD363AA495&inst=ADS-NYC-1&pxl=0&pvid=8d42bcd2-4b42-44b0-af91-79abd943566b&ip=82.199.130.41&item=A0F0C54C-7ED4-485E-97FF-9946099AE54A&crid=A0F0C54C-7ED4-485E-97FF-9946099AE54A&size=240x350&profile=A08F3A11-214F-401E-9933-D17F544E4BE0&isopt=0&adv=Criteo+RU&dsp=Criteo+DE&dstUrl=http%3A%2F%2F&cet=17&sw=[e=screen.width]&sh=[e=screen.height]

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

204.62.13.72 Clifton, United States, ASN46636 (NATCOWEB, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 28 Nov 2022 02:02:23 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

POST
H2 204 events
bidder.criteo.com/csm/ 0
220 B 55ms
54ms Ping
text/plain 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.buhoblik.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 28 Nov 2022 02:02:22 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://www.buhoblik.org.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H/1.1 204
No Content ev_prebid.aspx
inv-nets.admixer.net/ 0
220 B 342ms
113ms Image
text/plain 204.62.13.72
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/ev_prebid.aspx?cc=DE&am-uid=2a357c1d8e964dda95ff7416f24834c4&zone=DAB6BE62-B1E7-4D05-A12C-0A70B3291504&device=28&rule=A115463E-E95D-4D45-91E3-2BE636EF4375&requestId=2a53a283-fda9-4875-a36a-98366b8ff969&hp=-967666016&page=www.buhoblik.org.ua%2F&ts=638051977422142206&ap=MA%3D%3D&asign=-891405884&sync=3%2C51%2C22%2C88&bt=3&carr=Core-Backbone&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=1A4D80BD-B81F-427C-A6F6-12DD363AA495&inst=ADS-NYC-1&pxl=0&pvid=8d42bcd2-4b42-44b0-af91-79abd943566b&ip=82.199.130.41&item=B980198E-7D27-4345-9615-F31943C77F0C&crid=B980198E-7D27-4345-9615-F31943C77F0C&size=240x400&profile=346392F6-218B-4A4F-8151-E8B46F15EB2A&isopt=0&adv=Criteo+RU&dsp=Criteo+DE&dstUrl=http%3A%2F%2F&cet=18&sw=[e=screen.width]&sh=[e=screen.height]

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

204.62.13.72 Clifton, United States, ASN46636 (NATCOWEB, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 28 Nov 2022 02:02:23 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H/1.1 204
No Content ev_prebid.aspx
inv-nets.admixer.net/ 0
220 B 342ms
113ms Image
text/plain 204.62.13.72
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/ev_prebid.aspx?cc=DE&am-uid=2a357c1d8e964dda95ff7416f24834c4&zone=DAB6BE62-B1E7-4D05-A12C-0A70B3291504&device=28&rule=A115463E-E95D-4D45-91E3-2BE636EF4375&requestId=2a53a283-fda9-4875-a36a-98366b8ff969&hp=-967666016&page=www.buhoblik.org.ua%2F&ts=638051977422142206&ap=MA%3D%3D&asign=-891405884&sync=3%2C51%2C22%2C88&bt=3&carr=Core-Backbone&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=1A4D80BD-B81F-427C-A6F6-12DD363AA495&inst=ADS-NYC-1&pxl=0&pvid=8d42bcd2-4b42-44b0-af91-79abd943566b&ip=82.199.130.41&item=B980198E-7D27-4345-9615-F31943C77F0C&crid=B980198E-7D27-4345-9615-F31943C77F0C&size=240x400&profile=346392F6-218B-4A4F-8151-E8B46F15EB2A&isopt=0&adv=Criteo+RU&dsp=Criteo+DE&dstUrl=http%3A%2F%2F&cet=17&sw=[e=screen.width]&sh=[e=screen.height]

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

204.62.13.72 Clifton, United States, ASN46636 (NATCOWEB, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 28 Nov 2022 02:02:23 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H3 200 rVlqs_C6MEoymNIgrpYBY2eJfhVJuMjEUeWab4z9yRM.js Show response
pagead2.googlesyndication.com/bg/ Frame B6F1 36 KB
16 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rVlqs_C6MEoymNIgrpYBY2eJfhVJuMjEUeWab4z9yRM.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad596ab3f0ba304a3298d220ae96016367897e1549b8c8c451e59a6f8cfdc913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 16:03:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35925
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15986
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 27 Nov 2023 16:03:38 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 039D 42 B
64 B 91ms
91ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstdNiuroaRjjsGdgp0Y0LiobmCaKJLtfMV1zNktsLs9nyI9e-RD2i2PqeOG5hLdnIyntaWfMOb0_Vfe4aFE0yhtskYq&sig=Cg0ArKJSzJLvvyIYHwrBEAE&id=lidar2&mcvt=1000&p=0,0,280,730&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3078983205&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1669600941828&rpt=822&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 02:02:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 74ms
74ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221110&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f5028a0d4b7f9ed0db437749337169b2f4207947e8f02812b6a875e07b7fb70b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10964
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame B5FC 15 KB
6 KB 168ms
56ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.buhoblik.org.ua

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

d0f07190791630edc058ad6e5a33a3cda6a8f85c470e593ce0bbed46ffec148b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 02:02:22 GMT
server: Kestrel
server-processing-duration-in-ticks: 840846
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 64ms
64ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 28 Nov 2022 02:02:23 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CAC1 13 KB
5 KB 58ms
56ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 18834
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Nov 2022 20:48:29 GMT
expires: Mon, 27 Nov 2023 20:48:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 57D0 783 B
1 KB 187ms
66ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8926db0008a31630931b8a34a00a138f05bc044b357e2b49a2f9ab74f29a2a6c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zkKdwErq7ylGO_O4uNOpvQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-zkKdwErq7ylGO_O4uNOpvQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 02:02:24 GMT
expires: Mon, 28 Nov 2022 02:02:24 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

200

sid Show response
mug.criteo.com/ Frame B5FC
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=buhoblik.org.ua&sn=ChromeSyncframe&so=0&topUrl=www.buhoblik.org.ua&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=iG91QXx3RjdRS3BteHI4R0xqdkZGV0lLa3BEamZXYmQyRXdRYWdDRy9EcE5ZMVpqTTNuQmF2eFhSdjB1SzBlcXdFNjFReDNKdEQ4cUFsRWpoNThiNWNjSDVRV2tYcDFNN2Z3bmdIUkVNYUhQay9jVFJKUm5BMm1uNDBUYW...

435 B
649 B

187ms
58ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=iG91QXx3RjdRS3BteHI4R0xqdkZGV0lLa3BEamZXYmQyRXdRYWdDRy9EcE5ZMVpqTTNuQmF2eFhSdjB1SzBlcXdFNjFReDNKdEQ4cUFsRWpoNThiNWNjSDVRV2tYcDFNN2Z3bmdIUkVNYUhQay9jVFJKUm5BMm1uNDBUYWtZaG52SWdQZFE4dWhWSy9saE5VcFRGemlUdVpUYUV0K3VGTFpBZXA0Q0ZYQ1ROQ1d4eWlZYWpOdFpHZENrRFhyekdQUXNQb3NMUnFEV0FSTE5TcWZ5cEliV3VzaHhBaHR1NVBCbWVDWlBWcUc4NWFlenRmNVVLSHJKblR2MXNTU25MZU9YK2FFeHMrKzR6S0hqUWdsS21MMU50dTdWQT09fA&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

972f607a46a46534fb61ede1102dac42e037d801c96f56f7e5fc3714802b7518

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 02:02:23 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1719271
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 28 Nov 2022 02:02:23 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=iG91QXx3RjdRS3BteHI4R0xqdkZGV0lLa3BEamZXYmQyRXdRYWdDRy9EcE5ZMVpqTTNuQmF2eFhSdjB1SzBlcXdFNjFReDNKdEQ4cUFsRWpoNThiNWNjSDVRV2tYcDFNN2Z3bmdIUkVNYUhQay9jVFJKUm5BMm1uNDBUYWtZaG52SWdQZFE4dWhWSy9saE5VcFRGemlUdVpUYUV0K3VGTFpBZXA0Q0ZYQ1ROQ1d4eWlZYWpOdFpHZENrRFhyekdQUXNQb3NMUnFEV0FSTE5TcWZ5cEliV3VzaHhBaHR1NVBCbWVDWlBWcUc4NWFlenRmNVVLSHJKblR2MXNTU25MZU9YK2FFeHMrKzR6S0hqUWdsS21MMU50dTdWQT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 443924
content-length: 0
expires: 0

GET
H3 200 rVlqs_C6MEoymNIgrpYBY2eJfhVJuMjEUeWab4z9yRM.js Show response
pagead2.googlesyndication.com/bg/ Frame CAC1 36 KB
16 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rVlqs_C6MEoymNIgrpYBY2eJfhVJuMjEUeWab4z9yRM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad596ab3f0ba304a3298d220ae96016367897e1549b8c8c451e59a6f8cfdc913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 16:03:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35925
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15986
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 27 Nov 2023 16:03:38 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 4F4C 0
127 B 62ms
61ms Ping
text/plain 2a02:2638::21
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::21 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 28 Nov 2022 02:02:23 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame CAC1 0
10 B 56ms
56ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?tceiOQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 02:02:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 57D0 0
0 90ms
90ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221110&jk=4020127919388397&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H/1.1 204
No Content logcz.aspx
inv-nets.admixer.net/ 0
220 B 113ms
113ms Image
text/plain 204.62.13.72
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/logcz.aspx?zone=dab6be62-b1e7-4d05-a12c-0a70b3291504

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

204.62.13.72 Clifton, United States, ASN46636 (NATCOWEB, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 28 Nov 2022 02:02:24 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 94ms
94ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221110&jk=4020127919388397&bg=!ICOlI2fNAAbvMpMzzzI7ACkAdvg8WjBlQvmhrUJ3v7PXCkA1g0soDZ6sMTOOjKea-8MyMw5sLTvLEAIAAABIUgAAAAJoAQcKAN9Iuhafcgoy6Us_lxRo-1p8Zh8xCdsck2hfJjD4Ovsxlem7limgrKM6sz2SKgNZjayUK1EoBblIuFewN_TJa_X1xeeIkeRcG_XznemPsrv6a8vafPrGfZkPLuTV07uQeVQoPm61RamEABZLVDrWTON4xVv2erP74GjrIx9XMRlTj5flsCGP8rq48c4kC89_eK4qop_OkT75yMT2eSh2_T_ONLXEIFXDFtzv5XawHcNXdWVKPDedztjwG7TNOwv5q0t5aG96U2EelaMJM6XOwNqEY_e1JdfJ_sA0OMbtKv1amQKhLhHu7udcT8iia1T9VFTvDdiauImjlznc9vnpmlZKmoOLTjRmmVnbGhVdCSRxq5LN5ntv4mA9sceYGqsHe52NGGo2y9HYPhKYhYiVnD1VVqrJxwfOEtkbM_FNWhy5Hcg1m8AiM-WJ5KwV4z-YJG08YXA3fd1SQ0LIhqqSLE_7K_6cnax203EdkhueclNsfb43X0z48cd7Z4kE-GdSmK-uFHXllRgzre_S85zMe_C2zP8Agp_mVKgJwqm4uoS5NzFfnIAHWTMPlyQrGxSNMkHjVkoLxvk76gRtfZSs9M1jYrMWDw4XF54BnR7k26_gSV_AMhrW124zQ8Dj1UZwTciBszMA78vCznWqKrP80BBQS9nmtCjsIMc5ghJL9g-fFE-BKdVswgcYh7il9_LYY6uCiAsF4Wd0TOIDaFRhNOltZKepCQ8552dhHIfB9zUIxnk5v8eUujk5HkU_Q6a95tqSbjmLYDAOZMiRf6jm03W0aQi2dCqjkPpMyV4Ltp7JjQCDs1gqoE2H6xcEmyFUxF7RYgPQ0rdblPoLP4ZRAjw0wgWfXmbNuM5xW-Js-3RqFgs0w3ZsAld61efWSp6KE0-Be-bwlf4_L83KoV4pU0NPu7aGCP7MJEzSZLsP1mMEODtp2ixm22veGyFlk2j9n-hlE0xQrQ9TERrZuuke9ROH0GJYVQD3d4Y9u_FjWZjxyLXVfYjfsDRS4LfjdYToDkCPPQVPPMtXgLTEapiDp9vxvOZn0s5pqjNCfvyxqtGe8QpNOyNAUsT0OwC7DktfYISS-bQbWIpUPWExW-t7oMuNnkxxHQPMTNg-9EmR6PJPHto2eFKfBEo2bAKT6-X2ujuSilD4znyUOYTa_wMEwXWDbbtJTT4N7dGStFeUkNH6D1RMgA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.admixer.net/bs	1970-01-20 09:56:16	Name: am-uid Value: 2a357c1d8e964dda95ff7416f24834c4
www.buhoblik.org.ua/	1969-12-31 23:59:59	Name: 54328dacc8285ec61fa19f90fac03db6 Value: 78c36315c076e610d8fe6cf2db6c46e1
.buhoblik.org.ua/	1970-01-20 17:22:40	Name: __utma Value: 21695912.873224747.1669600942.1669600942.1669600942.1
.buhoblik.org.ua/	1969-12-31 23:59:59	Name: __utmc Value: 21695912
.buhoblik.org.ua/	1970-01-20 12:09:28	Name: __utmz Value: 21695912.1669600942.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.buhoblik.org.ua/	1970-01-20 07:46:41	Name: __utmt Value: 1
.buhoblik.org.ua/	1970-01-20 07:46:42	Name: __utmb Value: 21695912.1.10.1669600942
www.buhoblik.org.ua/	1969-12-31 23:59:59	Name: Value: store.test
.buhoblik.org.ua/	1970-01-20 17:08:16	Name: __gads Value: ID=24b0283f712c4352-2299e5aaa2d700e3:T=1669600941:RT=1669600941:S=ALNI_Mbb_bq16eAbl3cuuhzhsDx0le32yw
.buhoblik.org.ua/	1970-01-20 17:08:16	Name: __gpi Value: UID=00000b893678d895:T=1669600941:RT=1669600941:S=ALNI_MY7hfWufEXXW6bdboRfXP47VAJzcg
xn--r1a.website/	1970-01-20 07:48:07	Name: stel_ssid Value: 418fdf43ea8237c3e4_6974391467951924922
.admixer.net/	1970-01-20 09:56:16	Name: am-uid Value: 2a357c1d8e964dda95ff7416f24834c4
www.buhoblik.org.ua/	1970-01-20 07:56:45	Name: am-uid Value: 2a357c1d8e964dda95ff7416f24834c4
.doubleclick.net/	1970-01-20 17:08:16	Name: IDE Value: AHWqTUnzNlSNh9zSXvwoi-zMKFLRCWdaA4L-1GIKQ1ujwYSaUyoxqeF4UnTK6-vr-dk
.bidswitch.net/	1970-01-20 16:32:16	Name: tuuid Value: 10ca0609-e3e3-499c-90cf-e6393d81ef4f
.bidswitch.net/	1970-01-20 16:32:16	Name: c Value: 1669600942
.bidswitch.net/	1970-01-20 16:32:16	Name: tuuid_lu Value: 1669600942
.adnxs.com/	1970-01-20 09:56:16	Name: uuid2 Value: 1345165639943175130
.pubmatic.com/	1970-01-20 07:48:07	Name: KTPCACOOKIE Value: YES
.creativecdn.com/	1970-01-20 16:32:16	Name: u Value: kXRPzyhPlDIWXSksqDmm
.creativecdn.com/	1970-01-20 16:32:16	Name: ts Value: 1669600942
.pubmatic.com/	1970-01-20 09:56:16	Name: SyncRTB3 Value: 1670803200%3A220
.pubmatic.com/	1970-01-20 09:56:16	Name: KADUSERCOOKIE Value: C34570C6-7A21-45F9-9B59-8599C0BE514F
.rqtrk.eu/	1970-01-20 07:56:45	Name: browser_id Value: 1:8b06e951-1c92-4cf8-a5d2-0b95138c6281
.pubmatic.com/	1970-01-20 07:48:07	Name: pi Value: 160846:3
.pubmatic.com/	1970-01-20 09:56:16	Name: chkChromeAb67Sec Value: 2
.criteo.com/	1970-01-20 17:08:16	Name: uid Value: c288a7b8-67f4-4434-a0da-219cbb960235
.buhoblik.org.ua/	1970-01-20 17:08:16	Name: cto_bundle Value: bVBsoF9BTUdtSmhhNlMlMkJJMyUyRkE5NjVEUksyZzE5VlhQTXdkQVRmcWNkRk1rNjNHdTdicWdrSGVTR3pkZ0lnQiUyRmdXJTJGWkN2YUkwZW5URjJYUFdtdUw4RU45cE5aalFZREtGS2NYZmJ2aExCQlpVd0ZXalpKY2E0JTJCc0RUaEJPZjM5UzNXUlpKUlA5bjNwWkpEQXU5UU1nWWhvOHhBJTNEJTNE

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1669600940&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669600941561&bpp=3&bdt=683&idt=259&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8032909778416&frm=20&pv=1&ga_vid=873224747.1669600942&ga_sid=1669600942&ga_hid=1997540141&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C44770881%2C44777815&oid=2&pvsid=4020127919388397&tmod=798597004&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=OTju3rWFtq&p=https%3A//www.buhoblik.org.ua&dtd=266 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.com
adservice.google.de
avto-oblik.com.ua
bidder.criteo.com
buhoblik.org.ua
cat.fr.eu.criteo.com
cdn.admixer.net
cdn.ampproject.org
cdn4.telegram-cdn.org
cm.g.doubleclick.net
creativecdn.com
csm.eu.criteo.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
inv-nets.admixer.net
m.trafmag.com
mug.criteo.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
prebid-eu.creativecdn.com
rtb.fr.eu.criteo.com
secure-gl.imrworldwide.com
ssl.google-analytics.com
static.criteo.net
telegram.org
tpc.googlesyndication.com
ws.rqtrk.eu
www.buhoblik.org.ua
www.google.com
www.google.com.ua
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
xn--r1a.website
141.95.97.231
142.250.184.194
178.250.0.157
178.250.0.160
185.184.8.90
185.64.189.110
185.64.190.79
185.83.142.19
193.200.65.6
198.47.127.20
2001:41d0:602:3b8e::
2001:67c:4e8:f004::9
204.62.13.72
2600:9000:214f:b400:1e:a43d:b640:93a1
2a00:1450:4001:808::2002
2a00:1450:4001:811::2003
2a00:1450:4001:811::2008
2a00:1450:4001:812::2002
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2004
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2001
2a00:1450:4001:830::2002
2a00:1450:4001:830::2003
2a00:1450:4001:831::2002
2a00:1450:4001:831::200a
2a02:2638:1::13
2a02:2638:1::1a
2a02:2638:1::3
2a02:2638::2
2a02:2638::21
2a02:2638::b
2a02:2638::c
2a03:90c0:41:2801::62
2a06:6440:0:2d02::1
34.111.35.152
52.29.215.78
95.216.186.40
002a93857ca724d4828a347c2b419a56eabfd275f206a5febc48246ccfe5830d
052155039c13b233f324882bd10dc38150b5bd74fb44f27c0ead4d518fbc901b
066500e00bcf6a8660ebb9d0b4cf02114fbce3150b250e1fcc6e872f71c4c85a
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0f207100aa3d7211bce9ad48d93781f0c069df7c12a729b6f6ffc5f90bf62eca
1083eef8b7598af7e021ae80d04890c3d02220b616f472acc64656ab024ba484
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
17fb8daa420f517a4e2edfb4a05a152bec043a1c9c55625c318c23d4bc57f015
1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0
1c4bb4b37f05bc5752d618ab4828f2a6749b9046ddec75fbc50d7943befd31e6
1d08840a75c155fca6642bcc3d7ecc34497f6e0d19d030b1f2e0e249c753cfa3
1da67e20c0a4ac1486f38f01e01cdb805992a3f857ef49dccd9529e6b7571d0c
1f25251c35bda9c440ec8242d7fe99f4c421f8674dc5f5b9916b932ce7f4953f
1f44a512b87b9a63da9b969a44054d0264649b776d682894db413f1d3c45aa28
2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6
25acfe84806b66b7cd6fa3c4f94183e78a32025415c2bd01d3dfb16340ab2e47
26345a9625172670562d7ab2395db6bd15311e0f6cf5e66f2b4478bd994a7f6d
270da210042927d64ae9d90ac346efb9251673a97dca3bce20cb86bac11fe8de
281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340
2972fd0f20df75a566153fc08753822c5497e87e5708165513c35c401ce6413e
2c9a2879929c9fdef7095f7a7e50abcce73f7479a9739e30be86f9cc5bb5de64
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32ae77196cf412d763b87b2aa85b038f536201a0df7164ed74581402b4733511
33a2f32349a6984f77f2cd427708c9ae0002bfc90594182bbc809b71ee0cdfde
360937ad284033aad16f203ee44b9659aa0beaf952f6bc2ecaed1e2b130f2e49
377d27d86822418762eb956a7d4eec9823d6a9d3fd6f6d3ca0d63fdf374a0b69
3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888
3ab6bdc45b9e7ecded30d4f1c7b2215e990f446f331d3b646dffd6bb2c081c1c
3af7fe1b576fbbead49a81b51265eeb971e54447ed2809aca0f1eef52214da6d
3e70e149a35f394bb78ef7842de11a06359fed7828f30331594a28d196c54012
41b5c3b25f4258190937deb900fa57a6db6d450ce7dd2af2259af760119a1c41
4270dba3c611a8728db0c1788167423d3d3fd76d3620e6e33194f1515743aa80
4a003dc58f3e95a18e44712b9161181319e6a40613242cbcac158f6dc8d7339d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
536dab3f6cefa51f81e172ead35c79e2de704da110f4ee6e8286c3fa782467f2
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5abe4ec1b14120ec963c7bec8267ed0bbdcd52694f48daf0f1a57279748a1c6a
5c6269d98660443db9f9578af480b83a1c511c5a3a24602492fec3fd3dde2b62
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
5f87e2c65587da1947f98df650a5cb14b9ec2c76731e8e93ef875acd1299327e
5fe75d0fb01c62e14b75d418f8e5bb6e413e49610f564e90248669d7e3513403
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69
66c2228852043aa80c2a6ed1489557620b6f4f1daefb74ee035e0f4713437a15
680f6e9a0e9f9d8c145e11d6937f688ff4299215d44bf0a54368ffc6acdbfc51
68e85ddf76b98bb06e4fb9e7cef3a0bf4864a5e8235c226e087158ad41e90a00
6a82502c1baab28ba6f410aa012fff53bd4f01d8de430e54589e583a0dc3ce80
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
715bf308061c5de7a70365cff0a647d085c3bec4d0a127ce8a71d2efba610a86
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
734b1760dd6b1371613bc5f380dc18f0d17ef81c0edf4622d5a1400c7ad9518a
7728946db189aa5afd0b17d585fd24521909793a688ec2ef72c019a8bf92dc97
78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
7dc2f5e7cae7a1e20249f7624c440a190bdc76f3a11ac17e6676cc5acd8eedb4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974
8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d
863becff90bf1df06057ece7de31b1873e4b7a56e7b5b2e2d8b48fd10b44c228
87f31cded62015a1d11cce6be7a32b77405de2fb36f4b8a7c2c5a4ccabd6a403
88467b23c1044f571783e76997720036df1c0a9925eee5f428c7ff150fa7da56
8926db0008a31630931b8a34a00a138f05bc044b357e2b49a2f9ab74f29a2a6c
89c114dc23d61c6b428f26c214e96d1fd49b43c8f777c8fcbb9ffdee7a84d81f
8dfbfa16c85400143f85eb24eef8df723fd19c190f841c2c5ff22b8d0a5eeb09
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178
8f134d02dbaaa69fde869549843924df75159df9a772686e86d6621235df5f61
94ee379c2fd3a709a328f067157f8845510400db1fd4825ad1e491efb4d47f69
972f607a46a46534fb61ede1102dac42e037d801c96f56f7e5fc3714802b7518
9a73fe4f2b3f00d5f680adb3d4affae2a924b6ae4e8d3ea009c36f2f9177c0ea
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9dc2d4aa3ebd0c74a199ef3c73a4a6e90ecdcfd2a84c9ddaa71ee8e7f6d388c7
9f40990683165a6c0b9eabab4ffbb1b6a2fb9617b2fe3101ee64299245dfe743
a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1cc6e5552d7ea09fde7bfce60605e909bdf0deacd60bff122d99f0945048ab4
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4d35007c83b3689910808811412e63293a2ae2abf1180a2dbaf4b3f7bb91ce9
a5669688020ce830e03d9cf7f5e76e649b21cd2a52acb418c16fa10b7df9db1d
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
ad596ab3f0ba304a3298d220ae96016367897e1549b8c8c451e59a6f8cfdc913
b15281d85ac9fa9a3e3618fe1e7eb9284acedd8f66de03c8f690b34e17e9b79e
b4dc7118464c434f7caac42fd0535dac1102dfcace0feb4c35e3bb29594b14c3
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b7054618d6d88e0ec7d1065f8dcc60911c9ad2cdb1ab832f3a2d4602a9dc5a34
b7842df77c4fd8574cb1a844719cf11a5fd1e14db38d2c0a5fe7c515fdc64f38
b7b093955e7487be1bbec86d8a7ab2012c4716b5cf31b2b6df500edc04c06255
b87673d5f4085602ca52a2a9f1e923a436cfd682dce3050cf78fb11630e8f682
bbfd72ec4afe43ac0ce82488bdc79607229b8dd73fcf3d0012e67262130c10e0
bce2f309470952b7affa62ff4d91b454334c68cefa541429b502904d20696875
bda0abf7f8615298475242a005ccfc0bfe887c43a71555288c4fd42d42d380f8
bee3c5a62a6bf13e063add2528bbce5c0b4ae312559a6bb9e75c943291264510
bf373aac619e59eb859f1d3a6bd256e380a6d6e63c3cff8ce5f9f6cbea9bfd88
bfcd7a262745ac2a8520d46dbe261c5db424c001970e9ebe83c440bfb48454f7
c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f
c6d254ee6b05a14666952b2b7629dedc518103bfed8a8d6ee0c1cbe28f76c6fd
cf80c6f6f5c71b1904aa07c176da26b9713bc4c763e42c09408ee1de5a509abd
cf834601aa3e59f6a61453790dc88447b3d3910cc297be5f7891c41cc0ca21e9
d028ff06991dab0e77014a91995a9c0d6672a90e68edc339cd62a566fe361ace
d097bda59092b06b5bb3051bbef1791e8a7fc533a5aa62e40e898b3ec9308249
d0f07190791630edc058ad6e5a33a3cda6a8f85c470e593ce0bbed46ffec148b
d130141331999d0830ff4d31900720d58382d820f5a6df810780193a4cb0eccc
d4cee1988179996680eefe132dfa1b960f28f5c23a0e57e921985efd83621618
d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd
da5a6aaf22887d6be1d6aaf85b1bf31db6372817faeef47bd9f21b89fcb78109
daa086b24cbd2610eb3261446100ff513a4526c5b2bce41e758629f5cd8a6a20
dd6e691a27d07125e04993917cfb3f75ac9d8926f6b66d7c2e45368aa130e660
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b7033bdd850b9dd9847fb31e63627e352e38a3cb5cf5a483ca3d2cc1093c58
e59d8c09b277f6914f2ff5b4f28a68e60f162530bb5eb6025763955f132fb93b
e5eb27dce9681337b02a363fa1ffb28b0889ced23e0eba592fea3db0f76d2417
eb46d82ef6f86859f18e379660e0f45b85c6f69fa97111905f0c125a08506376
ecd2e45fcd6ed0f17eaefccd72cdb8253be8673636adcbf3f8902aeeed654fe2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f35c1fd4d91098792209d550e833f22f5f5d0813fbcb33762693b08155095b03
f5028a0d4b7f9ed0db437749337169b2f4207947e8f02812b6a875e07b7fb70b
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6247007e2b6a2b034c5ac6bb537e9451f7b5ed1dd8a23979068cd4e9160e72b
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fc17fe03b1848f1d6c15e7d1c072d8afb2bc66157d3fe275c2ca8701f79428a2
fc58de93a820a0d6b26c24cc445a8bc1834171a3cb2a31abe90084e4161d6520
fd6b2a5cea9e9c3918ec4081a13c2b8a7f70ffaadcbeeb03bbe17b35d4d44712
fea9410090e77370f2d0d4d67902794536bada2b9db8bb8b5fa859c65d2c4e2c

www.buhoblik.org.ua Open in urlscan Pro 2a06:6440:0:2d02::1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

151 Requests

96 %HTTPS

65 %IPv6

26 Domains

42 Subdomains

34 IPs

8 Countries

2502 kBTransfer

5412 kBSize

28 Cookies

0 Outgoing links

Page URL History

Redirected requests

151 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.buhoblik.org.ua Open in urlscan Pro
2a06:6440:0:2d02::1 Public Scan

Screenshot
Live screenshot

Full Image

151
Requests

96 %
HTTPS

65 %
IPv6

26
Domains

42
Subdomains

34
IPs

8
Countries

2502 kB
Transfer

5412 kB
Size

28
Cookies

151 HTTP transactions
10 data transactions