1plus1.ua Open in urlscan Pro
195.137.240.100 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://control.1plus1.ua/
Effective URL:
https://1plus1.ua/
Submission: On May 15 via automatic, source certstream-suspicious (May 15th 2021, 11:12:35 pm UTC)

Summary HTTP 369 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 94 IPs in 14 countries across 91 domains to perform 369 HTTP transactions. The main IP is 195.137.240.100, located in Ukraine and belongs to ASN-UNIAN, UA. The main domain is 1plus1.ua.
TLS certificate: Issued by R3 on May 9th 2021. Valid for: 3 months.

This is the only time 1plus1.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	195.137.240.100 195.137.240.100	29389 (ASN-UNIAN) (ASN-UNIAN)
14	195.137.240.88 195.137.240.88	29389 (ASN-UNIAN) (ASN-UNIAN)
17	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
4	213.174.135.2 213.174.135.2	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2	195.137.240.12 195.137.240.12	29389 (ASN-UNIAN) (ASN-UNIAN)
5	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
4	2a03:90c0:41:... 2a03:90c0:41:2801::254	199524 (GCORE) (GCORE)
3	195.137.240.19 195.137.240.19	29389 (ASN-UNIAN) (ASN-UNIAN)
1	99.86.242.11 99.86.242.11	16509 (AMAZON-02) (AMAZON-02)
30	195.137.240.20 195.137.240.20	29389 (ASN-UNIAN) (ASN-UNIAN)
12	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1 4	146.59.10.80 146.59.10.80	16276 (OVH) (OVH)
1	194.247.175.38 194.247.175.38	196831 (BEMOBILE-AS) (BEMOBILE-AS)
1	194.247.175.26 194.247.175.26	196831 (BEMOBILE-AS) (BEMOBILE-AS)
2	2a03:2880:f01... 2a03:2880:f016:14:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
5	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	13.224.95.38 13.224.95.38	16509 (AMAZON-02) (AMAZON-02)
7	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
4	2a0c:5c81:514... 2a0c:5c81:5142::2	55081 (24SHELLS) (24SHELLS)
1	13.32.6.14 13.32.6.14	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
3 8	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	2a0c:5c81:509... 2a0c:5c81:5095:0:225:90ff:fefa:245d	55081 (24SHELLS) (24SHELLS)
1 1	162.55.6.210 162.55.6.210	24940 (HETZNER-AS) (HETZNER-AS)
4 14	62.149.0.72 62.149.0.72	15497 (COLOCALL ...) (COLOCALL Internet Data Center _ColoCALL_)
2	193.200.65.5 193.200.65.5	6681 (GIVEME-CLOUD) (GIVEME-CLOUD)
1	37.18.16.16 37.18.16.16	205675 (HYBRID-AS) (HYBRID-AS)
8	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f116:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
2 3	185.184.8.30 185.184.8.30	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1 2	46.249.52.249 46.249.52.249	50673 (SERVERIUS-AS) (SERVERIUS-AS)
4	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
3	104.109.91.53 104.109.91.53	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	37.157.4.25 37.157.4.25	198622 (ADFORM) (ADFORM)
2	185.59.220.198 185.59.220.198	60068 (CDN77 (^_^)/) (CDN77 (^_^)/)
1	2a0c:5c81:513... 2a0c:5c81:5139::2	55081 (24SHELLS) (24SHELLS)
1 1	52.203.5.125 52.203.5.125	14618 (AMAZON-AES) (AMAZON-AES)
4	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
2	67.202.110.33 67.202.110.33	32748 (STEADFAST) (STEADFAST)
5 5	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
8 12	185.33.220.244 185.33.220.244	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	216.52.2.48 216.52.2.48	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1 3	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	146.0.227.110 146.0.227.110	20773 (GODADDY) (GODADDY)
1	185.255.84.150 185.255.84.150	200271 (IGUANE-) (IGUANE-)
1 2	188.42.196.115 188.42.196.115	7979 (SERVERS-COM) (SERVERS-COM)
1 13	18.158.173.146 18.158.173.146	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
2 2	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
8	5.178.65.245 5.178.65.245	50673 (SERVERIUS-AS) (SERVERIUS-AS)
3 3	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
3 5	76.223.111.131 76.223.111.131	16509 (AMAZON-02) (AMAZON-02)
5	5.178.65.253 5.178.65.253	50673 (SERVERIUS-AS) (SERVERIUS-AS)
1	2606:4700::68... 2606:4700::6810:ef3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.170.39.52 35.170.39.52	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:fa8:8806... 2a02:fa8:8806:16::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 3	168.119.146.39 168.119.146.39	24940 (HETZNER-AS) (HETZNER-AS)
3	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
3 4	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1 1	88.214.206.142 88.214.206.142	46636 (NATCOWEB) (NATCOWEB)
1 1	23.79.143.124 23.79.143.124	16625 (AKAMAI-AS) (AKAMAI-AS)
2	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:812::2006	15169 (GOOGLE) (GOOGLE)
8 18	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
6 18	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	194.213.62.34 194.213.62.34	5588 (GTSCE GTS...) (GTSCE GTS Central Europe / Antel Germany)
2	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1 1	159.253.128.188 159.253.128.188	36351 (SOFTLAYER) (SOFTLAYER)
2 3	37.157.6.242 37.157.6.242	198622 (ADFORM) (ADFORM)
1 2	13.224.95.123 13.224.95.123	16509 (AMAZON-02) (AMAZON-02)
2 2	18.158.191.20 18.158.191.20	16509 (AMAZON-02) (AMAZON-02)
2	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 3	185.29.135.190 185.29.135.190	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	104.111.237.88 104.111.237.88	16625 (AKAMAI-AS) (AKAMAI-AS)
17	2606:4700:10:... 2606:4700:10::6816:1957	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5 6	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1	199.232.137.44 199.232.137.44	54113 (FASTLY) (FASTLY)
1	154.57.158.51 154.57.158.51	26558 (FREEWHEEL) (FREEWHEEL)
2 2	2a05:d018:24:... 2a05:d018:24:b002:ebbe:4057:3491:6f67	16509 (AMAZON-02) (AMAZON-02)
2 2	34.252.115.248 34.252.115.248	16509 (AMAZON-02) (AMAZON-02)
1	18.198.69.109 18.198.69.109	16509 (AMAZON-02) (AMAZON-02)
1 1	151.1.205.165 151.1.205.165	3242 (ASN-ITNET) (ASN-ITNET)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	35.201.81.244 35.201.81.244	15169 (GOOGLE) (GOOGLE)
1	89.163.159.103 89.163.159.103	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
4 5	34.253.109.165 34.253.109.165	16509 (AMAZON-02) (AMAZON-02)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	3.120.52.200 3.120.52.200	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2	54.77.62.253 54.77.62.253	16509 (AMAZON-02) (AMAZON-02)
2 3	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
1 1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	34.237.161.69 34.237.161.69	14618 (AMAZON-AES) (AMAZON-AES)
1 2	52.95.118.60 52.95.118.60	16509 (AMAZON-02) (AMAZON-02)
2 2	23.45.99.241 23.45.99.241	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.49.62.42 52.49.62.42	16509 (AMAZON-02) (AMAZON-02)
1 2	52.46.130.13 52.46.130.13	16509 (AMAZON-02) (AMAZON-02)
1 1	54.234.240.118 54.234.240.118	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.226.160.243 54.226.160.243	14618 (AMAZON-AES) (AMAZON-AES)
4 4	3.127.92.82 3.127.92.82	16509 (AMAZON-02) (AMAZON-02)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
7	2606:4700:20:... 2606:4700:20::ac43:47f1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	212.129.3.112 212.129.3.112	12876 (Online SAS) (Online SAS)
1	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1	52.215.139.246 52.215.139.246	16509 (AMAZON-02) (AMAZON-02)
1	35.156.19.236 35.156.19.236	16509 (AMAZON-02) (AMAZON-02)
2 2	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (TURN) (TURN)
1 4	54.194.226.253 54.194.226.253	16509 (AMAZON-02) (AMAZON-02)
4 4	51.89.21.10 51.89.21.10	16276 (OVH) (OVH)
2	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f016:b:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
369	94

15 195.137.240.100 (Ukraine) 1 redirects

ASN29389 (ASN-UNIAN, UA)
PTR: front03.1plus1.ua

control.1plus1.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1plus1.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 195.137.240.88 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: front02.1plus1.ua

1plus1.video	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.1plus1.video	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.174.135.2 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

player.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.137.240.12 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: assay.1plus1.ua

assay.1plus1.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:90c0:41:2801::254 (Frankfurt am Main, Germany)

ASN199524 (GCORE, LU)

cdn.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 195.137.240.19 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: l1-izi-02.1plus1.net

l1.heyhelga.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.242.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-242-11.vie50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 195.137.240.20 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: images.1plus1.ua

images.1plus1.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.1plus1.video	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.59.10.80 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip80.ip-146-59-10.eu

gaua.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.247.175.38 (Ukraine)

ASN196831 (BEMOBILE-AS, UA)

source.mmi.bemobile.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.247.175.26 (Ukraine)

ASN196831 (BEMOBILE-AS, UA)

pa.tns-ua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f016:14:face:b00c:0:3 (Warsaw, Poland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.95.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-38.zrh50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a0c:5c81:5142::2 (London, United Kingdom)

ASN55081 (24SHELLS, US)

ghb.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.6.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-6-14.vie50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0c:5c81:5095:0:225:90ff:fefa:245d (London, United Kingdom)

ASN55081 (24SHELLS, US)

s.console.adtarget.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.55.6.210 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.210.6.55.162.clients.your-server.de

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 62.149.0.72 (Ukraine) 4 redirects

ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA)
PTR: 0-72.cc86365-03-tmp.cc.colocall.com

sync.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.console.adtarget.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.200.65.5 (Amsterdam, Netherlands)

ASN6681 (GIVEME-CLOUD, PL)
PTR: t.trafmag.com

t.trafmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.18.16.16 (Netherlands)

ASN205675 (HYBRID-AS, RU)

dm.hybrid.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f116:83:face:b00c:0:25de (Warsaw, Poland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.184.8.30 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-30.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.249.52.249 (Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

ads.us.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.109.91.53 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-91-53.deploy.static.akamaitechnologies.com

js.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.4.25 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.59.220.198 (Frankfurt am Main, Germany)

ASN60068 (CDN77 (^_^)/, GB)
PTR: unn-185-59-220-198.datapacket.com

cdn.admatic.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0c:5c81:5139::2 (London, United Kingdom)

ASN55081 (24SHELLS, US)

s.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.203.5.125 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

nep.advangelists.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.202.110.33 (United States)

ASN32748 (STEADFAST, US)
PTR: ip33.67-202-110.static.steadfastdns.net

ic.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.186.253.211 (Kansas City, United States) 5 redirects

ASN15169 (GOOGLE, US)

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.33.220.244 (Amsterdam, Netherlands) 8 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.48 (United States) 2 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.0.227.110 (Ascension Island)

ASN20773 (GODADDY, DE)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.150 (Paris, France)

ASN200271 (IGUANE-, FR)

hb-api.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.42.196.115 (Luxembourg) 1 redirects

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 18.158.173.146 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

ih.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.25 (Portsmouth, United Kingdom) 2 redirects

ASN13768 (COGECO-PEER1, CA)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 5.178.65.245 (Woerden, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

u-ams02.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (United Kingdom) 3 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 76.223.111.131 (United States) 3 redirects

ASN16509 (AMAZON-02, US)

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 5.178.65.253 (Woerden, Netherlands)

ASN50673 (SERVERIUS-AS, NL)

s.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:ef3 (United States)

ASN13335 (CLOUDFLARENET, US)

tag.navdmp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.170.39.52 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1400 (United States)

ASN41041 (VCLK-EU-SE, US)

prebid-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 168.119.146.39 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.39.146.119.168.clients.your-server.de

sync.richaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.162.133.149 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.56.137 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.214.206.142 (United Kingdom) 1 redirects

ASN46636 (NATCOWEB, US)

cs.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.79.143.124 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-143-124.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.230.142 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.185.130 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2.18.234.21 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.213.62.34 (Brno, Czech Republic) 1 redirects

ASN5588 (GTSCE GTS Central Europe / Antel Germany, CZ)

bbnaut.ibillboard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.253.128.188 (Amsterdam, Netherlands) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: bc.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.6.242 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.95.123 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-123.zrh50.r.cloudfront.net

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.158.191.20 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.135.190 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.237.88 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-237-88.deploy.static.akamaitechnologies.com

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:10::6816:1957 (United States)

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.227.248.159 (Kansas City, United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.137.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.57.158.51 (United States)

ASN26558 (FREEWHEEL, US)
PTR: amsadvip2.fwmrm.net

dmp.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:24:b002:ebbe:4057:3491:6f67 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

sync.tidaltv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.252.115.248 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.198.69.109 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

loadeu.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.1.205.165 (Bellagio, Italy) 1 redirects

ASN3242 (ASN-ITNET, IT)

bn01.er.bemail.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.81.244 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.163.159.103 (Düsseldorf, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

dmp.theadex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.253.109.165 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.120.52.200 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.77.62.253 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.14.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.237.161.69 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-161-69.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.118.60 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.45.99.241 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-99-241.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.62.42 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.130.13 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.234.240.118 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

sync.extend.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.226.160.243 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.127.92.82 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:20::ac43:47f1 (United States)

ASN13335 (CLOUDFLARENET, US)

sync.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.129.3.112 (France)

ASN12876 (Online SAS, FR)
PTR: 212-129-3-112.rev.poneytelecom.eu

js.cookieless-data.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.139.246 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.156.19.236 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::13 (United Kingdom) 2 redirects

ASN56396 (TURN, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.194.226.253 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.89.21.10 (London, United Kingdom) 4 redirects

ASN16276 (OVH, FR)
PTR: p24.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f016:b:face:b00c:0:2 (Warsaw, Poland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	googlesyndication.com pagead2.googlesyndication.com 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	407 KB
37	doubleclick.net 8 redirects googleads.g.doubleclick.net stats.g.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	193 KB
37	1plus1.ua 1 redirects control.1plus1.ua 1plus1.ua assay.1plus1.ua images.1plus1.ua	2 MB
24	1plus1.video 1plus1.video api.1plus1.video images.1plus1.video	711 KB
18	casalemedia.com 6 redirects dsum-sec.casalemedia.com ssum.casalemedia.com ssum-sec.casalemedia.com	20 KB
17	zeotap.com spl.zeotap.com mwzeom.zeotap.com	5 KB
17	adtelligent.com 3 redirects player.adtelligent.com ghb.adtelligent.com sync.adtelligent.com s.adtelligent.com	124 KB
16	adscale.de 1 redirects js.adscale.de ih.adscale.de	17 KB
15	e-planning.net 1 redirects ads.us.e-planning.net u-ams02.e-planning.net sync.e-planning.net s.e-planning.net	19 KB
12	adnxs.com 8 redirects ib.adnxs.com secure.adnxs.com	10 KB
11	gstatic.com www.gstatic.com fonts.gstatic.com	266 KB
11	google.com 3 redirects adservice.google.com www.google.com	2 KB
10	crwdcntrl.net 5 redirects bcp.crwdcntrl.net tags.crwdcntrl.net sync.crwdcntrl.net	16 KB
8	criteo.com 2 redirects gum.criteo.com mug.criteo.com bidder.criteo.com dis.criteo.com	2 KB
8	pubmatic.com 2 redirects ads.pubmatic.com image6.pubmatic.com	36 KB
8	googleapis.com fonts.googleapis.com	4 KB
7	quantumdex.io sync.quantumdex.io	3 KB
7	2mdn.net s0.2mdn.net	932 KB
7	adtarget.com.tr 1 redirects s.console.adtarget.com.tr sync.console.adtarget.com.tr	4 KB
6	tapad.com 5 redirects pixel.tapad.com	3 KB
6	yahoo.com 4 redirects ups.analytics.yahoo.com cms.analytics.yahoo.com pr-bh.ybp.yahoo.com	4 KB
6	adform.net 4 redirects cm.adform.net c1.adform.net track.adform.net dmp.adform.net	3 KB
5	ampproject.org cdn.ampproject.org	108 KB
5	adsrvr.org 3 redirects match.adsrvr.org	2 KB
5	openx.net 5 redirects rtb.openx.net	1 KB
5	googletagservices.com www.googletagservices.com	156 KB
5	google-analytics.com www.google-analytics.com	58 KB
5	admixer.net cdn.admixer.net inv-nets.admixer.net	82 KB
5	googletagmanager.com www.googletagmanager.com	181 KB
4	id5-sync.com 4 redirects id5-sync.com	6 KB
4	w55c.net 4 redirects pm.w55c.net	3 KB
4	amazon-adsystem.com 2 redirects aax-eu.amazon-adsystem.com s.amazon-adsystem.com	2 KB
4	mathtag.com 4 redirects sync.mathtag.com pixel.mathtag.com	2 KB
4	rubiconproject.com 1 redirects secure-assets.rubiconproject.com eus.rubiconproject.com token.rubiconproject.com	11 KB
4	google.de adservice.google.de www.google.de	1 KB
4	gemius.pl 1 redirects gaua.hit.gemius.pl	12 KB
3	turn.com 3 redirects ad.turn.com d.turn.com	1 KB
3	everesttech.net 2 redirects sync-tm.everesttech.net	1 KB
3	krxd.net 1 redirects beacon.krxd.net usermatch.krxd.net	939 B
3	sonobi.com sync.go.sonobi.com	1 KB
3	richaudience.com 1 redirects sync.richaudience.com	741 B
3	creativecdn.com 2 redirects creativecdn.com prebid-eu.creativecdn.com	892 B
3	facebook.com www.facebook.com graph.facebook.com	1 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	61 KB
3	heyhelga.net l1.heyhelga.net	63 KB
2	bluekai.com 2 redirects tags.bluekai.com	641 B
2	weborama.fr 2 redirects idsync.frontend.weborama.fr	839 B
2	demdex.net 2 redirects dpm.demdex.net	2 KB
2	tidaltv.com 2 redirects sync.tidaltv.com	790 B
2	m6r.eu 2 redirects tracking.m6r.eu	1 KB
2	criteo.net static.criteo.net	53 KB
2	3lift.com 2 redirects eb2.3lift.com	942 B
2	1rx.io 2 redirects sync.1rx.io	1 KB
2	sitescout.com 2 redirects pixel.sitescout.com pixel-sync.sitescout.com	677 B
2	betweendigital.com 1 redirects ads.betweendigital.com	1 KB
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	tynt.com ic.tynt.com
2	admatic.com.tr cdn.admatic.com.tr	21 KB
2	trafmag.com t.trafmag.com	464 B
2	facebook.net connect.facebook.net	66 KB
1	bidswitch.net x.bidswitch.net	146 B
1	bidr.io match.prod.bidr.io	430 B
1	onetag-sys.com onetag-sys.com	818 B
1	cookieless-data.com js.cookieless-data.com	367 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com	609 B
1	extend.tv 1 redirects sync.extend.tv	546 B
1	imrworldwide.com obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	38 B
1	mookie1.com odr.mookie1.com	324 B
1	agkn.com 1 redirects aa.agkn.com	383 B
1	theadex.com dmp.theadex.com	378 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	596 B
1	bemail.it 1 redirects bn01.er.bemail.it	659 B
1	exelator.com loadeu.exelator.com	324 B
1	fwmrm.net dmp.v.fwmrm.net	361 B
1	taboola.com trc.taboola.com	162 B
1	smaato.net 1 redirects s.ad.smaato.net	428 B
1	simpli.fi 1 redirects um.simpli.fi	706 B
1	ibillboard.com 1 redirects bbnaut.ibillboard.com	550 B
1	admanmedia.com 1 redirects cs.admanmedia.com	428 B
1	dotomi.com prebid-match.dotomi.com	104 B
1	audrte.com a.audrte.com
1	navdmp.com tag.navdmp.com	4 KB
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	490 B
1	omnitagjs.com hb-api.omnitagjs.com	533 B
1	advangelists.com 1 redirects nep.advangelists.com	228 B
1	hybrid.ai dm.hybrid.ai	238 B
1	loopme.me 1 redirects csync.loopme.me	207 B
1	googleadservices.com partner.googleadservices.com	638 B
1	tns-ua.com pa.tns-ua.com	138 B
1	bemobile.ua source.mmi.bemobile.ua	20 KB
0	netmng.com Failed google2waycm.netmng.com Failed
369	91

	Domain	Requested by
25	tpc.googlesyndication.com	securepubads.g.doubleclick.net 1plus1.ua 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com
20	images.1plus1.ua	1plus1.ua
18	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com 1plus1.ua bcp.crwdcntrl.net
16	pagead2.googlesyndication.com	1plus1.ua pagead2.googlesyndication.com securepubads.g.doubleclick.net 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
14	mwzeom.zeotap.com	ads.us.e-planning.net
14	1plus1.ua	1plus1.ua
13	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net ssum.casalemedia.com ssum-sec.casalemedia.com
13	ih.adscale.de	1 redirects js.adscale.de ih.adscale.de
11	ib.adnxs.com	8 redirects player.adtelligent.com googleads.g.doubleclick.net spl.zeotap.com
10	fonts.gstatic.com	fonts.googleapis.com
10	googleads.g.doubleclick.net	pagead2.googlesyndication.com 1plus1.ua 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
10	images.1plus1.video	1plus1.ua 1plus1.video
9	api.1plus1.video	1plus1.ua api.1plus1.video 1plus1.video
8	fonts.googleapis.com	api.1plus1.video tpc.googlesyndication.com s0.2mdn.net
8	sync.adtelligent.com	3 redirects player.adtelligent.com s.console.adtarget.com.tr s.adtelligent.com
8	www.google.com	3 redirects api.1plus1.video 1plus1.ua 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
7	sync.quantumdex.io	ads.us.e-planning.net sync.quantumdex.io ssum-sec.casalemedia.com
7	s0.2mdn.net	1plus1.ua s0.2mdn.net
6	pixel.tapad.com	5 redirects ads.us.e-planning.net
6	sync.console.adtarget.com.tr	1 redirects s.console.adtarget.com.tr s.adtelligent.com js.adscale.de ads.us.e-planning.net
6	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net 1plus1.ua
5	bcp.crwdcntrl.net	4 redirects tags.crwdcntrl.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	s.e-planning.net	ads.us.e-planning.net
5	match.adsrvr.org	3 redirects ssum.casalemedia.com bcp.crwdcntrl.net
5	u-ams02.e-planning.net	ads.us.e-planning.net ssum.casalemedia.com
5	rtb.openx.net	5 redirects
5	www.googletagservices.com	1plus1.ua pagead2.googlesyndication.com 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
5	www.googletagmanager.com	1plus1.ua 1plus1.video
5	1plus1.video	1plus1.ua 1plus1.video
4	id5-sync.com	4 redirects
4	sync.crwdcntrl.net	1 redirects bcp.crwdcntrl.net
4	pm.w55c.net	4 redirects
4	image6.pubmatic.com	2 redirects ads.pubmatic.com spl.zeotap.com
4	ups.analytics.yahoo.com	3 redirects ssum-sec.casalemedia.com
4	1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	ads.pubmatic.com	s.console.adtarget.com.tr ads.pubmatic.com ads.us.e-planning.net
4	ghb.adtelligent.com	player.adtelligent.com
4	gaua.hit.gemius.pl	1 redirects 1plus1.ua gaua.hit.gemius.pl
4	cdn.admixer.net	1plus1.ua cdn.admixer.net
4	player.adtelligent.com	1plus1.ua player.adtelligent.com
3	ssum-sec.casalemedia.com	ssum.casalemedia.com sync.quantumdex.io ssum-sec.casalemedia.com
3	sync-tm.everesttech.net	2 redirects ssum-sec.casalemedia.com
3	spl.zeotap.com	ads.us.e-planning.net spl.zeotap.com
3	sync.mathtag.com	3 redirects
3	sync.go.sonobi.com	ads.us.e-planning.net sync.quantumdex.io
3	sync.richaudience.com	1 redirects ads.us.e-planning.net spl.zeotap.com
3	sync.e-planning.net	ads.us.e-planning.net sync.quantumdex.io
3	gum.criteo.com	1 redirects static.criteo.net
3	js.adscale.de	s.console.adtarget.com.tr js.adscale.de ih.adscale.de
3	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	l1.heyhelga.net	1plus1.ua l1.heyhelga.net
2	graph.facebook.com	1plus1.ua
2	ade.googlesyndication.com	1plus1.ua
2	d.turn.com	2 redirects
2	s.amazon-adsystem.com	1 redirects ssum.casalemedia.com
2	tags.bluekai.com	2 redirects
2	aax-eu.amazon-adsystem.com	1 redirects ads.us.e-planning.net
2	beacon.krxd.net	spl.zeotap.com ads.us.e-planning.net
2	idsync.frontend.weborama.fr	2 redirects
2	dpm.demdex.net	2 redirects
2	sync.tidaltv.com	2 redirects
2	tracking.m6r.eu	2 redirects
2	track.adform.net	2 redirects
2	static.criteo.net	player.adtelligent.com static.criteo.net
2	ssum.casalemedia.com	1 redirects ads.us.e-planning.net
2	eb2.3lift.com	2 redirects
2	c1.adform.net	2 redirects
2	googleads4.g.doubleclick.net	1plus1.ua
2	eus.rubiconproject.com	ads.us.e-planning.net eus.rubiconproject.com
2	sync.1rx.io	2 redirects
2	ads.betweendigital.com	1 redirects player.adtelligent.com
2	bidder.criteo.com	player.adtelligent.com static.criteo.net
2	mug.criteo.com	1plus1.ua
2	ap.lijit.com	2 redirects
2	ic.tynt.com	s.adtelligent.com sync.quantumdex.io
2	cdn.admatic.com.tr	s.console.adtarget.com.tr cdn.admatic.com.tr
2	ads.us.e-planning.net	1 redirects s.console.adtarget.com.tr
2	creativecdn.com	2 redirects
2	t.trafmag.com	1plus1.ua s.adtelligent.com
2	connect.facebook.net	1plus1.ua connect.facebook.net
2	assay.1plus1.ua	1plus1.ua
1	pixel-sync.sitescout.com	1 redirects
1	x.bidswitch.net	ssum-sec.casalemedia.com
1	match.prod.bidr.io	ssum-sec.casalemedia.com
1	pr-bh.ybp.yahoo.com	ssum-sec.casalemedia.com
1	onetag-sys.com	sync.quantumdex.io
1	js.cookieless-data.com	s.e-planning.net
1	tags.crwdcntrl.net	s.e-planning.net
1	token.rubiconproject.com	eus.rubiconproject.com
1	ad.turn.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	sync.extend.tv	1 redirects
1	secure.adnxs.com	ssum.casalemedia.com
1	obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	spl.zeotap.com
1	usermatch.krxd.net	1 redirects
1	pixel.mathtag.com	1 redirects
1	odr.mookie1.com	spl.zeotap.com
1	aa.agkn.com	1 redirects
1	cms.analytics.yahoo.com	1 redirects
1	dmp.theadex.com	spl.zeotap.com
1	dsp.adfarm1.adition.com	1 redirects
1	bn01.er.bemail.it	1 redirects
1	loadeu.exelator.com	spl.zeotap.com
1	dmp.v.fwmrm.net	spl.zeotap.com
1	trc.taboola.com	spl.zeotap.com
1	dmp.adform.net	spl.zeotap.com
1	dis.criteo.com	1 redirects
1	s.ad.smaato.net	1 redirects
1	um.simpli.fi	1 redirects
1	bbnaut.ibillboard.com	1 redirects
1	secure-assets.rubiconproject.com	1 redirects
1	cs.admanmedia.com	1 redirects
1	prebid-match.dotomi.com	ads.us.e-planning.net
1	a.audrte.com	ads.us.e-planning.net
1	tag.navdmp.com	ads.us.e-planning.net
1	sync.targeting.unrulymedia.com	1 redirects
1	pixel.sitescout.com	1 redirects
1	hb-api.omnitagjs.com	player.adtelligent.com
1	prebid-eu.creativecdn.com	player.adtelligent.com
1	inv-nets.admixer.net	player.adtelligent.com
1	nep.advangelists.com	1 redirects
1	s.adtelligent.com	s.console.adtarget.com.tr
1	cm.adform.net	s.console.adtarget.com.tr
1	www.gstatic.com	www.google.com
1	www.facebook.com	1plus1.ua
1	dm.hybrid.ai	1plus1.ua
1	csync.loopme.me	1 redirects
1	s.console.adtarget.com.tr	player.adtelligent.com
1	www.google.de	1plus1.ua
1	stats.g.doubleclick.net	www.google-analytics.com
1	vars.hotjar.com	static.hotjar.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	script.hotjar.com	static.hotjar.com
1	pa.tns-ua.com	1plus1.ua source.mmi.bemobile.ua
1	source.mmi.bemobile.ua	1plus1.ua
1	static.hotjar.com	1plus1.ua
1	control.1plus1.ua	1 redirects
0	google2waycm.netmng.com Failed	1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
369	141

This site contains links to these domains. Also see Links.

Domain
1plus1.video
tsn.ua
plus-plus.tv
2plus2.ua
tet.tv
1plus1.international
biguditv.com
www.unian.net
paramountcomedy.com.ua
media.1plus1.ua
sales.1plus1.digital
www.facebook.com
www.instagram.com
www.youtube.com
viber.com

Subject Issuer	Validity	Valid
1plus1.ua R3	`2021-05-09` - `2021-08-07`	3 months	crt.sh
*.1plus1.video Go Daddy Secure Certificate Authority - G2	`2020-03-27` - `2021-08-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.adtelligent.com Sectigo RSA Domain Validation Secure Server CA	`2020-10-28` - `2021-11-27`	a year	crt.sh
assay.1plus1.ua R3	`2021-05-07` - `2021-08-05`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.admixer.net Sectigo RSA Domain Validation Secure Server CA	`2020-03-12` - `2021-06-21`	a year	crt.sh
l1.heyhelga.net R3	`2021-03-26` - `2021-06-24`	3 months	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
images.1plus1.ua R3	`2021-05-06` - `2021-08-04`	3 months	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2019-09-11` - `2021-09-24`	2 years	crt.sh
*.mmi.bemobile.ua Sectigo RSA Domain Validation Secure Server CA	`2021-02-02` - `2022-02-02`	a year	crt.sh
juke.mmi.tns-ua.com R3	`2021-04-19` - `2021-07-18`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
ghb.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2021-05-06` - `2021-08-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
s.console.adtarget.com.tr ZeroSSL ECC Domain Secure Site CA	`2021-04-03` - `2021-07-02`	3 months	crt.sh
sync.adtelligent.com R3	`2021-04-06` - `2021-07-05`	3 months	crt.sh
*.trafmag.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-15` - `2021-06-21`	a year	crt.sh
*.hybrid.ai Sectigo RSA Domain Validation Secure Server CA	`2020-07-07` - `2022-10-05`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
sync.console.adtarget.com.tr R3	`2021-04-02` - `2021-07-01`	3 months	crt.sh
ads.us.e-planning.net R3	`2021-03-15` - `2021-06-13`	3 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
cat.adscale.de DigiCert SHA2 Secure Server CA	`2020-10-23` - `2021-11-21`	a year	crt.sh
*.adform.net DigiCert SHA2 Secure Server CA	`2020-04-02` - `2021-06-02`	a year	crt.sh
cdn.admatic.com.tr R3	`2021-05-04` - `2021-08-02`	3 months	crt.sh
s.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2021-04-07` - `2021-07-06`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-01` - `2021-09-30`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-18` - `2021-06-18`	a year	crt.sh
ads.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2020-11-19` - `2021-12-20`	a year	crt.sh
*.adscale.de Amazon	`2021-05-09` - `2022-06-07`	a year	crt.sh
*.e-planning.net R3	`2021-03-26` - `2021-06-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-05` - `2021-08-05`	a year	crt.sh
*.audrte.com Amazon	`2021-01-26` - `2022-02-24`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
*.richaudience.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-17` - `2022-03-16`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-01` - `2022-04-04`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.v.fwmrm.net DigiCert TLS RSA SHA256 2020 CA1	`2020-11-17` - `2021-12-18`	a year	crt.sh
*.exelator.com Go Daddy Secure Certificate Authority - G2	`2019-05-17` - `2021-06-25`	2 years	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2020-10-05` - `2021-11-06`	a year	crt.sh
*.theadex.com GeoTrust RSA CA 2018	`2019-10-11` - `2021-10-10`	2 years	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-01-13` - `2022-01-07`	a year	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2021-04-09` - `2022-03-20`	a year	crt.sh
*.redinuid.imrworldwide.com Amazon	`2020-07-24` - `2021-08-24`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2020-08-28` - `2021-08-20`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2019-06-13` - `2021-06-28`	2 years	crt.sh
js.cookieless-data.com R3	`2021-05-15` - `2021-08-13`	3 months	crt.sh
onetag-sys.com R3	`2021-05-02` - `2021-07-31`	3 months	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-29` - `2021-09-22`	6 months	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-22` - `2021-09-15`	6 months	crt.sh
*.match.prod.bidr.io Amazon	`2021-02-26` - `2022-03-27`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh

This page contains 47 frames:

Primary Page: https://1plus1.ua/
Frame ID: 57FB0059D52C4B0893DB4ACEFA44B6C5
Requests: 119 HTTP requests in this frame

Frame: https://1plus1.video/video/embed/nRAnHbS2?autoplay=0&l=ua
Frame ID: AFF12E65FFA0E5A08F1C91DACF6F8484
Requests: 26 HTTP requests in this frame

Frame: https://cdn.admixer.net/scripts3/c.html
Frame ID: C75DCD5EA3FA02BC3A3E399E2B3F180F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210511/r20190131/zrt_lookup.html
Frame ID: 7454C9DF35C7FC1B616409D1B4A4EEBB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9111367348737651&output=html&adk=1812271804&adf=3025194257&lmt=1621120322&plat=1%3A32776%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2F1plus1.ua%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621120322087&bpp=4&bdt=516&idt=175&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1897592523784&frm=20&pv=2&ga_vid=69648745.1621120322&ga_sid=1621120322&ga_hid=1334754467&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530889%2C44743003&oid=3&pvsid=3498077062137338&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=197
Frame ID: 74C2400045840E7956EF167B76498058
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-5e3cec51ed8e99df6977c199d27812d7.html
Frame ID: 583367C414E1706C40B68379995F9590
Requests: 1 HTTP requests in this frame

Frame: https://s.console.adtarget.com.tr/sync.html?aid=609096
Frame ID: 20A7A1A758ECE6C4BB75CD88D7350196
Requests: 3 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=28cadd4d-602a-41d9-9da3-e48bea80cea2
Frame ID: 08864EA8F3D4F05344B8C605090CBD74
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=hf0caCucyo1Xe2yFJNx6&pi=admatic&tc=1
Frame ID: B46458860DF342D18B2AF684C771F7C5
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Frame ID: 0A4E889F19C7E0682EAAE16E50DA1C18
Requests: 17 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Frame ID: 60CC872478E320DBE5A676EBC76BCA86
Requests: 1 HTTP requests in this frame

Frame: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Frame ID: 714FE97E9BE9AD06208B477DF839006E
Requests: 5 HTTP requests in this frame

Frame: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Frame ID: A9E1D3E001B0EB4D73E381A2ACB35544
Requests: 1 HTTP requests in this frame

Frame: https://cdn.admatic.com.tr/user
Frame ID: C429A365C47BE962C6D77E2D9440C981
Requests: 2 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=609724
Frame ID: 50A1A682C7B31D14566194D811C7B2A5
Requests: 6 HTTP requests in this frame

Frame: https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Frame ID: 9310EA8F9091DCD9461B8CDF9125B883
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 567748F7A6156402C29BE81B6F758273
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Frame ID: 534E5156B68B213BC1A1BE6AAF5D81FA
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D55541ab6c584a418%26uid%3D
Frame ID: 917DE7B9D16AE2AFEC1360EA301CBC5A
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 5FFBE7A5CE073725594BD1E6DD8057B8
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012103020108001/amp4ads-v0.mjs
Frame ID: ED96F7ABAB95B7BC6A4BABC13C76DE82
Requests: 14 HTTP requests in this frame

Frame: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A324F4805C1A855D49759C3433115CB4
Requests: 1 HTTP requests in this frame

Frame: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E94EB759658BA5C0EEFBA3A558C87977
Requests: 16 HTTP requests in this frame

Frame: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D7FD9566EE5D326EF695BBFF72B285F1
Requests: 1 HTTP requests in this frame

Frame: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Frame ID: CDED5E646B2B2A6E024A36CF3172037D
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/index_728x90.html
Frame ID: AFA843705E2E345BF50B2C74741C7EFE
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pagead/adview?ai=CvpDbQ1WgYPrAD5GRgQfE-7PoCvHysJlis_3W990Nv-EeEAEg_f-FI2DxhY6G2B-gAYWp9cwCyAEJ4AIAqAMByAMIqgTUAU_QJAGsCh4x_Xu_5t8H8Pbh4fbrSsjA91wi23mKOoXXi3tRL1LmLneQLFEG_c9dyt0LHOKTZniIjaIklqEY3BKFFmQL2OLbgTkNvKZKbIYC3Y9P1e4K8knowiBkTb31yqc3l___U2MJz5xqzuBypewZzcy7bmDxdMEu90Sytty_GQsJNy8CfVVlRU8iQxQep9w_YRBTTPvJZN5QuELYLiwBNEBXnqvjKqHiDnsPXPIOZN_MNbi5XXEzC7-t6sZlmGodAsIvZ3XEEHi06BLiC0cCcPU0wASCvYmuywPgBAGSBQQIBBgBkgUECAUYBKAGLoAH49aKswGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQ-_YU0ggJCIDhgBAQARgdgAoDyAsB2BMN0BUBgBcBshcaChgIABIUcHViLTkxMzgyNDc2NTM3NTQ1MzM&sigh=ao1uejhjMag&template_id=419
Frame ID: 82D59C4F9BADE86710944C63F2EA3B59
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIy1wgIQ6_3nAhjmx82gATAB&v=APEucNVG3jzcJ65ym_WS65FCDfY-XcLyhxlaRfUwepT55aomsX__uW5cKO6iCLXwQSoVV7yYaS3c0i9P0e4yHdSsigU44LLip7cbW06NHdUwhKRz9MG_W5thts2lEjHFHsWKKpczaO0rXSmZjSU0em-K3kgcksfbH2kRv_oEDLYUDImpvI7nhkBx0I3TnE1BCiuu1YGoY_X4TwgDdQwaD62XZTLwo80gvg
Frame ID: BF8D19C19535CF8B8D7D6040FE9A5370
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/index_980x120.html
Frame ID: 5337B5B236C8F084228D3A417DFE3E86
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pagead/adview?ai=C7HxqQ1WgYPzAD5GRgQfE-7PoCvHysJlio__W990Nv-EeEAEg_f-FI2DxhY6G2B-gAYWp9cwCyAEJ4AIAqAMByAMIqgTYAU_QC1IFhE7q79Jhb3deMk1nWjxh5MdZAgBfPcG_9aKh0Njt1x1TvLWEbo93hIhrend0QXo6CH3oRr0nilzckzLnle4eYFX6uBjxe7gFsLew_x0Efytw8MMuogngnceEVyVOsHmTI8b6Z-CnVZBdf9Ilp6j3bDmDzE7P4cMa9BW5t_XPNkkTEpqTQcwPryYkR8Huw8S2_3I3rYi2rvO9lyLfia3nYIbUJEiut3l7lNNuidEk66-cjBnmWzaSXn2EZRMJQzbfUx2AJfWoo3qCh1sRx7MglUusl8AEgr2JrssD4AQBkgUECAQYAZIFBAgFGASgBi6AB-PWirMBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEKf_RNIICQiA4YAQEAEYHYAKA8gLAdgTDdAVAYAXAbIXGgoYCAASFHB1Yi05MTM4MjQ3NjUzNzU0NTMz&sigh=l5URmsOyS4c&template_id=419
Frame ID: EB3E37D5F8D13FBECD091FC1922754C8
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: BBF7DE1CEDFE63CEEAFD5AD9665BE8AA
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: B4EE4A9D4B0CAF8FBE7BBD2BB5A36F72
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 68CC9FE22319C76785C7FDFDB126E41B
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/9753181/1616408623857/index.html
Frame ID: 9940978695EB0664731FF76887DA76EF
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C7BD9263455FBCD31856A20B12DAD539
Requests: 3 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D55541ab6c584a418%26uid%3D
Frame ID: 45FE9312E190F7EFA5C4C0BE19726289
Requests: 10 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361&cmp=0
Frame ID: E5951E4BEA75ED92D405B5AAD32A7152
Requests: 31 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: FC401B5358A8141C6BE005C189E53D5B
Requests: 2 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/e-planning
Frame ID: 15260B3DE92644219934D0717B846254
Requests: 8 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307442&extuid=AOYKvKHmvTs-w8Ez
Frame ID: D7CBA12A6A3969EE4EB08893AE794F55
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Frame ID: C8CD6B753BF8359C35D7760B733A986C
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: 20F1278522B8068C5CAEA72879A45F70
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Frame ID: F157DED9EF819F962BC6D062235A7CD8
Requests: 1 HTTP requests in this frame

Frame: https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Frame ID: 53A8FD62CEF55DCDFBF607AB4F332764
Requests: 1 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/5/ct=y/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Frame ID: 13E1C9AACF757201820D2F1C6A82E4FE
Requests: 7 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=1plus1.ua
Frame ID: 7DBF524DE5399F2DF56AE9116F85DD6F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 81CF718BF059FD6A20F10E12A17C98CD
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://control.1plus1.ua/ HTTP 302
https://1plus1.ua/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

369
Requests

99 %
HTTPS

27 %
IPv6

91
Domains

141
Subdomains

94
IPs

14
Countries

5632 kB
Transfer

11284 kB
Size

10
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://1plus1.video/me/
Title: Вхід в кабінет

Search URL Search Domain Scan URL

URL: https://tsn.ua/
Title:

Search URL Search Domain Scan URL

URL: http://plus-plus.tv/
Title:

Search URL Search Domain Scan URL

URL: https://2plus2.ua/
Title:

Search URL Search Domain Scan URL

URL: https://tet.tv/
Title:

Search URL Search Domain Scan URL

URL: https://1plus1.international/
Title:

Search URL Search Domain Scan URL

URL: https://biguditv.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.unian.net/
Title:

Search URL Search Domain Scan URL

URL: https://1plus1.video/
Title:

Search URL Search Domain Scan URL

URL: https://paramountcomedy.com.ua/
Title:

Search URL Search Domain Scan URL

URL: https://media.1plus1.ua/ua/media/channels/1plus1
Title: Про канал

Search URL Search Domain Scan URL

URL: https://sales.1plus1.digital/
Title: Реклама

Search URL Search Domain Scan URL

URL: https://media.1plus1.ua/ua/media/channels/problems
Title: Проблеми з прийомом каналу 1+1

Search URL Search Domain Scan URL

URL: https://media.1plus1.ua/ua/hr
Title: Кар'єра

Search URL Search Domain Scan URL

URL: https://www.facebook.com/1plus1.ua
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/1plus1_ua/
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCVEaAWKfv7fE1c-ZuBs7TKQ?sub_confirmation=1#utm_source=1plus1&utm_medium=social-button-header&utm_campaign=youtube
Title:

Search URL Search Domain Scan URL

URL: https://viber.com/1plus1.ua
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://control.1plus1.ua/ HTTP 302
https://1plus1.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 89

https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D HTTP 307
https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=28cadd4d-602a-41d9-9da3-e48bea80cea2

Request Chain 90

https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D HTTP 302
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=e13f5a23fe66f901

Request Chain 102

https://gaua.hit.gemius.pl/_1621120322766/rexdot.js?l=100&id=bQdAso_Qc_wk._rzEVOvvGaEzbt1HObiH52AAsgyaVv.i7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2F1plus1.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=0&lsdata=-NOTSUP&fpdata=yCJxESsctR5DW2aln7x9FBaZRlidIamSlemHwVlNFRb.R7&vis=1 HTTP 301
https://gaua.hit.gemius.pl/__/_1621120322766/rexdot.js?l=100&id=bQdAso_Qc_wk._rzEVOvvGaEzbt1HObiH52AAsgyaVv.i7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2F1plus1.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=0&lsdata=-NOTSUP&fpdata=yCJxESsctR5DW2aln7x9FBaZRlidIamSlemHwVlNFRb.R7&vis=1

Request Chain 104

https://creativecdn.com/cm-notify?pi=admatic HTTP 302
https://creativecdn.com/cm-notify?pi=admatic&tc=1 HTTP 302
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=hf0caCucyo1Xe2yFJNx6&pi=admatic&tc=1

Request Chain 105

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID

Request Chain 111

https://nep.advangelists.com/xp/user-sync?acctid=494&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D306709%26extuid%3D%7BPARTNER_VISITOR_ID%7D HTTP 302
https://sync.console.adtarget.com.tr/csync?t=a&ep=306709&extuid=av-8ce7b0b5-2104-4e62-9a03-0ac63aaeaf98

Request Chain 112

https://sync.console.adtarget.com.tr/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D318342%26extuid%3D%7Buid%7D HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=0dd52e24bf26ce9f

Request Chain 121

https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D HTTP 302
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=e13f5a23fe66f901

Request Chain 123

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309255%26extuid%3D%24%7BUID%7D HTTP 302
https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309255%26extuid%3D%24%7BUID%7D&ox_sc=1 HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=309255&extuid=ca7b8ac2-421d-4529-b2d8-612ce332a1ea

Request Chain 124

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D297253%26extuid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.adtelligent.com%252Fcsync%253Ft%253Da%2526ep%253D297253%2526extuid%253D%2524UID HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=1033033539789509258

Request Chain 125

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID&sovrn_retry=true HTTP 307
https://sync.adtelligent.com/csync?t=a&ep=310570&extuid=70ea4dc611620eb70f17fdf1

Request Chain 126

https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D322988%26extuid%3D%7Buid%7D HTTP 302
https://sync.console.adtarget.com.tr/csync?t=a&ep=322988&extuid=e13f5a23fe66f901

Request Chain 128

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2F1plus1.ua%2F&domain=1plus1.ua&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=0cLSHnwwSjhETnZlNXZWL0tDZk1BTVE1K05tVGtWbnNhUkplWkplRGRSMnd6dHNmcEVrS2wwVEdFUnk0aEdFTGNRa1lVZmNOZHZyUUhRWE45cCttOWh2ZVNTcSthS0x3OEVLakQ0L3c4b090ak1NR1ZuRXpIRVBtc2U0NTY0aTFlU1R6ZTd0UHJqWHNqRHZHb01XVm5MVjZoYXRkM3dVdzhUY242SytRZnUwQksvMmdPNlN6S0p0ZFVYOEN0YmRsQzhFbXFMYjdCS2NFVXNieFFRUEhQVGxVRU93PT18&cppv=2

Request Chain 136

https://ih.adscale.de/uu?cbfn=receive&t=1621120322 HTTP 302
https://ih.adscale.de/uu?cbfn=receive&t=1621120322&nut&uu=cbc3ca0cb98a493d8c155801c03571c3

Request Chain 142

https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3D55541ab6c584a418 HTTP 302
https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=55541ab6c584a418

Request Chain 143

https://sync.1rx.io/usersync2/eplanning HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2223712991 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2223712991 HTTP 302
https://sync.1rx.io/usersync/tradedesk/124ec887-2453-4f75-9dcc-417e8ad956e6 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-96741f29-894b-4549-9cec-9c90923c62b0-003?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3DRX-96741f29-894b-4549-9cec-9c90923c62b0-003%26dc%3D1079cc634ca638f8%26iss%3D1 HTTP 302
https://sync.e-planning.net/um?uid=RX-96741f29-894b-4549-9cec-9c90923c62b0-003&dc=1079cc634ca638f8&iss=1

Request Chain 147

https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3D55541ab6c584a418%26uid%3D%24%7BUID%7D HTTP 302
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3D55541ab6c584a418%26uid%3D%24%7BUID%7D&ox_sc=1 HTTP 302
https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=55541ab6c584a418&uid=4c09252f-551a-4fe5-b3b3-16b9d4c177c2

Request Chain 151

https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3D55541ab6c584a418 HTTP 302
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F

Request Chain 152

https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D55541ab6c584a418%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fu-ams02.e-planning.net%252Fum%253Fdc%253D8103fa85295fbe60%2526fi%253D55541ab6c584a418%2526uid%253D%2524UID HTTP 302
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=55541ab6c584a418&uid=5247400059954150821

Request Chain 154

https://ups.analytics.yahoo.com/ups/58414/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58414/occ?verify=true HTTP 302
https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-TgHoJhlE2uE3l8Zj4s2DBnxNFmLOLdJZTq1VxJc-~A

Request Chain 155

https://cs.admanmedia.com/sync/eplanning?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D227acb3d18564968%26fi%3D55541ab6c584a418%26uid%3D%7B%24UID%7D HTTP 302
https://u-ams02.e-planning.net/um?dc=227acb3d18564968&fi=55541ab6c584a418&uid=dccf9f288daf9db52adc7527800a7216cd9e297c

Request Chain 157

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu

Request Chain 177

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 217

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJYrSxUAn0bU2S7stXDBfRM&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJYrSxUAn0bU2S7stXDBfRM&google_cver=1&C=1

Request Chain 218

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YKBVRPomrD6XL571CHriDQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJYrSxUAn0bU2S7stXDBfRM&google_cver=1

Request Chain 219

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOxvgDJYHlRTh0fU7xOvm94&google_cver=1

Request Chain 220

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI0NzQwMDA1OTk1NDE1MDgyMQ%3D%3D

Request Chain 233

https://bbnaut.ibillboard.com/match/AdScale?partneruid=cbc3ca0cb98a493d8c155801c03571c3&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b7411e9913b1a511619e58%2F1621120323609%2F0%2Fimg%3Ftpid%3D101%26tpuid%3DIBB_USER_ID&gdpr=0 HTTP 302
https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/img?tpid=101&tpuid=BBID-01-02958343250563678-16288920

Request Chain 238

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 239

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 242

https://um.simpli.fi/gp_match?google_gid=CAESEDQBdvDX7UqkldFacRQnqeU&google_cver=1&google_push=AQvitULCUXpNrEs151OUbCUo6HE1r2R7xmJOidGs9mzKbuvOmuEjwzYKjDld4N4kRIoPHn5bhsMFt-sx5VZaPzq1g70nbyFtoQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D9ED4388C532432885D5B47175D27426&google_push=AQvitULCUXpNrEs151OUbCUo6HE1r2R7xmJOidGs9mzKbuvOmuEjwzYKjDld4N4kRIoPHn5bhsMFt-sx5VZaPzq1g70nbyFtoQ4

Request Chain 243

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEOJwZS0pIR1I5JYvBPWbkR4&google_cver=1&google_push=AQvitUJmpLEKx5JDPxWcRCcSSCVLnutLl6Ku8BmElVZZQJ83GgNvMyBskwR_WsgIhdYYD9ck9RngF0Lk81XRhLj4iF_bmBMUPMw HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEOJwZS0pIR1I5JYvBPWbkR4&google_cver=1&google_push=AQvitUJmpLEKx5JDPxWcRCcSSCVLnutLl6Ku8BmElVZZQJ83GgNvMyBskwR_WsgIhdYYD9ck9RngF0Lk81XRhLj4iF_bmBMUPMw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTA5NzQ0NTY0MTE4NTAwNTY3MA&google_push=AQvitUJmpLEKx5JDPxWcRCcSSCVLnutLl6Ku8BmElVZZQJ83GgNvMyBskwR_WsgIhdYYD9ck9RngF0Lk81XRhLj4iF_bmBMUPMw

Request Chain 244

https://rtb.openx.net/sync/dds?google_gid=CAESEC5AkAJglFNlzJrEb91jk2s&google_cver=1&google_push=AQvitUKWu7BXzxiLr6Lw0cltHpMl4zspacV_rTnEEbPFnNbs7JAt3ThYGnhEY3NM6eHa3QWDPzBGXVPXmit1-YqHkVls1L8EfXA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKWu7BXzxiLr6Lw0cltHpMl4zspacV_rTnEEbPFnNbs7JAt3ThYGnhEY3NM6eHa3QWDPzBGXVPXmit1-YqHkVls1L8EfXA&google_hm=qoEg3EUDxSI-S5obhoOP9Q==

Request Chain 245

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEG85Bkp9DNzWYzSBi7zckIg&google_cver=1&google_push=AQvitUKXM9cpzGOApkdrDWljnvj9BdhCmM21ymECN-1guX4dzwSIPbfT6F-m8RK5AtnMtWn8l9dT2dkGd738zChKS-ctR8zyNOg HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEG85Bkp9DNzWYzSBi7zckIg&google_cver=1&google_push=AQvitUKXM9cpzGOApkdrDWljnvj9BdhCmM21ymECN-1guX4dzwSIPbfT6F-m8RK5AtnMtWn8l9dT2dkGd738zChKS-ctR8zyNOg&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=jlFY6WiEReS4aKu0WPOJxw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKXM9cpzGOApkdrDWljnvj9BdhCmM21ymECN-1guX4dzwSIPbfT6F-m8RK5AtnMtWn8l9dT2dkGd738zChKS-ctR8zyNOg

Request Chain 246

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHvsCr85okE0weA7WnRJZXQ&google_cver=1&google_push=AQvitUKU2bLdG2Wf-iRKw5Xp4lswd6nLOsSXGSjNCeyPoE4xhrzY3GWTVxpeV9A_StRBUA4MSLICPkCIccX2yhz8uoQjByCJwQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AQvitUKU2bLdG2Wf-iRKw5Xp4lswd6nLOsSXGSjNCeyPoE4xhrzY3GWTVxpeV9A_StRBUA4MSLICPkCIccX2yhz8uoQjByCJwQ

Request Chain 247

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMwodkogdH-8LFBKqDJyGcE&google_cver=1&google_push=AQvitUJLi2j8WiJKnPOnlrHORzZwzFTTsnxv1Wf6VSVxmQMVTQuD5gUNiQ-uclbINsprNFvA9-FeexadMzKes96hNJpAhJDo7A0 HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AQvitUJLi2j8WiJKnPOnlrHORzZwzFTTsnxv1Wf6VSVxmQMVTQuD5gUNiQ-uclbINsprNFvA9-FeexadMzKes96hNJpAhJDo7A0&google_gid=CAESEMwodkogdH-8LFBKqDJyGcE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTE2MDY1Mzc4MjE4NTYxODM1OTY%3D&google_push=AQvitUJLi2j8WiJKnPOnlrHORzZwzFTTsnxv1Wf6VSVxmQMVTQuD5gUNiQ-uclbINsprNFvA9-FeexadMzKes96hNJpAhJDo7A0

Request Chain 263

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=9e5f4c173d0a5032be571ec713005530a315bfaa5ae16959bb4409d4acf652ba&tpid=63&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b7411e9913b1a511619e58%2F1621120323609%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YKBVRPomrD6XL571CHriDgAA%26662

Request Chain 267

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=a997c79418fa9aea9cddf57e4957ce9a0464d160fbbc3f41f6cef377358bdf4b&tpid=108&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b7411e9913b1a511619e58%2F1621120323609%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=954860a0-5545-4200-a750-b09ea7617d23&gdpr=0&gdpr_consent=

Request Chain 269

https://track.adform.net/serving/cookie/match/?party=9&uid=3ce5f625266065c06d105dcc39429bc10db529102a1f56a0af10dc052bf1fcac&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b7411e9913b1a511619e58%2F1621120323609%2F0%2Fimg&gdpr=0 HTTP 302
https://track.adform.net/serving/cookie/match/?CC=1&party=9&uid=3ce5f625266065c06d105dcc39429bc10db529102a1f56a0af10dc052bf1fcac&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b7411e9913b1a511619e58%2F1621120323609%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/img?tpid=42&gdpr=0&tpuid=1097445641185005670

Request Chain 270

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&uid=230cb1856b10200dd02efcfcfa0f4920dfeaf8158d977d9ed19ce64845fd447f&tpid=40&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b7411e9913b1a511619e58%2F1621120323609%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=191c0cdf-03ff-41d0-8294-b44c1e9455aa

Request Chain 271

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=c82298dd86c48a72e3ac8af3887a04ba44677b3a5b7038c51f899efe5c8baa2a&tpid=39&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b7411e9913b1a511619e58%2F1621120323609%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=954860a0-5545-4200-a750-b09ea7617d23&gdpr=0&gdpr_consent=

Request Chain 272

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=a0d37406c8ac2d32e71d5c56942b2ad046af33825adf0b5f1c29d7c608df50e1&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b7411e9913b1a511619e58%2F1621120323609%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/img?uid=a0d37406c8ac2d32e71d5c56942b2ad046af33825adf0b5f1c29d7c608df50e1&tpid=38&gdpr=0&tpuid=CAESELl4hYs3PjSimYOgYJYeMdE&google_cver=1

Request Chain 273

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=427fe4fdc2edd16fa59ead93c808f91a7379a6ff0aaa573dd1d7c0c07981fca1&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b7411e9913b1a511619e58%2F1621120323609%2F0%2Fjs&gdpr=0 HTTP 302
https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=427fe4fdc2edd16fa59ead93c808f91a7379a6ff0aaa573dd1d7c0c07981fca1&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b7411e9913b1a511619e58%2F1621120323609%2F0%2Fjs&gdpr=0&checkcookies=true HTTP 302
https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/js?tpid=48&tpuid=9de6bd9b7cd6dd43218c8b27def3d570

Request Chain 277

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESECqh6RU_NUpcbuPya5HDHH4&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361

Request Chain 278

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3Decae5b38-5c6c-4dc0-75d8-5218c6e2312e%26zdid%3D1361 HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3Decae5b38-5c6c-4dc0-75d8-5218c6e2312e%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=267be2a9-11b8-4b99-beed-22222e385650&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361

Request Chain 280

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3Decae5b38-5c6c-4dc0-75d8-5218c6e2312e%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=124ec887-2453-4f75-9dcc-417e8ad956e6&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361

Request Chain 284

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361 HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361&s_h=1 HTTP 302
https://mwzeom.zeotap.com/mw?cid=1738b8e5-67f4-41c2-b19e-dc92827e39f9&zpartnerid=317&gdpr=1&gdpr_consent=

Request Chain 285

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=02f64658-ecbe-45c9-5f28-272c0b1026f3&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3Decae5b38-5c6c-4dc0-75d8-5218c6e2312e%26zdid%3D1361 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=02f64658-ecbe-45c9-5f28-272c0b1026f3&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3Decae5b38-5c6c-4dc0-75d8-5218c6e2312e%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=04477243010405014012439963975494566190&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361

Request Chain 287

https://bn01.er.bemail.it/zeotap.php?_bid=02f64658-ecbe-45c9-5f28-272c0b1026f3&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=BE1-2021051601-92010-0.359160001621120330-6f0a509765742b559de9224fbe49316c&zdid=533&env=mWeb

Request Chain 288

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3Decae5b38-5c6c-4dc0-75d8-5218c6e2312e%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=6962658787354671248&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361

Request Chain 289

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=02f64658-ecbe-45c9-5f28-272c0b1026f3 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=02f64658-ecbe-45c9-5f28-272c0b1026f3

Request Chain 290

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=02f64658-ecbe-45c9-5f28-272c0b1026f3&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3Decae5b38-5c6c-4dc0-75d8-5218c6e2312e%26zdid%3D1361 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=02f64658-ecbe-45c9-5f28-272c0b1026f3&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3Decae5b38-5c6c-4dc0-75d8-5218c6e2312e%26zdid%3D1361&bounce=1&random=2673750153 HTTP 302
https://mwzeom.zeotap.com/mw?webouuid=tw0cas7xu8e2yqScb6ddtu&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361

Request Chain 292

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=02f64658-ecbe-45c9-5f28-272c0b1026f3?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361 HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=02f64658-ecbe-45c9-5f28-272c0b1026f3?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?pid=831a49e880a38d8b08653ad8e5bd9b57&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361

Request Chain 293

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
https://mwzeom.zeotap.com/mw?cid=y-7HDvhPNE2opYEZrf1hoLh5yUL1axpxA22A--~A&zpartnerid=570&env=mWeb

Request Chain 294

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=g3DODFC4NGPzfod%2FBYBcOvXd%2B8yypxGd%2BS41iYitP1U%3D

Request Chain 298

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3Decae5b38-5c6c-4dc0-75d8-5218c6e2312e%26zdid%3D1361 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3Decae5b38-5c6c-4dc0-75d8-5218c6e2312e%26zdid%3D1361&_test=YKBVRwAA4BkdTQBg HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YKBVRwAA4BkdTQBg&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361&_test=YKBVRwAA4BkdTQBg

Request Chain 299

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3Decae5b38-5c6c-4dc0-75d8-5218c6e2312e%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=954860a0-5545-4200-a750-b09ea7617d23&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361

Request Chain 300

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361

Request Chain 301

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=02f64658-ecbe-45c9-5f28-272c0b1026f3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=02f64658-ecbe-45c9-5f28-272c0b1026f3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361&dcc=t

Request Chain 302

https://tags.bluekai.com/site/87734?id=02f64658-ecbe-45c9-5f28-272c0b1026f3&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

Request Chain 306

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YKBVRPomrD6XL571CHriDgAAApYAAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEAtXOa8fESbo2-4qcctC1yg&google_cver=1

Request Chain 308

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKBVRPomrD6XL571CHriDgAAApYAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKBVRPomrD6XL571CHriDgAAApYAAAAB&dcc=t

Request Chain 310

https://sync.extend.tv/r.gif?exchange=index HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a28a8bc4-0f7f-49e2-97d9-667ea1d70f81 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a28a8bc4-0f7f-49e2-97d9-667ea1d70f81&C=1

Request Chain 311

https://sync.srv.stackadapt.com/sync?nid=68 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=vF4z7eYRQNthvCtPMRQ-ZrlMCWs HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=vF4z7eYRQNthvCtPMRQ-ZrlMCWs&C=1

Request Chain 312

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=qObzHTTr1LI3s45&gdpr=1

Request Chain 313

https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3630505328658725185

Request Chain 323

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=5247400059954150821

Request Chain 324

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D HTTP 302
https://sync.quantumdex.io/setuid?bidder=between&uid=73d176d7-e643-5288-b492-eb94d432bed7

Request Chain 325

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=5247400059954150821

Request Chain 326

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danx152media%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=anx152media&uid=5247400059954150821

Request Chain 328

https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-TgHoJhlE2uE3l8Zj4s2DBnxNFmLOLdJZTq1VxJc-~A

Request Chain 335

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=954860a0-5545-4200-a750-b09ea7617d23&gdpr=1&gdpr_consent=

Request Chain 338

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YKBVRPomrD6XL571CHriDgAAApYAAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEAtXOa8fESbo2-4qcctC1yg&google_cver=1

Request Chain 340

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=KUwGF0ng1LI3s45&gdpr=1

Request Chain 343

https://bcp.crwdcntrl.net/5/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr HTTP 302
https://bcp.crwdcntrl.net/5/ct=y/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr

Request Chain 344

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/831a49e880a38d8b08653ad8e5bd9b57/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D HTTP 302
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=7238142560429375486

Request Chain 345

https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=831a49e880a38d8b08653ad8e5bd9b57&gdpr=1&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=LOTAME&partner_device_id=831a49e880a38d8b08653ad8e5bd9b57&gdpr=1&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=dc4ffbfa-17b3-42b5-829b-f5c097135bda

Request Chain 346

https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ODMxYTQ5ZTg4MGEzOGQ4YjA4NjUzYWQ4ZTViZDliNTc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ODMxYTQ5ZTg4MGEzOGQ4YjA4NjUzYWQ4ZTViZDliNTc&google_tc=

Request Chain 347

https://id5-sync.com/s/19/9.gif?puid=831a49e880a38d8b08653ad8e5bd9b57&gdpr=1 HTTP 302
https://id5-sync.com/c/19/19/9/1.gif?puid=831a49e880a38d8b08653ad8e5bd9b57&gdpr=1&gdpr_consent= HTTP 302
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODM4ODY2Ni90LzI/dpuid/ID5-ZHMOKqDiwSLoiBlQF2Zig3OF32lMuF9ESiB-9jQXiw/url/https%3A%2F%2Fid5-sync.com%2Fc%2F19%2F224%2F8%2F2.gif%3Fpuid%3D%24%21%7BTURN_UUID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_consent= HTTP 302
https://id5-sync.com/c/19/224/8/2.gif?puid=7238142560429375486&gdpr=1&gdpr_consent=&gdpr=1&gdpr_consent= HTTP 302
https://bcp.crwdcntrl.net/map/c=1882/tp=BKAI/gdpr=1/gdpr_consent=?https://tags.bluekai.com/site/5907?limit=0&id=${masked_profileid}&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F19%2F321%2F7%2F3.gif%3Fpuid%3D%24_BK_UUID%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://tags.bluekai.com/site/5907?limit=0&id=2fb3cae7803961fa6309240c63c3314e&redir=https://id5-sync.com/c/19/321/7/3.gif?puid=$_BK_UUID&gdpr=1&gdpr_consent= HTTP 302
https://id5-sync.com/c/19/321/7/3.gif?puid=$_BK_UUID HTTP 302
https://sync.crwdcntrl.net/map/c=2831/tp=GDMP?https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=${base64_profileid}&google_redir={xENCODEDURL}&id5id=ID5-ZHMOKqDiwSLoiBlQF2Zig3OF32lMuF9ESiB-9jQXiw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ODMxYTQ5ZTg4MGEzOGQ4YjA4NjUzYWQ4ZTViZDliNTc&google_redir={xENCODEDURL}&id5id=ID5-ZHMOKqDiwSLoiBlQF2Zig3OF32lMuF9ESiB-9jQXiw

Request Chain 348

https://pixel-sync.sitescout.com/connectors/lotame/usersync?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID HTTP 302
https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=no-consent

369 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
1plus1.ua/
Redirect Chain

https://control.1plus1.ua/
https://1plus1.ua/

140 KB
36 KB

562ms
293ms

Document
text/html

195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: a8d806423ab35feaee7f0d7c1e8cd01639c35bc3862842ec298dec3f8af7ac66

Request headers

Host: 1plus1.ua
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Sat, 15 May 2021 23:12:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Vary: Accept-Encoding
Set-Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D; path=/; secure; HttpOnly
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Sat, 15 May 2021 23:12:00 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://1plus1.ua

GET
H/1.1 200
OK main.css
1plus1.ua/css/ 1 MB
273 KB 92ms
91ms Stylesheet
text/css 195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/css/main.css?v=1620303585
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 0b3bd6059f9b77a5a857a2599aba1f6824a30b1762dd5a968cc38797dec0ec22

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://1plus1.ua/
Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D
Connection: keep-alive
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 May 2021 12:19:45 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK api.0.3.0.js Show response
1plus1.video/static/player/js/ 7 KB
3 KB 341ms
78ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/static/player/js/api.0.3.0.js
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: a5af34b74868f58da2483e0ad87af7bfb087d4fc23ee86139a4fba443bb66e5f

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 27 Jun 2019 14:17:47 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 14 Jun 2021 23:10:48 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 142 KB
49 KB 44ms
23ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b87c086edf82604a1a5d4892ea8b121d480c6570d0ab7be8464322312e60c2a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49888
x-xss-protection: 0
server: cafe
etag: 503174456932000003
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 15 May 2021 23:12:01 GMT

GET
H/1.1 200
OK l.js Show response
api.1plus1.video/u/ 895 B
2 KB 357ms
99ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/u/l.js?p=&l=ua&f=0&auth=1&login_profile=1
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 2828352f78a32a8155791f4497d25d486d2c059f30290e37f1255add757855d1

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:01 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: https://1plus1.ua
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=15
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK jquery.min.js Show response
1plus1.ua/assets/9262aebb/ 85 KB
35 KB 281ms
126ms Script
application/javascript 195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/assets/9262aebb/jquery.min.js?v=1522140588
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://1plus1.ua/
Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D
Connection: keep-alive
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:01 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Mar 2018 08:49:48 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK jquery.mousewheel.min.js Show response
1plus1.ua/js/plugin/ 3 KB
2 KB 233ms
76ms Script
application/javascript 195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/js/plugin/jquery.mousewheel.min.js?v=1534321534
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://1plus1.ua/
Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D
Connection: keep-alive
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:01 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK jquery.mCustomScrollbar.min.js Show response
1plus1.ua/js/plugin/ 39 KB
14 KB 264ms
107ms Script
application/javascript 195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/js/plugin/jquery.mCustomScrollbar.min.js?v=1534321534
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 6e39ba4fad6e787f935f33ea8dac9105b1384cae25041a12bc108805c86598fb

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://1plus1.ua/
Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D
Connection: keep-alive
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:01 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK yii.js Show response
1plus1.ua/assets/ee210f57/ 20 KB
7 KB 239ms
79ms Script
application/javascript 195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/assets/ee210f57/yii.js?v=1522140588
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: bb7a8c984417a77f846d70464f10364b4e5cb40c50ad1140b805bf43f2984b4d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://1plus1.ua/
Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D
Connection: keep-alive
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:01 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Mar 2018 08:49:48 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK main.js Show response
1plus1.ua/js/ 275 KB
79 KB 291ms
132ms Script
application/javascript 195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/js/main.js?v=1620303585
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: d417e4491ffab026708b52d3daceb656cf919f94e21d0b283626218184eb1912

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://1plus1.ua/
Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D
Connection: keep-alive
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 May 2021 12:19:45 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK yii.activeForm.js Show response
1plus1.ua/assets/ee210f57/ 32 KB
8 KB 265ms
77ms Script
application/javascript 195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/assets/ee210f57/yii.activeForm.js?v=1522140588
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 7b90253fd93dae3c4bae4ef55d38fc0550b3a58caaa0408505c581872ca46722

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://1plus1.ua/
Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D
Connection: keep-alive
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:01 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Mar 2018 08:49:48 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wrapper_hb_298309_4139.js Show response
player.adtelligent.com/prebid/ 95 KB
25 KB 153ms
50ms Script
application/javascript 213.174.135.2
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18762
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 28328061bf9db47f4fb33a3d446854095eb51eccc32793be4c58fee1c17a5f94

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 21:55:41 GMT
server: nginx
etag: W/"609ef1dd-17b52"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sun, 16 May 2021 00:12:02 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H/1.1 200
OK piwik.js Show response
assay.1plus1.ua/ 57 KB
23 KB 292ms
122ms Script
application/javascript 195.137.240.12
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL

https://assay.1plus1.ua/piwik.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

195.137.240.12 , Ukraine, ASN29389 (ASN-UNIAN, UA),

Reverse DNS

assay.1plus1.ua

Software

nginx /

Resource Hash

714576ef1d7b58980b7658ae9b8b4d74a223fba87934dc442db4098873e179a3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 03 Jul 2017 15:36:13 GMT
Server: nginx
ETag: W/"595a646d-e3b1"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
37 KB 32ms
32ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PWKM5Z

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7b6e72abfd6be8c9eaa11afa202dcf2d0305a502a8facbee15b8e0332376cf6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:01 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38264
x-xss-protection: 0
last-modified: Sat, 15 May 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 May 2021 23:12:01 GMT

GET
H2 200 loader2.js Show response
cdn.admixer.net/scripts3/ 86 KB
29 KB 29ms
5ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/loader2.js
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 8e803df870509df5596e431097ee1fffed78481509f955db288e3f3cd47b16e8

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Sat, 15 May 2021 23:12:01 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 14:07:50 GMT
server: nginx
etag: W/"609a8fb6-15695"
x-cached-since: 2021-05-15T23:10:30+00:00
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
cache: HIT
expires: Tue, 11 May 2021 20:57:33 GMT

GET
H/1.1 200
OK analytics.js Show response
l1.heyhelga.net/ 121 KB
42 KB 322ms
122ms Script
application/javascript 195.137.240.19
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://l1.heyhelga.net/analytics.js?ver=1621120321
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.19 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: l1-izi-02.1plus1.net
Software: nginx /
Resource Hash: 1252a07c4db3367b430e6e5c15e30d0cd879c1edbb2926dc7d75e4eed0a1080d

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Content-Encoding: gzip
Last-Modified: Mon, 11 Jan 2021 19:05:29 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, must-revalidate, max-age=7200
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 hotjar-1437498.js Show response
static.hotjar.com/c/ 3 KB
2 KB 236ms
104ms Script
application/javascript 99.86.242.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1437498.js?sv=6

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.242.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-242-11.vie50.r.cloudfront.net

Software

Resource Hash

5063a9e0f92d436b151a31c58ef2c304d147c8e241a9158f6a49edbdc1731ad8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: VIE50-C1
etag: W/d0bdeff8f5c4253f499515e29938a942
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
content-length: 1524
via: 1.1 aa98922692c099827cdae6a16b894745.cloudfront.net (CloudFront)
x-amz-cf-id: 4H8H4O0vPJwh-b_5YhY0CJI7NlxRQAjX2LlNE5r1OYh01QhgFrWrBw==

GET
H/1.1 200
OK oneplusone2015-regular.woff2
1plus1.ua/fonts/OnePlusOne/regular/ 19 KB
20 KB 89ms
88ms Font
application/octet-stream 195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/fonts/OnePlusOne/regular/oneplusone2015-regular.woff2
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/css/main.css?v=1620303585
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: a44d0dbd6674f6bc5ff19108f139572b3c1425e2177094d05a2f62e88b79dc8f

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://1plus1.ua
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://1plus1.ua/css/main.css?v=1620303585
Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D
Connection: keep-alive
Origin: https://1plus1.ua
Referer: https://1plus1.ua/css/main.css?v=1620303585
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:01 GMT
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Content-Type: application/octet-stream
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 19868
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK oneplusonettf-black.woff2
1plus1.ua/fonts/OnePlusOneTTF/black/ 19 KB
19 KB 78ms
77ms Font
application/octet-stream 195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/fonts/OnePlusOneTTF/black/oneplusonettf-black.woff2
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/css/main.css?v=1620303585
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 93e3f4a80e5e0b448a58947028eb19f4c62c95a402b4df807a22c2250d4e764c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://1plus1.ua
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://1plus1.ua/css/main.css?v=1620303585
Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D
Connection: keep-alive
Origin: https://1plus1.ua
Referer: https://1plus1.ua/css/main.css?v=1620303585
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:01 GMT
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Content-Type: application/octet-stream
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 19620
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK oneplusone2015-light-italic.woff
1plus1.ua/fonts/OnePlusOne/light/italic/ 15 KB
16 KB 89ms
88ms Font
application/font-woff 195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/fonts/OnePlusOne/light/italic/oneplusone2015-light-italic.woff
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/css/main.css?v=1620303585
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: b06437eb7d795fa51787e55d921e1928e9e32e45495f34591115b24a6a6c2790

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://1plus1.ua
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://1plus1.ua/css/main.css?v=1620303585
Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D
Connection: keep-alive
Origin: https://1plus1.ua
Referer: https://1plus1.ua/css/main.css?v=1620303585
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:01 GMT
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Content-Type: application/font-woff
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 15788
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK oneplusone2015-light.woff2
1plus1.ua/fonts/OnePlusOne/light/ 19 KB
19 KB 127ms
127ms Font
application/octet-stream 195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/fonts/OnePlusOne/light/oneplusone2015-light.woff2
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/css/main.css?v=1620303585
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 8cccd7da46e757c29d90ebbdd06911e724baf818543d032fe7fd657761008dbe

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://1plus1.ua
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://1plus1.ua/css/main.css?v=1620303585
Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D
Connection: keep-alive
Origin: https://1plus1.ua
Referer: https://1plus1.ua/css/main.css?v=1620303585
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:01 GMT
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Content-Type: application/octet-stream
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 18952
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1b6ad0859f86f3fc3427d5964adf647b_1920x830.jpg
images.1plus1.ua/uploads/programs_default/000/653/376/ 381 KB
381 KB 585ms
319ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/programs_default/000/653/376/1b6ad0859f86f3fc3427d5964adf647b_1920x830.jpg?v=1578573600
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: c0d8da4160b4a1931109717e5f8a0633b5833bc396cf32b54df1e0b4a5e61e3e

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Thu, 09 Jan 2020 12:40:03 GMT
server: nginx
etag: "5fca6fca527b7c03c70287011ccad725"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 389840
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:19:25 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 d4e3717dd6cb949b5cb543545ca6e1da.190x105.jpg
images.1plus1.video/card-3/m2Wnw8hC/ 7 KB
8 KB 376ms
126ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-3/m2Wnw8hC/d4e3717dd6cb949b5cb543545ca6e1da.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: c8fc1109963ab540f2ee448e9c38c8168805bf3c90d34842a31090d4fd9e6b78

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Tue, 25 Feb 2020 09:02:08 GMT
server: nginx
etag: "746ebd635e67bdc081787e6cf6b8ae09"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 7532
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 15 May 2021 23:12:02 GMT
expires: Sat, 22 May 2021 23:12:02 GMT

GET
H2 200 5a95eb6c05958bc42899e0ad86eb708c_1920x830.jpg
images.1plus1.ua/uploads/programs_default/000/653/517/ 131 KB
131 KB 575ms
310ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/programs_default/000/653/517/5a95eb6c05958bc42899e0ad86eb708c_1920x830.jpg?v=1579691937
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: c1d8c1269dd3540fd5209c776e2f03bddbb53f4d4a39ced794906f5bc742e058

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Wed, 22 Jan 2020 11:18:59 GMT
server: nginx
etag: "1bd545286c7b256b140087573ff0c746"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 134025
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:19:25 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fe40846ebb2dca173799dc4bb4b4c142.190x105.jpg
images.1plus1.video/card-3/GtE5K1cR/ 7 KB
8 KB 381ms
131ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-3/GtE5K1cR/fe40846ebb2dca173799dc4bb4b4c142.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 111f99c36f79c0c0dc7caffd5b53bfe11d94b0580f282c850d947ac1eed19499

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Mon, 17 Feb 2020 12:12:30 GMT
server: nginx
etag: "17d80ec614edfd386a5f14f9c0e1b9fc"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 7516
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 15 May 2021 23:12:02 GMT
expires: Sat, 22 May 2021 23:12:02 GMT

GET
H2 200 3392948a946427d3f023246801c1dcc1_1920x830.jpg
images.1plus1.ua/uploads/programs_default/000/551/604/ 138 KB
138 KB 524ms
259ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/programs_default/000/551/604/3392948a946427d3f023246801c1dcc1_1920x830.jpg?v=1566908955
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 850f27d1b165d32c880861dfbfe01443215a0f51310d2c96239879cfcdff995c

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Tue, 27 Aug 2019 12:29:18 GMT
server: nginx
etag: "df965a1cd801e6b034fbc8969b407259"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 140912
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:19:25 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 93c5af361519bdb1273e0e2e0667f1dd.190x105.jpg
images.1plus1.video/card-3/sCyjps3a/ 8 KB
8 KB 410ms
172ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-3/sCyjps3a/93c5af361519bdb1273e0e2e0667f1dd.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: e859459902fb9bb75189df502e8f6ec40c8dea2c59b301f9fe43933ded390680

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Mon, 17 Feb 2020 12:02:47 GMT
server: nginx
etag: "2c0adf196b38a2bf6e3b28bd835a2c02"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 8160
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 15 May 2021 23:12:02 GMT
expires: Sat, 22 May 2021 23:12:02 GMT

GET
H2 200 6b61dd6c745f9d5649eb01a19b398b48_1920x830.jpg
images.1plus1.ua/uploads/programs_default/000/653/562/ 133 KB
133 KB 505ms
285ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/programs_default/000/653/562/6b61dd6c745f9d5649eb01a19b398b48_1920x830.jpg?v=1579692854
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 35a07fb55ba049aaca56a25b0f41c72139affe01dff5e197ecb59f7b9bf55a13

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Wed, 22 Jan 2020 11:34:16 GMT
server: nginx
etag: "03b9900414c273f143078285ece4b0e9"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 136086
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:19:25 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 5c03e5a46c3caedaa127dfa3f846b443.190x105.jpg
images.1plus1.video/card-3/ptZn5WbR/ 10 KB
11 KB 324ms
120ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-3/ptZn5WbR/5c03e5a46c3caedaa127dfa3f846b443.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: c9e721a0fa4def37dfb177f59d4becab89f82bdbad85dfbd4e3144ce61cff6cf

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Tue, 21 Jan 2020 10:54:39 GMT
server: nginx
etag: "096005114621c00360ea9c6746285ca3"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 10481
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 15 May 2021 23:12:02 GMT
expires: Sat, 22 May 2021 23:12:02 GMT

GET
H2 200 b14c019ad5902ae75b626fa776ee773c_1920x830.jpg
images.1plus1.ua/uploads/programs_default/000/653/472/ 190 KB
191 KB 342ms
123ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/programs_default/000/653/472/b14c019ad5902ae75b626fa776ee773c_1920x830.jpg?v=1579691571
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: c1627399fe6ff6313825ef2f28265ee71ca235e72d0bcf4b924fc10788fc1cb3

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Wed, 22 Jan 2020 11:12:53 GMT
server: nginx
etag: "0a6cbf1c73a1dc92e0034b5387c58ba7"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 194800
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:19:25 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1e2e2aa5847a82f5cf11d6e39f2d45b7_340x511.png
images.1plus1.ua/uploads/articles/000/580/413/ 57 KB
57 KB 497ms
278ms Image
image/png 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/580/413/1e2e2aa5847a82f5cf11d6e39f2d45b7_340x511.png?v=1570005425
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 544a9af62229801218d1ba1e9c1d7bb14833ce35e7d77a0737a038c245d9ab4e

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Wed, 02 Oct 2019 08:37:10 GMT
server: nginx
etag: "15010561257df244da983b63bfd324c0"
content-type: image/png
cache-control: max-age=315360000
content-length: 58094
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:19:25 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 9c4f5a4fe3c7bb1eff90c49202971366_620x241.jpg
images.1plus1.ua/uploads/articles/000/648/750/ 30 KB
30 KB 462ms
242ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/648/750/9c4f5a4fe3c7bb1eff90c49202971366_620x241.jpg?v=1576835471
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: b3340bea4ee5045a4288eeff667625d1d5e8698e66db48fd4c9bcd644f1e4680

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Fri, 20 Dec 2019 09:59:12 GMT
server: nginx
etag: "8bf8ea9ecdb6ea9fb208592a2b06ad45"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 30359
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:19:25 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 7acfd97fe8e21fffb942f8f802bbd400_620x241.jpg
images.1plus1.ua/uploads/articles/000/651/633/ 29 KB
30 KB 575ms
356ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/651/633/7acfd97fe8e21fffb942f8f802bbd400_620x241.jpg?v=1577186500
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 65281bd4c18cc9b2cd11159b76435a896df4266dbfbdceca853532d1940352a9

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Tue, 24 Dec 2019 11:21:00 GMT
server: nginx
etag: "b526a778a39ad097ffec0442016e0513"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 30124
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:19:25 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK oneplusone2015-heavy.woff2
1plus1.ua/fonts/OnePlusOne/heavy/ 19 KB
20 KB 85ms
85ms Font
application/octet-stream 195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/fonts/OnePlusOne/heavy/oneplusone2015-heavy.woff2
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/css/main.css?v=1620303585
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 820a5c6758c92428368ba0b8ec651dbd593aafd0046c9e970c0252bf4301828c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://1plus1.ua
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://1plus1.ua/css/main.css?v=1620303585
Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D
Connection: keep-alive
Origin: https://1plus1.ua
Referer: https://1plus1.ua/css/main.css?v=1620303585
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Content-Type: application/octet-stream
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 19872
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK oneplusone2015-bold.ttf
1plus1.ua/fonts/OnePlusOne/bold/ 31 KB
31 KB 122ms
122ms Font
application/octet-stream 195.137.240.100
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/fonts/OnePlusOne/bold/oneplusone2015-bold.ttf
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/css/main.css?v=1620303585
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.100 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 1d20ef34fb2b7a8d6409fac19fabba3fe1c922c674b469e57b92aed5a417d3ea

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://1plus1.ua
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://1plus1.ua/css/main.css?v=1620303585
Cookie: _csrf=7c6e4851071e88ce8cc7914e056119406bb123e37014564fb68a9a7af5d13acba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22r4okhuk6VDnUhEPf8NcRjb_7YNGtvuY5%22%3B%7D
Connection: keep-alive
Origin: https://1plus1.ua
Referer: https://1plus1.ua/css/main.css?v=1620303585
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Content-Type: application/octet-stream
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 31444
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 02356062db1be53f5f8d5e1a94559178_340x511.jpg
images.1plus1.ua/uploads/articles/000/461/745/ 22 KB
23 KB 348ms
346ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/461/745/02356062db1be53f5f8d5e1a94559178_340x511.jpg?v=1591186118
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 5c819ec60a426a277958529cb82fd86d9d3ce828cd271abb6a29de53b88872a9

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Thu, 28 Feb 2019 13:30:20 GMT
server: nginx
etag: "3b9db2934919af002032bcf9260de15b"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 22870
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:19:33 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 283b3a7a9ac85b8dffa1e12d53184cfe_361x361.jpg
images.1plus1.ua/uploads/articles/000/650/400/ 19 KB
20 KB 354ms
352ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/650/400/283b3a7a9ac85b8dffa1e12d53184cfe_361x361.jpg?v=1577094662
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 04ed66329439ee574ba5f90f060620c67f86ef2b1511d7fe2c42bc9945bccd64

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Mon, 23 Dec 2019 09:49:15 GMT
server: nginx
etag: "8fd68177f0790c07a62a6098325b2a08"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 19784
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:19:33 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 49d57f75cd3bcae2eddcb5e5de403a66_361x361.jpg
images.1plus1.ua/uploads/articles/000/639/219/ 14 KB
14 KB 357ms
355ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/639/219/49d57f75cd3bcae2eddcb5e5de403a66_361x361.jpg?v=1575967748
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: db1ddd2f61dbad3bc06f5c02819ccbf4b9508380b37aec20a6df6f4660c078a2

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Tue, 10 Dec 2019 08:48:22 GMT
server: nginx
etag: "b56f42b731da9e937a8bd8125b0191c8"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 14298
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:19:34 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 67ad45e8b6cd85c0223e5b84508e7a64_340x511.jpg
images.1plus1.ua/uploads/articles/000/653/064/ 28 KB
28 KB 356ms
354ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/653/064/67ad45e8b6cd85c0223e5b84508e7a64_340x511.jpg?v=1577795488
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: e74af528af322f03aeb5027145ffbe6b259d3b29424de9c82a733a414f46b283

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Tue, 31 Dec 2019 12:31:45 GMT
server: nginx
etag: "a4b47af0565d5f0a3b11e404d3c06697"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 28535
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:19:35 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 3321b33c12ee591668ba47ebd023d5bc_361x361.jpg
images.1plus1.ua/uploads/articles/000/653/028/ 30 KB
30 KB 355ms
353ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/653/028/3321b33c12ee591668ba47ebd023d5bc_361x361.jpg?v=1577795153
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: ac89e5da9a44bf33849a1d501ea97ccf43b026745695fee1ed2e0de76b4c881d

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Tue, 31 Dec 2019 12:29:17 GMT
server: nginx
etag: "d5d735035f4f65988540fdb375b582d5"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 30923
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 02:34:41 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fd1a08606a6dacec92a8b445a5fb6c08_361x361.jpg
images.1plus1.ua/uploads/articles/000/653/391/ 11 KB
11 KB 354ms
353ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/653/391/fd1a08606a6dacec92a8b445a5fb6c08_361x361.jpg?v=1579175723
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 25a64f08844cf48f162ef1f844cef5ceaf5cc316c00eb672e63d2af1725c0a8a

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Thu, 16 Jan 2020 11:55:29 GMT
server: nginx
etag: "ff53f9e8151d041e454150793addb5c6"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 11364
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:21:10 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 08086869f586ae43908eee9a97e445a8_340x511.jpg
images.1plus1.ua/uploads/articles/000/653/280/ 28 KB
28 KB 349ms
348ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/653/280/08086869f586ae43908eee9a97e445a8_340x511.jpg?v=1577797540
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 4a9fc6c446ddef5f6205d3ad238112ce639e542546f3f3c0ad2f5951c2313332

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Tue, 31 Dec 2019 13:05:58 GMT
server: nginx
etag: "510b1b6697574a8d6c20ceb84662ef72"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 28262
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:21:10 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 487c858a8a7fd51204d1e248e1d780b4_361x361.jpg
images.1plus1.ua/uploads/articles/000/653/244/ 22 KB
22 KB 313ms
311ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/653/244/487c858a8a7fd51204d1e248e1d780b4_361x361.jpg?v=1577797192
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: a641f67a18c95ca7315ff24fe983bbf069722e26bbc2a992aa9cad2ee740a07d

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Tue, 31 Dec 2019 12:59:54 GMT
server: nginx
etag: "2e7dfae808802f53fe707011986b519f"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 22695
accept-ranges: bytes
x-1p1-cdn: HIT; Sat, 15 May 2021 03:13:04 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 9101ee879782d59e79039b99ae723ac5_361x361.jpg
images.1plus1.ua/uploads/articles/000/653/208/ 22 KB
22 KB 349ms
347ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/653/208/9101ee879782d59e79039b99ae723ac5_361x361.jpg?v=1577796856
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 22e82a377e041381856c538ed697de7fd3293893d468b944043bb285f05e4497

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Tue, 31 Dec 2019 12:57:14 GMT
server: nginx
etag: "7a3e71d6d3a4d73f488a4689eee437dd"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 22184
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 03:13:04 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ce4e78d47028183c2d6859e38d3f3c2d_340x511.jpg
images.1plus1.ua/uploads/articles/000/653/172/ 23 KB
23 KB 357ms
355ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/653/172/ce4e78d47028183c2d6859e38d3f3c2d_340x511.jpg?v=1577796475
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 7f26d2782bef2f468f9522ac5384691217f815565a04396eb244776d769769de

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Tue, 31 Dec 2019 12:47:58 GMT
server: nginx
etag: "72c03c2bfdb620979bdd797218e81b89"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 23396
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 22:21:10 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 52c1216f335260056c0500ff4051f05f_361x361.jpg
images.1plus1.ua/uploads/articles/000/653/136/ 32 KB
32 KB 352ms
351ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/653/136/52c1216f335260056c0500ff4051f05f_361x361.jpg?v=1577796116
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: e7eeca1c924364f1aa6d48427fa90f6a9b0f620147928a531237a7aa308cc523

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Tue, 31 Dec 2019 12:45:31 GMT
server: nginx
etag: "9b2cc17fb779d5c5b774995ef7a7972d"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 32678
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 04:13:48 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 2b0980958f084e13d0489440a4284284_361x361.jpg
images.1plus1.ua/uploads/articles/000/653/100/ 24 KB
24 KB 351ms
350ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/653/100/2b0980958f084e13d0489440a4284284_361x361.jpg?v=1577795789
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 57b24c34a0dd3107f539db7588721f6beef36943795bd03ae580164e933424ab

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Tue, 31 Dec 2019 12:36:32 GMT
server: nginx
etag: "0180fa6cb2c814cccc63d6fe4c76608d"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 24438
accept-ranges: bytes
x-1p1-cdn: REVALIDATED; Sat, 15 May 2021 04:13:48 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 3b7c77a8827726670d2e0480bbf8466d.190x105.jpg
images.1plus1.video/card-3/nRAnHbS2/ 8 KB
8 KB 339ms
140ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-3/nRAnHbS2/3b7c77a8827726670d2e0480bbf8466d.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 4aaa9004e0f614a37077fd1d7c1cd3af1dd1719f7e7555195199ef02bb8b79ab

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Sun, 09 Feb 2020 21:46:00 GMT
server: nginx
etag: "cea9e354591d9fdd659ed7fd950243a3"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 7828
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 15 May 2021 23:12:02 GMT
expires: Sat, 22 May 2021 23:12:02 GMT

GET
H2 200 c487a20e1388de6f308fdff7365ad581.190x105.jpg
images.1plus1.video/card-3/oRbEVFvu/ 8 KB
9 KB 366ms
167ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-3/oRbEVFvu/c487a20e1388de6f308fdff7365ad581.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 66399bcab4bed5fb6a37486acf01a34a11f4f0dfbcdcbff90b54fe0f7797fd42

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Sun, 09 Feb 2020 20:56:20 GMT
server: nginx
etag: "d2554f6685886ca24df51c3690d307e5"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 8601
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 15 May 2021 23:12:02 GMT
expires: Sat, 22 May 2021 23:12:02 GMT

GET
H2 200 5da187e55ed1b95e66baa1d3fdcd40a3.190x105.jpg
images.1plus1.video/card-3/GtE5UEWR/ 9 KB
9 KB 161ms
160ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-3/GtE5UEWR/5da187e55ed1b95e66baa1d3fdcd40a3.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 76cab4cda3775ca3e8c1d232d36178258ea52b2f85991098c43b6f02b2575d4b

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Sun, 09 Feb 2020 21:06:40 GMT
server: nginx
etag: "326c9d8d8d8fc983453b857e5ad2f701"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 9156
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 15 May 2021 23:12:02 GMT
expires: Sat, 22 May 2021 23:12:02 GMT

GET
H2 200 63239f360c0ac04e3718d57f1ae96cc2.190x105.jpg
images.1plus1.video/card-3/ltJrEMBC/ 6 KB
7 KB 155ms
154ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-3/ltJrEMBC/63239f360c0ac04e3718d57f1ae96cc2.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 045f04f00f65304db06a18e3ab669c31e22b5d54433e2a9e4cc7401268b84783

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Sun, 09 Feb 2020 20:59:56 GMT
server: nginx
etag: "263369da3d7cc30e71fa764079e0bfb7"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 6439
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 15 May 2021 23:12:02 GMT
expires: Sat, 22 May 2021 23:12:02 GMT

GET
H/1.1 200
OK Cookie set nRAnHbS2 Show response
1plus1.video/video/embed/ Frame AFF1 9 KB
4 KB 116ms
116ms Document
text/html 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/video/embed/nRAnHbS2?l=ua
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 744aac588058ddb11b9ff3e8769b4be86f96ca2a2893603ebb5e53bc3e40d974

Request headers

Host: 1plus1.video
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://1plus1.ua/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: _opov_sid_=60p8o3f8g1tohvvdleu0dvvs2o
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1plus1.ua/

Response headers

Server: nginx
Date: Sat, 15 May 2021 23:12:02 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: _opov_sid_=60p8o3f8g1tohvvdleu0dvvs2o; expires=Tue, 16 May 2023 00:12:02 GMT; Max-Age=63072000; domain=.1plus1.video; path=/; secure; SameSite=None; _opov_uisl_=0; expires=Mon, 15-May-2023 23:12:02 GMT; Max-Age=63072000; path=/; domain=.1plus1.video _opov_uisl_=0; expires=Mon, 15-May-2023 23:12:02 GMT; Max-Age=63072000; path=/; domain=.1plus1.video _opov_uisl_=0; expires=Mon, 15-May-2023 23:12:02 GMT; Max-Age=63072000; path=/; domain=.1plus1.video _opov_uisl_=0; expires=Mon, 15-May-2023 23:12:02 GMT; Max-Age=63072000; path=/; domain=.1plus1.video
Content-Encoding: gzip

GET
H2 200 c.html Show response
cdn.admixer.net/scripts3/ Frame C75D 637 B
531 B 6ms
5ms Document
text/html 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/c.html
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 594ca5002b9cdd63b301365c4dd76f3a08e23049f6aee1f62258d20da8ef1345

Request headers

:method: GET
:authority: cdn.admixer.net
:scheme: https
:path: /scripts3/c.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1plus1.ua/

Response headers

server: nginx
date: Sat, 15 May 2021 23:12:02 GMT
content-type: text/html
last-modified: Tue, 11 May 2021 14:07:45 GMT
vary: Accept-Encoding
etag: W/"609a8fb1-27d"
expires: Thu, 12 May 2022 14:12:35 GMT
cache-control: max-age=31622400
access-control-allow-origin: https://delo.ua
access-control-allow-credentials: true
cache: HIT
x-cached-since: 2021-05-11T14:12:35+00:00
x-id: fr5-up-gc35
content-encoding: gzip

GET
H2 200 306443839e6ad02abd2f.b.js Show response
cdn.admixer.net/scripts3/ 82 KB
22 KB 7ms
6ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/306443839e6ad02abd2f.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 0e671a70fbf1155ed9ec58398fb6d144360a73646429e52701ef584533fbb610

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 14:07:36 GMT
server: nginx
etag: W/"609a8fa8-14745"
vary: Accept-Encoding
x-cached-since: 2021-05-11T14:12:34+00:00
content-type: application/javascript
access-control-allow-origin: https://www.gismeteo.ua
cache-control: max-age=31622400
access-control-allow-credentials: true
cache: HIT
expires: Thu, 12 May 2022 14:12:34 GMT

GET
H2 200 d9d92df4fba73716000e.b.js Show response
cdn.admixer.net/scripts3/ 92 KB
25 KB 8ms
7ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: e76161afe81de38b97738d5d9008b7f211017ed268ebc8998acce1f3e9c49f61

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 14:07:47 GMT
server: nginx
etag: W/"609a8fb3-16ee8"
vary: Accept-Encoding
x-cached-since: 2021-05-11T14:12:35+00:00
content-type: application/javascript
access-control-allow-origin: https://delo.ua
cache-control: max-age=31622400
access-control-allow-credentials: true
cache: HIT
expires: Thu, 12 May 2022 14:12:35 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210511/r20190131/ 223 KB
82 KB 40ms
26ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210511/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9111367348737651&plah=1plus1.ua&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66f661926ae6c1e13c6b2169733476eb03b9be46e333e5f81eab69a5b0d27ace

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84097
x-xss-protection: 0
server: cafe
etag: 12558658968377452156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 15 May 2021 23:12:02 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210511/r20190131/ Frame 7454 10 KB
5 KB 26ms
6ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210511/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210511/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1plus1.ua/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 15 May 2021 20:24:49 GMT
expires: Sat, 29 May 2021 20:24:49 GMT
content-type: text/html; charset=UTF-8
etag: 10446291943670460780
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4644
x-xss-protection: 0
age: 10033
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 xgemius.js Show response
gaua.hit.gemius.pl/ 39 KB
11 KB 216ms
71ms Script
application/x-javascript 146.59.10.80
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/xgemius.js
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.10.80 , France, ASN16276 (OVH, FR),
Reverse DNS: ip80.ip-146-59-10.eu
Software: GHC /
Resource Hash: eb7c9303c1909cb61c459c12b535c69eb76ed3b08720c97a586e26b0b4ab8028

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 12:13:09 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 10552
expires: Sun, 16 May 2021 11:12:02 GMT

GET
H2 200 cm.js Show response
source.mmi.bemobile.ua/cm/ 52 KB
20 KB 263ms
86ms Script
application/javascript 194.247.175.38
BEMOBILE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://source.mmi.bemobile.ua/cm/cm.js
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 194.247.175.38 , Ukraine, ASN196831 (BEMOBILE-AS, UA),
Reverse DNS
Software: nginx/1.13.0 /
Resource Hash: 5d1b56a762d63b6e9bfb8a70552ce75c1c3938c782f8d9de971ecc960836c451

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
last-modified: Wed, 06 Nov 2019 07:55:53 GMT
server: nginx/1.13.0
etag: W/"5dc27c89-d0f6"
content-type: application/javascript; charset=utf-8
cache-control: no-cache
expires: Thu, 07 Nov 2019 07:55:53 GMT

GET
H2 200 pic.gif
pa.tns-ua.com/bug/ 56 B
138 B 287ms
87ms Image
image/gif 194.247.175.26
BEMOBILE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pa.tns-ua.com/bug/pic.gif?siteid=1plus1.ua&j=1&nocache=0.19830413187631346
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 194.247.175.26 , Ukraine, ASN196831 (BEMOBILE-AS, UA),
Reverse DNS
Software: nginx/1.13.0 /
Resource Hash: 2d310648a31461f6b76c38bca295da135b9825938ad1defab174fc29b414487b

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
cache-control: no-cache
server: nginx/1.13.0
expires: -1

GET
H2 200 sdk.js Show response
connect.facebook.net/uk_UA/ 3 KB
2 KB 88ms
29ms Script
application/x-javascript 2a03:2880:f016:14:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/uk_UA/sdk.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f016:14:face:b00c:0:3 Warsaw, Poland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0905b61cd031c9735f1035e9e93dda5d0d16df31725a0f57910a6edc990d46bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: AB20CJ56su+bTGKoanqGUA==
cross-origin-resource-policy: cross-origin
expires: Sat, 15 May 2021 23:21:36 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1782
x-fb-rlafr: 0
x-fb-debug: 2OmR20aDWI8hJDkt4GnSXU83pCBgIfLRoTP8IR5oGTUwt2+DvtCNEqnTQY9V12NwgyNXxD9iwi/TLZcZSAVsIQ==
x-fb-trip-id: 436667874
x-fb-content-md5: 98d4b258b6887a3e4bb93af45bd0b794
date: Sat, 15 May 2021 23:12:02 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "562e68cd99efb211aef2b6d0bb13093e"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK api.auth.0.0.5.js Show response
api.1plus1.video/static/js/ 98 KB
32 KB 123ms
122ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/js/api.auth.0.0.5.js?v=ab8780303bb814310713b519213bf27f52934d22
Requested by: Host: api.1plus1.video
URL: https://api.1plus1.video/u/l.js?p=&l=ua&f=0&auth=1&login_profile=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 5a4b1f2808b146ffbc15aaef9be736ffb04bfeff1b0e07787ea5b61f6f1620f8

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 11:56:24 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 14 Jun 2021 23:11:07 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWKM5Z

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6126
date: Sat, 15 May 2021 21:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sat, 15 May 2021 23:29:56 GMT

GET
H2 200 hb_298309_4139.js Show response
player.adtelligent.com/prebidlink/ex18763/ 271 KB
85 KB 58ms
57ms Script
application/javascript 213.174.135.2
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/ex18763/hb_298309_4139.js
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18762
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 7238153399ca356c43579ac0becd19727cf51d040c3edbff1596b6bb8869bc59

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
last-modified: Thu, 22 Apr 2021 11:24:02 GMT
server: nginx
etag: W/"60815cd2-43c23"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sun, 16 May 2021 00:12:02 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 63 KB
21 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4bf63af61eae56517944f32094187ba6082c7d29cfaac60064142769f57af1c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "873 / 988 of 1000 / last-modified: 1621030146"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21333
x-xss-protection: 0
expires: Sat, 15 May 2021 23:12:02 GMT

GET
H2 200 modules.0fd8b750824023792fba.js Show response
script.hotjar.com/ 220 KB
58 KB 175ms
65ms Script
application/javascript 13.224.95.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.0fd8b750824023792fba.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1437498.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.38 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-38.zrh50.r.cloudfront.net

Software

Resource Hash

65cef8a94d8a09cac56b85e15c92c37ea129d38a094fa8e1f3fd812a550b74be

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 07:37:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 315297
x-cache: Hit from cloudfront
content-length: 59191
access-control-allow-origin: *
last-modified: Wed, 12 May 2021 07:37:04 GMT
etag: "cd11ca1a90eced753504203f173db976"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 110750d14d1d900cd5c76d0ac872f5dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: K9Ondy7659Yf5YSBZ-en4DfPKI9niZGM4pjzCHNgD_6E_tcq5Vpelw==

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 199 B
638 B 195ms
84ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=1plus1.ua&callback=_gfp_s_&client=ca-pub-9111367348737651

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210511/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9111367348737651&plah=1plus1.ua&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

b87cdeb7fe32acd67895d6f8faf63d41c774079f67bdc13f5248c9193f7f13cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 190
x-xss-protection: 0

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2F1plus1.ua%2F&tn=DIV&cls=cookies%20js-cookies&ign=false

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 38ms
15ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=1plus1.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 37ms
15ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=1plus1.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 74C2 0
19 B 59ms
44ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9111367348737651&output=html&adk=1812271804&adf=3025194257&lmt=1621120322&plat=1%3A32776%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2F1plus1.ua%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621120322087&bpp=4&bdt=516&idt=175&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1897592523784&frm=20&pv=2&ga_vid=69648745.1621120322&ga_sid=1621120322&ga_hid=1334754467&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530889%2C44743003&oid=3&pvsid=3498077062137338&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=197

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9111367348737651&output=html&adk=1812271804&adf=3025194257&lmt=1621120322&plat=1%3A32776%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2F1plus1.ua%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621120322087&bpp=4&bdt=516&idt=175&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1897592523784&frm=20&pv=2&ga_vid=69648745.1621120322&ga_sid=1621120322&ga_hid=1334754467&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530889%2C44743003&oid=3&pvsid=3498077062137338&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=197
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1plus1.ua/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 15 May 2021 23:12:02 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 15-May-2021 23:27:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 15 May 2021 23:12:02 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5195b5533eaad9e23ee9c1ad9dd017b4f0fca8d54921a3f045858eaf4145689d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620991985148764"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27994
x-xss-protection: 0
expires: Sat, 15 May 2021 23:12:02 GMT

GET
H/1.1 200
OK ovva.0.3.0.css
1plus1.video/static/player/css/ Frame AFF1 171 KB
26 KB 129ms
127ms Stylesheet
text/css 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/static/player/css/ovva.0.3.0.css?v=ab8780303bb814310713b519213bf27f52934d22
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/nRAnHbS2?l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: d4c668bce61f7b8ce502204a3cd9b5f868384c07bff2b907e561b75f6a6ec56c

Request headers

Referer: https://1plus1.video/video/embed/nRAnHbS2?l=ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 11:47:42 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 14 Jun 2021 23:09:48 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ Frame AFF1 88 KB
35 KB 33ms
18ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-104502981-1

Requested by

Host: 1plus1.video
URL: https://1plus1.video/video/embed/nRAnHbS2?l=ua

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

93ccd84af7169966aca404a214147c622a90cd8e65c1061a33d0c87f6c5819ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35683
x-xss-protection: 0
last-modified: Sat, 15 May 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 May 2021 23:12:02 GMT

GET
H/1.1 200
OK tracking Show response
ghb.adtelligent.com/adunit/ 43 B
411 B 81ms
25ms XHR
image/gif 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/tracking?event=11&type=0&client_id=298309&site_id=4139&full_page_url=https%3A%2F%2F1plus1.ua%2F&adid=qd6m6l.je&vpbv=0774&lifecycle_tte=1611
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18762
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://1plus1.ua
Date: Sat, 15 May 2021 23:12:02 GMT
Access-Control-Allow-Credentials: true
Server: VertaMedia 1.0
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

GET
H3-29 200 sdk.js Show response
connect.facebook.net/uk_UA/ 213 KB
63 KB 60ms
29ms Script
application/x-javascript 2a03:2880:f016:14:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/uk_UA/sdk.js?hash=f5c16723904ed73968c1aa95e486a623&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/uk_UA/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f016:14:face:b00c:0:3 Warsaw, Poland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

43af7f12c539ce9806bca75b45a9cd3d5ec7a6c9b5402f04f605b9d315fd2536

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://1plus1.ua
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: st/PVBuK5bG5h9nL36QBTQ==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 64670
x-fb-rlafr: 0
x-fb-debug: 6MR+hDQ8whbqjJgsWsMYy1xxPwQhjZo59IqWl4YK4VyiKvq+IL0fdI27xryLMTLxc0ZrWnLakDcL/1bdr1K36w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: d6fb3dd419f0b594aec320156b9320cd
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sat, 15 May 2021 23:12:02 GMT
vary: Accept-Encoding
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "e6af462d0f6aa9a5622ccbfb475c4637"
timing-allow-origin: *
priority: u=3,i
expires: Sun, 15 May 2022 22:12:20 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 26ms
12ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1334754467&t=pageview&_s=1&dl=https%3A%2F%2F1plus1.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9E%D1%84%D1%96%D1%86%D1%96%D0%B9%D0%BD%D0%B8%D0%B9%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BA%D0%B0%D0%BD%D0%B0%D0%BB%D1%83%201%2B1&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAEABAAAAAC~&jid=1728266303&gjid=2118516934&cid=69648745.1621120322&tid=UA-22507043-9&_gid=1959937394.1621120322&_r=1&gtm=2wg5c1PWKM5Z&z=234901262

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://1plus1.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 21ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1334754467&t=pageview&_s=1&dl=https%3A%2F%2F1plus1.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9E%D1%84%D1%96%D1%86%D1%96%D0%B9%D0%BD%D0%B8%D0%B9%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BA%D0%B0%D0%BD%D0%B0%D0%BB%D1%83%201%2B1&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAjAAEABAAAAAC~&jid=1049218054&gjid=2058628079&cid=69648745.1621120322&tid=UA-113262294-1&_gid=1959937394.1621120322&_r=1&gtm=2wg5c1PWKM5Z&z=2021697002

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://1plus1.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK piwik.php
assay.1plus1.ua/ 43 B
255 B 88ms
87ms Image
image/gif 195.137.240.12
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assay.1plus1.ua/piwik.php?action_name=%D0%9E%D1%84%D1%96%D1%86%D1%96%D0%B9%D0%BD%D0%B8%D0%B9%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BA%D0%B0%D0%BD%D0%B0%D0%BB%D1%83%201%2B1&idsite=2&rec=1&r=534353&h=1&m=12&s=2&url=https%3A%2F%2F1plus1.ua%2F&_id=13b4f4c8c08b1e08&_idts=1621120322&_idvc=1&_idn=0&_refts=0&_viewts=1621120322&send_image=1&cookie=1&res=1600x1200&gt_ms=308

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

195.137.240.12 , Ukraine, ASN29389 (ASN-UNIAN, UA),

Reverse DNS

assay.1plus1.ua

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Transfer-Encoding: chunked
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=10
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif

GET
H2 200 box-5e3cec51ed8e99df6977c199d27812d7.html Show response
vars.hotjar.com/ Frame 5833 1 KB
1 KB 185ms
60ms Document
text/html 13.32.6.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-5e3cec51ed8e99df6977c199d27812d7.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1437498.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.6.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-6-14.vie50.r.cloudfront.net
Software: /
Resource Hash: 486762d56893f9b12fdfad41c3a76f11fc745b5436e97e596a63c22ee13d2e33

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-5e3cec51ed8e99df6977c199d27812d7.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1plus1.ua/

Response headers

content-type: text/html
content-length: 684
date: Tue, 30 Mar 2021 16:10:32 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "4e332edbbc3b46800c87f197cc7d3bb6"
last-modified: Tue, 30 Mar 2021 14:48:51 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 de9b04903710e9099bfc75aaf59c8edb.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-cf-id: 9jdfLUR_QJ6eskO5oYxFkYSZpTD1zLLUfv7tUzBQLMYy0nGtVLmSBg==
age: 3999690

GET
H/1.1 200
OK api.auth.css
api.1plus1.video/static/css/ 56 KB
9 KB 84ms
83ms Stylesheet
text/css 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/css/api.auth.css?_t563544052690
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: a691ce0fb054d5f2128394b9ad9c5961d7c0cdc1804bc83d6760df78ee304d7f

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 11:47:41 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 14 Jun 2021 23:12:02 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
83 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-22507043-9&cid=69648745.1621120322&jid=1728266303&gjid=2118516934&_gid=1959937394.1621120322&_u=YAhAAEAAAAAAAC~&z=241517614

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 15 May 2021 23:12:02 GMT
content-type: text/plain
access-control-allow-origin: https://1plus1.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK csyncs Show response
ghb.adtelligent.com/ 796 B
664 B 25ms
25ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/csyncs?aid1=437380&aid2=437381&aid3=605039&aid4=607661&aid5=undefined
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18762
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 8980ccb5946abcc0aafab8f2eaca0021a48dc264bd3c040b618c56f4d2e3b984

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Content-Encoding: gzip
Server: VertaMedia 1.0
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://1plus1.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 380

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 925 B
824 B 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=__api_auth_recaptcha_on_load__&render=explicit&hl=uk

Requested by

Host: api.1plus1.video
URL: https://api.1plus1.video/static/js/api.auth.0.0.5.js?v=ab8780303bb814310713b519213bf27f52934d22

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8cf7b190fddf777d12e3ff6b9fd4bb4c580ee9c1488bc78a40750c55bd6d4e1a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 582
x-xss-protection: 1; mode=block
expires: Sat, 15 May 2021 23:12:02 GMT

GET
H2 200 pubads_impl_2021051001.js Show response
securepubads.g.doubleclick.net/gpt/ 303 KB
107 KB 166ms
56ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

sffe /

Resource Hash

b19865c2e8366fc6cef8f869b9447b23243e4917d73591e554f1b697a1f8da9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 10 May 2021 08:38:30 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109340
x-xss-protection: 0
expires: Sat, 15 May 2021 23:12:02 GMT

GET
H/1.1 200
OK v0 Show response
l1.heyhelga.net/stat/eventManager/ 16 KB
16 KB 108ms
107ms Fetch
application/json 195.137.240.19
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://l1.heyhelga.net/stat/eventManager/v0?domain=1plus1.ua&url=%2F
Requested by: Host: l1.heyhelga.net
URL: https://l1.heyhelga.net/analytics.js?ver=1621120321
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.19 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: l1-izi-02.1plus1.net
Software: nginx /
Resource Hash: 55b6a6276b53d4aeb9b1c841db9ff49b552897ee4faa32937a39c7da50f05958

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: https://1plus1.ua
Access-Control-Expose-Headers: link
Cache-Control: no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive

GET
H2 200 fpdata.js Show response
gaua.hit.gemius.pl/ 278 B
392 B 70ms
70ms Script
application/x-javascript 146.59.10.80
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/fpdata.js?href=1plus1.ua
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.10.80 , France, ASN16276 (OVH, FR),
Reverse DNS: ip80.ip-146-59-10.eu
Software: GHC /
Resource Hash: fd14d8a9ac18340825861bf9b89b91a73c37728b15941e3ed285fe8cd390073c

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 278
expires: Mon, 14 Jun 2021 23:12:02 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 24ms
24ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-22507043-9&cid=69648745.1621120322&jid=1728266303&_u=YAhAAEAAAAAAAC~&z=868743303

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
16ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-22507043-9&cid=69648745.1621120322&jid=1728266303&_u=YAhAAEAAAAAAAC~&z=868743303

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK sync.html Show response
s.console.adtarget.com.tr/ Frame 20A7 2 KB
1 KB 79ms
23ms Document
text/html 2a0c:5c81:5095:0:225:90ff:fefa:245d
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18762
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5095:0:225:90ff:fefa:245d London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 7f75e79ec3f481ce050adc9b0e9fbc75ba3e8e70cdd02613b96477f4e1ccde77

Request headers

Host: s.console.adtarget.com.tr
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://1plus1.ua/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1plus1.ua/

Response headers

Server: VertaMedia 1.0
Date: Sat, 15 May 2021 23:12:02 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 942
Access-Control-Allow-Origin: https://1plus1.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Encoding: gzip

GET
H/1.1

200
OK

Cookie set csync Show response
sync.adtelligent.com/ Frame 0886
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D
https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=28cadd4d-602a-41d9-9da3-e48bea80cea2

86 B
547 B

704ms
413ms

Document
image/gif

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=28cadd4d-602a-41d9-9da3-e48bea80cea2
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18762
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: 1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Host: sync.adtelligent.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://1plus1.ua/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: vmuid=e13f5a23fe66f901
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1plus1.ua/

Response headers

Server: VertaMedia 1.0
Date: Sat, 15 May 2021 23:12:02 GMT
Content-Type: image/gif
Content-Length: 86
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: vmuid=e13f5a23fe66f901; expires=Fri, 16 Jul 2021 23:12:03 GMT; domain=.adtelligent.com; path=/; secure; SameSite=None a319130=28cadd4d-602a-41d9-9da3-e48bea80cea2; expires=Fri, 16 Jul 2021 23:12:03 GMT; domain=.adtelligent.com; path=/; secure; SameSite=None

Redirect headers

set-cookie: viewer_token=28cadd4d-602a-41d9-9da3-e48bea80cea2; path=/; domain=csync.loopme.me; Expires=Tue, 15-Jun-2021 23:12:02 GMT
location: https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=28cadd4d-602a-41d9-9da3-e48bea80cea2
content-length: 0
date: Sat, 15 May 2021 23:12:02 GMT
server: _

GET
H2

200

1px-matching-adtelligent.gif
t.trafmag.com/images/images/
Redirect Chain

https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=e13f5a23fe66f901

35 B
232 B

199ms
58ms

Image
image/gif

193.200.65.5
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=e13f5a23fe66f901
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.200.65.5 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: t.trafmag.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
server: nginx
content-type: image/gif
content-length: 35
p3p: CP="NON DSP COR CURa TIA"

Redirect headers

Location: https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=e13f5a23fe66f901
Date: Sat, 15 May 2021 23:12:02 GMT
Server: VertaMedia 1.0
Content-Length: 43
Content-Type: image/gif

GET
H2 204 match
dm.hybrid.ai/ 0
238 B 269ms
85ms Image
text/plain 37.18.16.16
HYBRID-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dm.hybrid.ai/match?id=186&burl=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D324902%26extuid%3D%24%7BVID%7D

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.18.16.16 , Netherlands, ASN205675 (HYBRID-AS, RU),

Reverse DNS

Software

Hybrid Web Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:02 GMT
server: Hybrid Web Server
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
access-control-allow-origin: *
cache-control: no-cache, no-store
x-mode: 120
x-xss-protection: 1; mode=block
expires: -1

GET
H/1.1 200
OK l.js Show response
api.1plus1.video/u/ Frame AFF1 898 B
2 KB 93ms
93ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/u/l.js?p=276&l=ua&f=0&auth=1&login_profile=1&_t=1621120322626
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/nRAnHbS2?l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 6eb578cdb8ad2849ee8eac7af86100d2c1dd2780246ec275abcfb44a0d39175d

Request headers

Origin: https://1plus1.video
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:02 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: https://1plus1.video
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=15
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame AFF1 101 KB
37 KB 19ms
19ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WPC3Q76

Requested by

Host: 1plus1.video
URL: https://1plus1.video/video/embed/nRAnHbS2?l=ua

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5d939a6531a918f550dff0615d8d07c917e9f2549f24e1d124c3600e8d2b6941

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37462
x-xss-protection: 0
last-modified: Sat, 15 May 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 May 2021 23:12:02 GMT

GET
H2 200 3b7c77a8827726670d2e0480bbf8466d.custom.jpg
images.1plus1.video/card-3/nRAnHbS2/ Frame AFF1 226 KB
226 KB 95ms
95ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-3/nRAnHbS2/3b7c77a8827726670d2e0480bbf8466d.custom.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/nRAnHbS2?l=ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 747fd89e5764f688a5d68391e02ba3a2800fe0ae7ec147eb3a4b7ac3ad070ac4

Request headers

Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Sun, 09 Feb 2020 21:45:58 GMT
server: nginx
etag: "9e2591c0c8ffd5cbcff87fc3af903c0c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 231252
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 15 May 2021 23:12:02 GMT
expires: Sat, 22 May 2021 23:12:02 GMT

GET
DATA 200
OK truncated
/ Frame AFF1 369 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5f9ecc527406b9b72bc3a9f4527892dcf842584b7e6aeb7ce816a4c7c8803954

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET get_cookie
pa.tns-ua.com/bug/ 0
0

GET
H2 200 css
fonts.googleapis.com/ 4 KB
727 B 18ms
18ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Requested by

Host: api.1plus1.video
URL: https://api.1plus1.video/static/css/api.auth.css?_t563544052690

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

016b91219c6ed7712bdfed0dfa714b53c5df005847771cddf79e2a3a5d5679ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://api.1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 May 2021 21:58:10 GMT
server: ESF
date: Sat, 15 May 2021 23:12:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 May 2021 23:12:02 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
408 B 88ms
28ms Image
image/gif 2a03:2880:f116:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1834787353214372&ev=fb_page_view&dl=https%3A%2F%2F1plus1.ua%2F&rl=&if=false&ts=1621120322727&sw=1600&sh=1200&at=

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f116:83:face:b00c:0:25de Warsaw, Poland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Sat, 15 May 2021 23:12:02 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame AFF1 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-104502981-1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6126
date: Sat, 15 May 2021 21:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sat, 15 May 2021 23:29:56 GMT

GET
H2 200 recaptcha__uk.js Show response
www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/ 369 KB
135 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__uk.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=__api_auth_recaptcha_on_load__&render=explicit&hl=uk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eef37805e49ddda5f7b9abc013c4a0a84d34edf980f4ec5c9abd49f9af18b954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://1plus1.ua
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 23:40:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 343867
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137487
x-xss-protection: 0
last-modified: Tue, 11 May 2021 21:19:12 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 May 2022 23:40:55 GMT

GET
H/1.1 200
OK poll.js Show response
l1.heyhelga.net/poll/ 12 KB
4 KB 77ms
77ms Script
application/javascript 195.137.240.19
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://l1.heyhelga.net/poll/poll.js?version=1621120322761
Requested by: Host: l1.heyhelga.net
URL: https://l1.heyhelga.net/analytics.js?ver=1621120321
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.19 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: l1-izi-02.1plus1.net
Software: nginx /
Resource Hash: 8abfb95a0d75c4822ccf98fefe287247d26b6e753988814d82838af1bf59c8c7

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Content-Encoding: gzip
Last-Modified: Mon, 11 Jan 2021 19:05:29 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=7200
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2

200

rexdot.js Show response
gaua.hit.gemius.pl/__/_1621120322766/
Redirect Chain

https://gaua.hit.gemius.pl/_1621120322766/rexdot.js?l=100&id=bQdAso_Qc_wk._rzEVOvvGaEzbt1HObiH52AAsgyaVv.i7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2F1plus1.u...
https://gaua.hit.gemius.pl/__/_1621120322766/rexdot.js?l=100&id=bQdAso_Qc_wk._rzEVOvvGaEzbt1HObiH52AAsgyaVv.i7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2F1plus...

169 B
430 B

70ms
70ms

Script
application/x-javascript

146.59.10.80
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/__/_1621120322766/rexdot.js?l=100&id=bQdAso_Qc_wk._rzEVOvvGaEzbt1HObiH52AAsgyaVv.i7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2F1plus1.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=0&lsdata=-NOTSUP&fpdata=yCJxESsctR5DW2aln7x9FBaZRlidIamSlemHwVlNFRb.R7&vis=1
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.10.80 , France, ASN16276 (OVH, FR),
Reverse DNS: ip80.ip-146-59-10.eu
Software: GHC /
Resource Hash: 178db29e93351a3d6b57a9c3c817eba6a2625d77e372c17cf47c86b37d7c40cd

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:02 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 169
expires: Fri, 14 May 2021 23:12:02 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:02 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1621120322766/rexdot.js?l=100&id=bQdAso_Qc_wk._rzEVOvvGaEzbt1HObiH52AAsgyaVv.i7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2F1plus1.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=0&lsdata=-NOTSUP&fpdata=yCJxESsctR5DW2aln7x9FBaZRlidIamSlemHwVlNFRb.R7&vis=1
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Fri, 14 May 2021 23:12:02 GMT

GET
H/1.1 200
OK api.auth.0.0.5.js Show response
api.1plus1.video/static/js/ Frame AFF1 98 KB
32 KB 86ms
86ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/js/api.auth.0.0.5.js?v=ab8780303bb814310713b519213bf27f52934d22
Requested by: Host: api.1plus1.video
URL: https://api.1plus1.video/u/l.js?p=276&l=ua&f=0&auth=1&login_profile=1&_t=1621120322626
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 5a4b1f2808b146ffbc15aaef9be736ffb04bfeff1b0e07787ea5b61f6f1620f8

Request headers

Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 11:56:24 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 14 Jun 2021 23:11:07 GMT

GET
H/1.1

200
OK

Cookie set csync Show response
sync.console.adtarget.com.tr/ Frame B464
Redirect Chain

https://creativecdn.com/cm-notify?pi=admatic
https://creativecdn.com/cm-notify?pi=admatic&tc=1
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=hf0caCucyo1Xe2yFJNx6&pi=admatic&tc=1

86 B
547 B

667ms
413ms

Document
image/gif

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=hf0caCucyo1Xe2yFJNx6&pi=admatic&tc=1
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: 1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Host: sync.console.adtarget.com.tr
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.console.adtarget.com.tr/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

Server: VertaMedia 1.0
Date: Sat, 15 May 2021 23:12:02 GMT
Content-Type: image/gif
Content-Length: 86
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: vmuid=0dd52e24bf26ce9f; expires=Fri, 16 Jul 2021 23:12:03 GMT; domain=.console.adtarget.com.tr; path=/; secure; SameSite=None a307080=hf0caCucyo1Xe2yFJNx6; expires=Fri, 16 Jul 2021 23:12:03 GMT; domain=.console.adtarget.com.tr; path=/; secure; SameSite=None

Redirect headers

date: Sat, 15 May 2021 23:12:02 GMT Sat, 15 May 2021 23:12:02 GMT
location: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=hf0caCucyo1Xe2yFJNx6&pi=admatic&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H2

200

/ Show response
ads.us.e-planning.net/uspd/1/ Frame 0A4E
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID

3 KB
1 KB

62ms
61ms

Document
text/html

46.249.52.249
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.249 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 2bb8bb255f361f4ce7cbef4bd6e3c04ed602a91379ab5136aaf031a2df9bc8f3

Request headers

:method: GET
:authority: ads.us.e-planning.net
:scheme: https
:path: /uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.console.adtarget.com.tr/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: CT=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

server: openresty
date: Sat, 15 May 2021 23:12:02 GMT
content-type: text/html
cache-control: max-age=0, no-cache
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
set-cookie: E=AOYKvKHmvTs-w8Ez; path=/; domain=e-planning.net; expires=Sat, 13-May-2028 23:12:02 GMT; SameSite=None; Secure
expires: Sat, 15 May 2021 23:12:02 GMT
x-sid: AMS-738
content-encoding: gzip

Redirect headers

server: openresty
date: Sat, 15 May 2021 23:12:02 GMT
content-type: text/html; charset=iso-8859-1
set-cookie: CT=1; path=/; SameSite=None; Secure
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
x-sid: AMS-738

GET
H/1.1 200
OK user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 60CC 8 KB
3 KB 162ms
53ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.console.adtarget.com.tr/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
ETag: "1300708-1f78-5b232eb4914bb"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 2654
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=37044
Expires: Sun, 16 May 2021 09:29:26 GMT
Date: Sat, 15 May 2021 23:12:02 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK pbsync.html Show response
js.adscale.de/ Frame 714F 3 KB
2 KB 157ms
49ms Document
text/html 104.109.91.53
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.91.53 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-91-53.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ecde72bc5d9fd5bc5150218535ae8f75ad9161924b91e64b7995c495fc90c246

Request headers

Host: js.adscale.de
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.console.adtarget.com.tr/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

x-amz-id-2: Z0KNJwKF5HE5vwt4gVR99ZkrH2Yj7+EBA/EOAEHbJ15Pgr1Ma9B/DBfk2URFWJWbwGhN/pcQw5s=
x-amz-request-id: 6AE476C2EFD260AC
Last-Modified: Wed, 03 Mar 2021 00:56:54 GMT
ETag: "5550fca00caf055568d6ced373f2721f"
x-amz-version-id: ljUMRnw1Ux.L_G6sluuTuNwF_kYaf8ny
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1509
Cache-Control: max-age=7200
Date: Sat, 15 May 2021 23:12:02 GMT
Connection: keep-alive

GET
H2 200 cookie Show response
cm.adform.net/ Frame A9E1 43 B
106 B 193ms
64ms Document
image/gif 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

:method: GET
:authority: cm.adform.net
:scheme: https
:path: /cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.console.adtarget.com.tr/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

server: nginx
date: Sat, 15 May 2021 23:12:02 GMT
content-type: image/gif
content-length: 43

GET
H2 200 user Show response
cdn.admatic.com.tr/ Frame C429 251 B
615 B 179ms
50ms Document
text/html 185.59.220.198
CDN77 (^_^)/

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admatic.com.tr/user
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.59.220.198 Frankfurt am Main, Germany, ASN60068 (CDN77 (^_^)/, GB),
Reverse DNS: unn-185-59-220-198.datapacket.com
Software: BunnyCDN-DE1-723 /
Resource Hash: 62b58b017cf4d54dc404dbc48e49b0429cbbb46678a868a95bf17664cc6340fd

Request headers

:method: GET
:authority: cdn.admatic.com.tr
:scheme: https
:path: /user
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.console.adtarget.com.tr/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-type: text/html
vary: Accept-Encoding
server: BunnyCDN-DE1-723
cdn-pullzone: 266102
cdn-uid: bea626e5-d007-4073-8941-73ce8dd2f81c
cdn-requestcountrycode: SE
cdn-edgestorageid: 601
cdn-storageserver: DE-51
cache-control: public, max-age=3600
last-modified: Thu, 11 Feb 2021 13:30:42 GMT
cdn-cachedat: 2021-05-15 14:53:26
cdn-requestpullsuccess: True
cdn-requestpullcode: 206
cdn-requestid: 87e651f9b1a2f5263bc878563789a644
cdn-cache: HIT
content-encoding: gzip

GET
H/1.1 200
OK sync.html Show response
s.adtelligent.com/ Frame 50A1 2 KB
1 KB 83ms
26ms Document
text/html 2a0c:5c81:5139::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=609724
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5139::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 7313a606ffdc3713d435678459ced16c9390171f8b693d19a882c5853ef8ec94

Request headers

Host: s.adtelligent.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.console.adtarget.com.tr/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: vmuid=e13f5a23fe66f901
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

Server: VertaMedia 1.0
Date: Sat, 15 May 2021 23:12:02 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 892
Access-Control-Allow-Origin: https://s.console.adtarget.com.tr
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Encoding: gzip

GET
H/1.1

200
OK

csync
sync.console.adtarget.com.tr/ Frame 20A7
Redirect Chain

https://nep.advangelists.com/xp/user-sync?acctid=494&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D306709%26extuid%3D%7BPARTNER_VISITOR_ID%7D
https://sync.console.adtarget.com.tr/csync?t=a&ep=306709&extuid=av-8ce7b0b5-2104-4e62-9a03-0ac63aaeaf98

86 B
566 B

794ms
413ms

Image
image/gif

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=306709&extuid=av-8ce7b0b5-2104-4e62-9a03-0ac63aaeaf98
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: 1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer: https://s.console.adtarget.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: VertaMedia 1.0
Content-Length: 86
Content-Type: image/gif

Redirect headers

location: https://sync.console.adtarget.com.tr/csync?t=a&ep=306709&extuid=av-8ce7b0b5-2104-4e62-9a03-0ac63aaeaf98
date: Sat, 15 May 2021 23:12:03 GMT
server: Apache-Coyote/1.1
content-length: 0

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame 20A7
Redirect Chain

https://sync.console.adtarget.com.tr/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D318342%26extuid%3D%7Buid%7D
https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=0dd52e24bf26ce9f

86 B
527 B

926ms
414ms

Image
image/gif

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=0dd52e24bf26ce9f
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: 1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer: https://s.console.adtarget.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: VertaMedia 1.0
Content-Length: 86
Content-Type: image/gif

Redirect headers

Location: https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=0dd52e24bf26ce9f
Date: Sat, 15 May 2021 23:12:02 GMT
Server: VertaMedia 1.0
Content-Length: 43
Content-Type: image/gif

GET
H2 200 config.json Show response
player.adtelligent.com/exchange_rates/298308/ 4 KB
2 KB 153ms
51ms XHR
application/json 213.174.135.2
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/exchange_rates/298308/config.json?cb=https%3A%2F%2F1plus1.ua%2F
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18763/hb_298309_4139.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 7fdd66d2dd069b68c623a02434301dc2cdf8007a0af2b3fa0b809455679af456

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
last-modified: Sat, 15 May 2021 12:01:55 GMT
server: nginx
etag: W/"609fb833-1188"
content-type: application/json
access-control-allow-origin: https://1plus1.ua
expires: Sun, 16 May 2021 00:12:02 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H3-29 200 show_companion_ad.js Show response
pagead2.googlesyndication.com/pagead/ 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_companion_ad.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8b5d984e6d2cdaf64b8a50c9b645e347e74ffa712aa0b9422015700c98f9bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 22:35:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2180
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5863
x-xss-protection: 0
server: cafe
etag: 12453517290502062038
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sat, 15 May 2021 23:35:42 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=1plus1.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 28ms
14ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=1plus1.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 56 KB
13 KB 421ms
363ms XHR
text/plain 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3498077062137338&correlator=614252208380158&output=ldjh&impl=fifs&eid=31060790%2C44743003&vrg=2021051001&ptt=17&sc=1&sfv=1-0-38&ecs=20210515&iu_parts=82479101%2C1plus1.ua%2C1plus1_300x600&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600%7C300x250&prev_scp=Project_1plus1%3DMain%26excl_cat%3DPREPOST&eri=1&cookie=ID%3Ddbed87e3df10718e-2266546013c800d8%3AT%3D1621120322%3ART%3D1621120322%3AS%3DALNI_Mb2wWndsFtfV4Pyw5fkxXtrx8jmSQ&bc=31&abxe=1&lmt=1621120322&dt=1621120322864&dlt=1621120321571&idt=1270&frm=20&biw=1600&bih=1200&oid=3&adxs=1130&adys=820&adks=49368607&ucis=1&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2F1plus1.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x0&ga_vid=69648745.1621120322&ga_sid=1621120322&ga_hid=1334754467&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

18cda553c3c3b2540349b6bfa49c87a66eaa54fe137ed0f58944bbd78b45af1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13661
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://1plus1.ua
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 45ms
13ms Other
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 26ms
5ms Other
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK api.auth.css
api.1plus1.video/static/css/ Frame AFF1 56 KB
9 KB 82ms
82ms Stylesheet
text/css 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/css/api.auth.css?_t583978397005
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/nRAnHbS2?l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: a691ce0fb054d5f2128394b9ad9c5961d7c0cdc1804bc83d6760df78ee304d7f

Request headers

Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Aug 2020 07:12:56 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 14 Jun 2021 23:12:02 GMT

GET
H2

200

1px-matching-adtelligent.gif
t.trafmag.com/images/images/ Frame 50A1
Redirect Chain

https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=e13f5a23fe66f901

35 B
232 B

138ms
59ms

Image
image/gif

193.200.65.5
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=e13f5a23fe66f901
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.200.65.5 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: t.trafmag.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
server: nginx
content-type: image/gif
content-length: 35
p3p: CP="NON DSP COR CURa TIA"

Redirect headers

Location: https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=e13f5a23fe66f901
Date: Sat, 15 May 2021 23:12:02 GMT
Server: VertaMedia 1.0
Content-Length: 43
Content-Type: image/gif

GET
H2 204 d
ic.tynt.com/r/ Frame 9310 0
0 424ms
140ms Document
text/plain 67.202.110.33
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.110.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-110.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

:method: GET
:authority: ic.tynt.com
:scheme: https
:path: /r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.adtelligent.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.adtelligent.com/

Response headers

server: nginx/1.16.1
date: Sat, 15 May 2021 23:12:03 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame 50A1
Redirect Chain

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309255%26extuid%3D%24%7BUID%7D
https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309255%26extuid%3D%24%7BUID%7D&ox_sc=1
https://sync.adtelligent.com/csync?t=a&ep=309255&extuid=ca7b8ac2-421d-4529-b2d8-612ce332a1ea

86 B
547 B

955ms
414ms

Image
image/gif

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=309255&extuid=ca7b8ac2-421d-4529-b2d8-612ce332a1ea
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: 1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: VertaMedia 1.0
Content-Length: 86
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:02 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://sync.adtelligent.com/csync?t=a&ep=309255&extuid=ca7b8ac2-421d-4529-b2d8-612ce332a1ea
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 3i7h4rhbbpbe1ijsr2upchglkul1c7hs

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame 50A1
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D297253%26extuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.adtelligent.com%252Fcsync%253Ft%253Da%2526ep%253D297253%2526extuid%253D%2524UID
https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=1033033539789509258

86 B
530 B

1340ms
414ms

Image
image/gif

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=1033033539789509258
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: 1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: VertaMedia 1.0
Content-Length: 86
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:03 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.244:80
AN-X-Request-Uuid: 0e87eab3-52a5-4e6b-a75b-aa53206d52b7
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=1033033539789509258
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame 50A1
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID&sovrn_retry=true
https://sync.adtelligent.com/csync?t=a&ep=310570&extuid=70ea4dc611620eb70f17fdf1

86 B
535 B

963ms
414ms

Image
image/gif

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=310570&extuid=70ea4dc611620eb70f17fdf1
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: 1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: VertaMedia 1.0
Content-Length: 86
Content-Type: image/gif

Redirect headers

Date: Sat, 15 May 2021 23:12:03 GMT
Server: nginx
Location: https://sync.adtelligent.com/csync?t=a&ep=310570&extuid=70ea4dc611620eb70f17fdf1
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1

200
OK

csync
sync.console.adtarget.com.tr/ Frame 50A1
Redirect Chain

https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D322988%26extuid%3D%7Buid%7D
https://sync.console.adtarget.com.tr/csync?t=a&ep=322988&extuid=e13f5a23fe66f901

86 B
543 B

416ms
415ms

Image
image/gif

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=322988&extuid=e13f5a23fe66f901
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: 1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: VertaMedia 1.0
Content-Length: 86
Content-Type: image/gif

Redirect headers

Location: https://sync.console.adtarget.com.tr/csync?t=a&ep=322988&extuid=e13f5a23fe66f901
Date: Sat, 15 May 2021 23:12:02 GMT
Server: VertaMedia 1.0
Content-Length: 43
Content-Type: image/gif

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 66ms
22ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2F1plus1.ua%2F&domain=1plus1.ua&cw=1

Protocol

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://1plus1.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://1plus1.ua
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1397
date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2F1plus1.ua%2F&domain=1plus1.ua&cw=1
https://mug.criteo.com/sid?cpp=0cLSHnwwSjhETnZlNXZWL0tDZk1BTVE1K05tVGtWbnNhUkplWkplRGRSMnd6dHNmcEVrS2wwVEdFUnk0aEdFTGNRa1lVZmNOZHZyUUhRWE45cCttOWh2ZVNTcSthS0x3OEVLakQ0L3c4b090ak1NR1ZuRXpIRVBtc2U0NT...

366 B
638 B

181ms
61ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=0cLSHnwwSjhETnZlNXZWL0tDZk1BTVE1K05tVGtWbnNhUkplWkplRGRSMnd6dHNmcEVrS2wwVEdFUnk0aEdFTGNRa1lVZmNOZHZyUUhRWE45cCttOWh2ZVNTcSthS0x3OEVLakQ0L3c4b090ak1NR1ZuRXpIRVBtc2U0NTY0aTFlU1R6ZTd0UHJqWHNqRHZHb01XVm5MVjZoYXRkM3dVdzhUY242SytRZnUwQksvMmdPNlN6S0p0ZFVYOEN0YmRsQzhFbXFMYjdCS2NFVXNieFFRUEhQVGxVRU93PT18&cppv=2

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

acfb5505224b87bb0b96395f64d741bc3f5bbebf7b480c290d9ca069c1fc8761

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Sat, 15 May 2021 23:12:04 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2288
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 15 May 2021 23:12:02 GMT
location: https://mug.criteo.com/sid?cpp=0cLSHnwwSjhETnZlNXZWL0tDZk1BTVE1K05tVGtWbnNhUkplWkplRGRSMnd6dHNmcEVrS2wwVEdFUnk0aEdFTGNRa1lVZmNOZHZyUUhRWE45cCttOWh2ZVNTcSthS0x3OEVLakQ0L3c4b090ak1NR1ZuRXpIRVBtc2U0NTY0aTFlU1R6ZTd0UHJqWHNqRHZHb01XVm5MVjZoYXRkM3dVdzhUY242SytRZnUwQksvMmdPNlN6S0p0ZFVYOEN0YmRsQzhFbXFMYjdCS2NFVXNieFFRUEhQVGxVRU93PT18&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://1plus1.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2664
content-length: 455
expires: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
139 B 157ms
50ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.36.0-1&cb=31784833231
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18763/hb_298309_4139.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://1plus1.ua
date: Sat, 15 May 2021 23:12:02 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 376 B
1 KB 157ms
75ms XHR
application/json 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18763/hb_298309_4139.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

ac8b061cc8c823050265ffea8a045d1a69daf9b0fc049f775a003b1a3edd7d75

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:03 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.237:80
AN-X-Request-Uuid: 6c1485f2-df40-4afe-87aa-2166d3edf234
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://1plus1.ua
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 376
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK prebid.1.1.aspx Show response
inv-nets.admixer.net/ 4 KB
5 KB 245ms
137ms XHR
text/javascript 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/prebid.1.1.aspx?data={%22imps%22:[{%22id%22:9455,%22name%22:%22Admixer%22,%22adapter_id%22:779,%22type%22:%22display%22,%22bidder%22:%22admixer%22,%22entityId%22:10360,%22geo%22:{%22type%22:%22block%22,%22list%22:{},%22skipGeo%22:true},%22isMarket%22:false,%22params%22:{%22zone%22:%221c240967-b7c5-4f98-8253-7a992d2ea6b1%22},%22minViewWithDfp%22:0,%22noR%22:0,%22overrideId%22:1681533,%22labels%22:[],%22validLabelIds%22:[],%22userId%22:{%22pubcid%22:%22b5d74550-f3bf-4b65-b184-015bf7afcb1f%22},%22userIdAsEids%22:[{%22source%22:%22pubcid.org%22,%22uids%22:[{%22id%22:%22b5d74550-f3bf-4b65-b184-015bf7afcb1f%22,%22atype%22:1}]}],%22mediaTypes%22:{%22banner%22:{%22sizes%22:[[970,250],[750,250]]}},%22adUnitCode%22:%22div-gpt-ad-1519059092931-1%22,%22transactionId%22:%22c665e0d4-b664-4f7d-b8f7-0d016312214b%22,%22sizes%22:[[970,250],[750,250]],%22bidId%22:%229063d143888859%22,%22bidderRequestId%22:%228fe2e0bec86e0b%22,%22auctionId%22:%22qd6mo6.4l%22,%22src%22:%22client%22,%22bidRequestsCount%22:1,%22bidderRequestsCount%22:1,%22bidderWinsCount%22:0},{%22id%22:9455,%22name%22:%22Admixer%22,%22adapter_id%22:779,%22type%22:%22display%22,%22bidder%22:%22admixer%22,%22entityId%22:10361,%22geo%22:{%22type%22:%22block%22,%22list%22:{},%22skipGeo%22:true},%22isMarket%22:false,%22params%22:{%22zone%22:%223c6673bc-2d82-4eff-a73c-fc9b22679edb%22},%22minViewWithDfp%22:0,%22noR%22:0,%22overrideId%22:738772,%22labels%22:[],%22validLabelIds%22:[],%22userId%22:{%22pubcid%22:%22b5d74550-f3bf-4b65-b184-015bf7afcb1f%22},%22userIdAsEids%22:[{%22source%22:%22pubcid.org%22,%22uids%22:[{%22id%22:%22b5d74550-f3bf-4b65-b184-015bf7afcb1f%22,%22atype%22:1}]}],%22mediaTypes%22:{%22banner%22:{%22sizes%22:[[300,250]]}},%22adUnitCode%22:%22div-gpt-ad-1519059092931-2%22,%22transactionId%22:%2258c547c2-e287-4098-9b78-2bd8f2292357%22,%22sizes%22:[[300,250]],%22bidId%22:%22109801c4c0254e3%22,%22bidderRequestId%22:%228fe2e0bec86e0b%22,%22auctionId%22:%22qd6mo6.4l%22,%22src%22:%22client%22,%22bidRequestsCount%22:1,%22bidderRequestsCount%22:1,%22bidderWinsCount%22:0}],%22referrer%22:%22https%3A%2F%2F1plus1.ua%2F%22}

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18763/hb_298309_4139.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

200de1c82d88b5995c8447ada41c12388f644ebef20bbeda3a82ea9895c5bb7a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 15 May 2021 23:12:03 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: https://1plus1.ua
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Keep-Alive: timeout=25
Content-Length: 4459
X-Xss-Protection: 0

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
171 B 57ms
56ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18763/hb_298309_4139.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://1plus1.ua
date: Sat, 15 May 2021 23:12:02 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK / Show response
ghb.adtelligent.com/v2/auction/ 721 B
497 B 28ms
28ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/v2/auction/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18763/hb_298309_4139.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 7dc681d01102df974fed5cda3c065e3b286870aeee2c10f3616a8c2539833a23

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 15 May 2021 23:12:02 GMT
Content-Encoding: gzip
Server: VertaMedia 1.0
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://1plus1.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 213

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 188 B
533 B 200ms
79ms XHR
application/json 185.255.84.150
IGUANE-

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2F1plus1.ua%2F&CanonicalUrl=https%3A%2F%2F1plus1.ua%2F&PublisherDomain=https%3A%2F%2F1plus1.ua

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18763/hb_298309_4139.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.150 Paris, France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

579139fab0ac92bf5ecfa3b3f0467abb0e5f2b83718bf0d34b97ebdbc6c6a629

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:02 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://1plus1.ua
access-control-max-age: 3600
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 20
access-control-allow-headers: Accept-Encoding, Content-Type
content-length: 188
expires: 0

POST
H2 200 adjson Show response
ads.betweendigital.com/ 2 B
910 B 189ms
63ms XHR
application/json 188.42.196.115
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/adjson?t=prebid
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18763/hb_298309_4139.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.196.115 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://1plus1.ua
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json

GET
H2

200

uu Show response
ih.adscale.de/ Frame 714F
Redirect Chain

https://ih.adscale.de/uu?cbfn=receive&t=1621120322
https://ih.adscale.de/uu?cbfn=receive&t=1621120322&nut&uu=cbc3ca0cb98a493d8c155801c03571c3

44 B
213 B

53ms
52ms

Script
text/javascript

18.158.173.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/uu?cbfn=receive&t=1621120322&nut&uu=cbc3ca0cb98a493d8c155801c03571c3
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 39d0c36984e27fd85e5675e302597661553268078ed5ec2206c5d7b3b87f934f

Request headers

Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
content-length: 44
content-type: text/javascript;charset=ISO-8859-1

Redirect headers

location: https://ih.adscale.de/uu?cbfn=receive&t=1621120322&nut&uu=cbc3ca0cb98a493d8c155801c03571c3
date: Sat, 15 May 2021 23:12:03 GMT
content-length: 0

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 5677 38 KB
14 KB 61ms
61ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D

Response headers

Last-Modified: Tue, 11 May 2021 05:24:02 GMT
ETag: "13006b6-96ca-5c2071a26cca4"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13964
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=78247
Expires: Sun, 16 May 2021 20:56:09 GMT
Date: Sat, 15 May 2021 23:12:02 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3-29 200 css
fonts.googleapis.com/ Frame AFF1 4 KB
631 B 29ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Requested by

Host: api.1plus1.video
URL: https://api.1plus1.video/static/css/api.auth.css?_t583978397005

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

016b91219c6ed7712bdfed0dfa714b53c5df005847771cddf79e2a3a5d5679ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://api.1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 May 2021 21:56:41 GMT
server: ESF
date: Sat, 15 May 2021 23:12:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 May 2021 23:12:02 GMT

GET
H2 200 bundle.js Show response
cdn.admatic.com.tr/user/ Frame C429 54 KB
20 KB 62ms
62ms Script
application/javascript 185.59.220.198
CDN77 (^_^)/

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admatic.com.tr/user/bundle.js
Requested by: Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.59.220.198 Frankfurt am Main, Germany, ASN60068 (CDN77 (^_^)/, GB),
Reverse DNS: unn-185-59-220-198.datapacket.com
Software: BunnyCDN-DE1-723 /
Resource Hash: 8b5cbe512fbb056de7aa42963d3bac7e38adb05e32fbe6f502b4fad3cabf57fc

Request headers

Referer: https://cdn.admatic.com.tr/user
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:02 GMT
content-encoding: br
cdn-edgestorageid: 601
cdn-storageserver: DE-51
cdn-cachedat: 2021-05-16 01:11:57
cdn-pullzone: 266102
last-modified: Fri, 12 Mar 2021 04:24:48 GMT
server: BunnyCDN-DE1-723
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: bea626e5-d007-4073-8941-73ce8dd2f81c
cache-control: public, max-age=3600
cdn-requestid: dead353594c2504ee70920621e41cdad
cdn-requestcountrycode: SE
cdn-requestpullsuccess: True

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ Frame AFF1 14 KB
14 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://1plus1.video
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 01:50:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 422485
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Wed, 11 May 2022 01:50:37 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFUZ0bbck.woff2
fonts.gstatic.com/s/opensans/v18/ Frame AFF1 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFUZ0bbck.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

547ded99e5139a10d4145e6e5c62ce35fa03495f625ee8d1e457011408428154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://1plus1.video
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 21:46:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:24 GMT
server: sffe
age: 350761
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9400
x-xss-protection: 0
expires: Wed, 11 May 2022 21:46:01 GMT

GET
H2

200

um
u-ams02.e-planning.net/ Frame 0A4E
Redirect Chain

https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3D55541ab6c584a418
https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=55541ab6c584a418

42 B
103 B

55ms
55ms

Image
image/gif

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=55541ab6c584a418
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
server: openresty
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:02 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=55541ab6c584a418
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

um
sync.e-planning.net/ Frame 0A4E
Redirect Chain

https://sync.1rx.io/usersync2/eplanning
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2223712991
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2223712991
https://sync.1rx.io/usersync/tradedesk/124ec887-2453-4f75-9dcc-417e8ad956e6
https://sync.targeting.unrulymedia.com/csync/RX-96741f29-894b-4549-9cec-9c90923c62b0-003?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3DRX-96741f29-894b-4549-9cec-9c90923c62b0-003%26dc%3D1079...
https://sync.e-planning.net/um?uid=RX-96741f29-894b-4549-9cec-9c90923c62b0-003&dc=1079cc634ca638f8&iss=1

42 B
103 B

60ms
55ms

Image
image/gif

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.e-planning.net/um?uid=RX-96741f29-894b-4549-9cec-9c90923c62b0-003&dc=1079cc634ca638f8&iss=1
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:04 GMT
server: openresty
content-type: image/gif

Redirect headers

location: https://sync.e-planning.net/um?uid=RX-96741f29-894b-4549-9cec-9c90923c62b0-003&dc=1079cc634ca638f8&iss=1
date: Sat, 15 May 2021 23:12:04 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX96741f29894b45499cec9c90923c62b0003
content-type: text/html

GET
H2 200 dataxpand_28122020.js Show response
s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/ Frame 0A4E 39 KB
14 KB 3226ms
92ms Script
application/x-javascript 5.178.65.253
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/dataxpand_28122020.js
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
Software: openresty /
Resource Hash: 792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
content-encoding: gzip
last-modified: Mon, 28 Dec 2020 16:45:03 GMT
server: openresty
etag: W/"5fea0b8f-9a72"
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=157680000
expires: Thu, 14 May 2026 23:12:06 GMT

GET
H2 200 tm60118.js Show response
tag.navdmp.com/ Frame 0A4E 12 KB
4 KB 45ms
25ms Script
application/javascript 2606:4700::6810:ef3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.navdmp.com/tm60118.js
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:ef3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc025890b2544e23fc6ee0df711326e1b4a38b00849b9e5c914ad074902edec5

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 432
p3p: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cf-request-id: 0a13e625d700001f31b59d2000000001
last-modified: Wed, 18 Nov 2020 16:32:07 GMT
server: cloudflare
etag: W/"5fb54c87-2ef4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 65000c82fd611f31-FRA
expires: Sun, 16 May 2021 00:04:51 GMT

GET
H2 200 retargetly_030920.js Show response
s.e-planning.net/esb/4/1/3fb8/7bb4893a30d21aef/ Frame 0A4E 2 KB
1 KB 3240ms
107ms Script
application/x-javascript 5.178.65.253
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/1/3fb8/7bb4893a30d21aef/retargetly_030920.js
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
Software: openresty /
Resource Hash: 18cbfcb608af5885f7916274b60578d32006c90e8fce3d98dbcc89a646707608

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
content-encoding: gzip
last-modified: Thu, 03 Sep 2020 18:45:03 GMT
server: openresty
etag: W/"5f5139af-857"
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=157680000
expires: Thu, 14 May 2026 23:12:06 GMT

GET
H2

200

um
u-ams02.e-planning.net/ Frame 0A4E
Redirect Chain

https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3D55541ab6c584a418%26uid%3D%24%7BUID%7D
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3D55541ab6c584a418%26uid%3D%24%7BUID%7D&ox_sc=1
https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=55541ab6c584a418&uid=4c09252f-551a-4fe5-b3b3-16b9d4c177c2

42 B
104 B

175ms
56ms

Image
image/gif

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=55541ab6c584a418&uid=4c09252f-551a-4fe5-b3b3-16b9d4c177c2
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
server: openresty
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:02 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=55541ab6c584a418&uid=4c09252f-551a-4fe5-b3b3-16b9d4c177c2
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: q07ru9pcomse7q5gq5ed9q2fp21lhj0p

GET
H/1.1 404 ptag
a.audrte.com/ Frame 0A4E 0
0 3541ms
128ms Script
text/html 35.170.39.52
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.audrte.com/ptag?p=M1353665098
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.170.39.52 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 lotame.js Show response
s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/ Frame 0A4E 266 B
415 B 3237ms
104ms Script
application/x-javascript 5.178.65.253
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
Software: openresty /
Resource Hash: 76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
content-encoding: gzip
last-modified: Thu, 19 Nov 2020 16:18:03 GMT
server: openresty
etag: W/"5fb69abb-10a"
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=157680000
expires: Thu, 14 May 2026 23:12:06 GMT

GET
H2 204 current
prebid-match.dotomi.com/match/bounce/ Frame 0A4E 0
104 B 101ms
63ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-match.dotomi.com/match/bounce/current?networkId=72582&version=1&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dfbb23d0ef33aad5d%26fi%3D55541ab6c584a418%26uid%3D
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:03 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

/
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/ Frame 0A4E
Redirect Chain

https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3D55541ab6c584a418
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F

95 B
222 B

62ms
61ms

Image
image/png

168.119.146.39
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.146.39 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.39.146.119.168.clients.your-server.de
Software: nginx/1.10.3 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
server: nginx/1.10.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png

Redirect headers

location: https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
date: Sat, 15 May 2021 23:12:06 GMT
server: nginx/1.10.3
content-type: text/html; charset=UTF-8

GET
H2

200

um
u-ams02.e-planning.net/ Frame 0A4E
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D55541ab6c584a418%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fu-ams02.e-planning.net%252Fum%253Fdc%253D8103fa85295fbe60%2526fi%253D55541ab6c584a418%2526uid%253D%2524UID
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=55541ab6c584a418&uid=5247400059954150821

42 B
103 B

127ms
57ms

Image
image/gif

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=55541ab6c584a418&uid=5247400059954150821
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
server: openresty
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:03 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.135:80
AN-X-Request-Uuid: b92b62aa-0dea-4dc5-be69-cb95201b8ace
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=55541ab6c584a418&uid=5247400059954150821
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame 0A4E 0
474 B 1259ms
56ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=%0A%0Ahttps%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3De52415579699e09f%26fi%3D55541ab6c584a418%26uid%3D%5BUID%5D

Requested by

Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:04 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.e-planning.net/ Frame 0A4E
Redirect Chain

https://ups.analytics.yahoo.com/ups/58414/occ
https://ups.analytics.yahoo.com/ups/58414/occ?verify=true
https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-TgHoJhlE2uE3l8Zj4s2DBnxNFmLOLdJZTq1VxJc-~A

42 B
103 B

55ms
55ms

Image
image/gif

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-TgHoJhlE2uE3l8Zj4s2DBnxNFmLOLdJZTq1VxJc-~A
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
server: openresty
content-type: image/gif

Redirect headers

Date: Sat, 15 May 2021 23:12:06 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-TgHoJhlE2uE3l8Zj4s2DBnxNFmLOLdJZTq1VxJc-~A
Connection: keep-alive
Content-Length: 0

GET
H2

200

um
u-ams02.e-planning.net/ Frame 0A4E
Redirect Chain

https://cs.admanmedia.com/sync/eplanning?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D227acb3d18564968%26fi%3D55541ab6c584a418%26uid%3D%7B%24UID%7D
https://u-ams02.e-planning.net/um?dc=227acb3d18564968&fi=55541ab6c584a418&uid=dccf9f288daf9db52adc7527800a7216cd9e297c

42 B
103 B

56ms
56ms

Image
image/gif

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=227acb3d18564968&fi=55541ab6c584a418&uid=dccf9f288daf9db52adc7527800a7216cd9e297c
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
server: openresty
content-type: image/gif

Redirect headers

Location: https://u-ams02.e-planning.net/um?dc=227acb3d18564968&fi=55541ab6c584a418&uid=dccf9f288daf9db52adc7527800a7216cd9e297c
Date: Sat, 15 May 2021 23:12:03 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked

GET
H2 200 test_dmp.html Show response
s.e-planning.net/esb/4/0/1992d/29c512b3a85254c8/ Frame 0A4E 0
0 3238ms
105ms Script
text/html 5.178.65.253
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/0/1992d/29c512b3a85254c8/test_dmp.html
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 534E
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu

281 B
554 B

163ms
52ms

Document
text/html

104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.us.e-planning.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.us.e-planning.net/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sat, 15 May 2021 23:12:06 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Date: Sat, 15 May 2021 23:12:06 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 917D 8 KB
3 KB 54ms
53ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D55541ab6c584a418%26uid%3D
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.us.e-planning.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.us.e-planning.net/

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
ETag: "1300708-1f78-5b232eb4914bb"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 2654
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=37043
Expires: Sun, 16 May 2021 09:29:26 GMT
Date: Sat, 15 May 2021 23:12:03 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 5677 0
39 B 3245ms
84ms Script
text/plain 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=37914253&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:05 GMT
content-length: 0

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 1438ms
60ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1501
date: Sat, 15 May 2021 23:12:04 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 5FFB 38 KB
14 KB 63ms
63ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D55541ab6c584a418%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D55541ab6c584a418%26uid%3D
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D55541ab6c584a418%26uid%3D

Response headers

Last-Modified: Tue, 11 May 2021 05:24:02 GMT
ETag: "13006b6-96ca-5c2071a26cca4"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13964
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=78246
Expires: Sun, 16 May 2021 20:56:09 GMT
Date: Sat, 15 May 2021 23:12:03 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=1plus1.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 May 2021 23:12:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=1plus1.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 May 2021 23:12:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 226 KB
40 KB 309ms
309ms XHR
text/plain 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3498077062137338&correlator=614321273026800&output=ldjh&impl=fifs&eid=31060790%2C44743003&vrg=2021051001&ptt=17&sc=1&sfv=1-0-38&ecs=20210515&iu_parts=82479101%2C1plus1.ua%2C1plus1_1250x250%2C1plus1_300x250_2%2Ccatfish&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4&prev_iu_szs=970x250%7C750x250%2C300x250%2C1440x180&prev_scp=Project_1plus1%3DMain%26excl_cat%3DPREPOST%7CProject_1plus1%3DMain%26excl_cat%3DPREPOST%7CProject_1plus1%3DMain%26excl_cat%3DPREPOST&eri=1&cookie=ID%3Ddbed87e3df10718e-2266546013c800d8%3AT%3D1621120322%3ART%3D1621120322%3AS%3DALNI_Mb2wWndsFtfV4Pyw5fkxXtrx8jmSQ&bc=31&abxe=1&lmt=1621120323&dt=1621120323184&dlt=1621120321571&idt=1270&frm=20&biw=1600&bih=1200&oid=3&adxs=315%2C1130%2C80&adys=1510%2C4483%2C1020&adks=3836652839%2C695559250%2C2198103003&ucis=2%7C3%7C4&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2F1plus1.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1180x250%7C300x250%7C1600x-1&msz=1180x0%7C300x0%7C1600x-1&ga_vid=69648745.1621120322&ga_sid=1621120322&ga_hid=1334754467&ga_fc=false&fws=4%2C4%2C516&ohw=1600%2C1600%2C1600&btvi=1%7C2%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

117e4d5b9c742a081423aa9964d7f481b772510517dda5edfccf6b5cafbd12f1

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/index_728x90.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/index_728x90.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLruhejnzPACFZFI4AodxP0MrQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/1411503651722103041/728x90/index_728x90.html,child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/index_980x120.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/index_980x120.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLzuhejnzPACFZFI4AodxP0MrQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/2914925732583289131/980x120/index_980x120.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/index_728x90.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/index_728x90.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLruhejnzPACFZFI4AodxP0MrQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/1411503651722103041/728x90/index_728x90.html,child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/index_980x120.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/index_980x120.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLzuhejnzPACFZFI4AodxP0MrQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/2914925732583289131/980x120/index_980x120.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1,-1,-1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41159
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
date: Sat, 15 May 2021 23:12:03 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://1plus1.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012103020108001/ Frame ED96 190 KB
54 KB 40ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012103020108001/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e553b4e88ac4a1819d608fe9dcb46544ca5fb776d4e0c84d773f37b1df18211

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 136138
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55046
x-xss-protection: 0
server: sffe
date: Fri, 14 May 2021 09:23:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aeaf363b1ad89b36"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 09:23:05 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012103020108001/v0/ Frame ED96 12 KB
5 KB 39ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012103020108001/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f9560479a05fb86854546c40ec030edc2bac692d4142391d69b16e5c033a185

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 136138
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4548
x-xss-protection: 0
server: sffe
date: Fri, 14 May 2021 09:23:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4eb73d471ab4cb2c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 09:23:05 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012103020108001/v0/ Frame ED96 87 KB
27 KB 52ms
19ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012103020108001/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6f768cbb894f2690011ee62662d3ac9480d12f5088fa46be57e650fcc4d835c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 136809
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27208
x-xss-protection: 0
server: sffe
date: Fri, 14 May 2021 09:11:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "22950e05e749846e"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 09:11:54 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012103020108001/v0/ Frame ED96 27 KB
9 KB 49ms
16ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012103020108001/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21d45a4ed77653b3b1ee2b47a786a4dbb936a3b19fc56e1b44c16aed35eb80ee

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 136809
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9587
x-xss-protection: 0
server: sffe
date: Fri, 14 May 2021 09:11:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "739644f32ad1483f"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 09:11:54 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012103020108001/v0/ Frame ED96 40 KB
13 KB 50ms
18ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012103020108001/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c6af60796cc240ad277098308cf363c2700f5296264ec1b43b4e1362763c439

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 136919
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12827
x-xss-protection: 0
server: sffe
date: Fri, 14 May 2021 09:10:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5cc8dcc2368726c7"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 09:10:04 GMT

GET
DATA 200
OK truncated
/ Frame ED96 221 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5816c6b00e67e96078708cb8f297505f783cbf4b5653e66647ad7202ca753717

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 14131111905182157276
s0.2mdn.net/simgad/ Frame ED96 176 KB
176 KB 116ms
76ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14131111905182157276

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c589b30b68800d200a04bbdbc40d7fdcbdbbc10fe83e6c4d292034224026ea32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 29 Sep 2020 06:20:09 GMT
server: sffe
x-dns-prefetch-control: off
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 180349
x-xss-protection: 0
expires: Sun, 15 May 2022 23:12:03 GMT

GET
H2 200 4094191189497866331
s0.2mdn.net/simgad/ Frame ED96 6 KB
7 KB 46ms
7ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/4094191189497866331

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f470d727967e38ee769e6ce10b7b07f7830ef361ff743944dd0724185d9442c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 08:29:56 GMT
x-content-type-options: nosniff
age: 139327
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6450
x-xss-protection: 0
last-modified: Tue, 24 Nov 2020 14:03:38 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 08:29:56 GMT

GET
H3-29 200 ad
googleads.g.doubleclick.net/dbm/ Frame ED96 42 B
63 B 27ms
25ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D3slMnqx0EMStTFTJu0QcQUi247qpvPGLz1rKfXZw590iHjWO2eWRRWdrYul4Ir84x39Lxz2kd_NVkpkr1J63N8C4Uu-ntNMb6Kogs5JV_SCJMbi8pEGYuagourU_dYIvEB1DC5IhNIzrc__EkLx15uiLNdg&dbm_d=AKAmf-AALj6T3uLFlA-V6XmkOjnsKBs0xlBBzrsjAGV4YaTr2EZZnysx9arDKwrsRDehHWurW_VECnyRs51ummZwfHKp0JPetEv-7IuHDuAHQETzfN7cd_qAM8sb5xA8TTwE9QlXOSm_Cj8hDRkYYX_lXZj1mzV5fCcXAiN4M_ivapTs4Kp9f7fUBqExHIX3Fr_qq2CU5P9QlGjHdXiFXUVxAWiyJ2bgREk8kLA1JR44w5VzNmoIkPKgDOFASXok8rcdIGDVqtYjmWEqGyu6vyCrPAEbpdep8_W1hhdv24r-h2GqapdGIfNR8eARSckv_8HMvja_jATJhYmvhMsNhfnrpyPwA9Mzm_FJdTwp3navuGOjllo8fEGwr2RLxZ-hlq2ECr6ARCV814yT4x70c3Xibcw756SHQj9muZEPc1S3OvjGx3cybxHd_WOVp0fyU6heQn6Kq7_uP5z-RjrjhR1JI0atllpz_u5qd9w5h5xHXbzn7QNCkyKkDVNg-Wl734AOwjkhhetkn8mq8vQ0TM2mv5M8ZNx7D-JFSrlL-659l-a4sHnZEmuzxQPUgY2JiQmPrP8Nvba3rDmjdSdFAiccPglKfbmyatQBMjNmo_QgBWIZ7iN6epxQ9B6fysQhtW1FJ_gJiUgi76DYad4nzxlHA9RWg5Y7C2demov02kXFYIe4Fxtn1W3LIlSd6GAj9_smy-B-9Kin4YF2lOZsIVQhXmzQhWRWcxPrRW7PcMOcNINF4PnxiieRk2IZMswk8XP4rPz-1x8bqKFj7P0JR4WkDoq2f8ZQkjNubGGUgYwCiNiDUnU1Xyb-VK_pexvQ2lBp-gnTUdU1enRu-_J3Kjfza0FyHRQwqxzLgFon8Ojj7aBTbX2_HNwDipB-VJFkZwOmGjmHZbZxQ1XIJEJ3dkQPptwjqlg1q4yE6oRq6a4yt6NXpYISuHhLdNFJrbQ4_ZgB82qhVt1SNZvTcfvP2pPIQtVZmCuQ61nkvUjK-c6Rpw-io09rWNhkOqElVYJ_GvCgqvXWdKW_pBCbdGj-3BPmfsRwwBNxuOZ21gzBYCtN8gOr4NZLSsh-8Hj3NnJCyyES2mds8KDrVl-49QsyO_mvl4Cdg3ucZcmcSQ9eAQKpF4j13YuHrRpxEsxak3TCUrONRX11vaJ-zUX9ZZW3jM4Nl8xqo5hzY8Qh_-Tg5GXJW8lPg-KbsJmqEhjLT3GWnyDvsWOH91V6_4vFd9cMGWuYwwHr-e7HLOuUxWDDQu3nPUZRYin68ot_l0t_nojpPNPxepFTR_8r3jzXY9c8fHqq1ZKwBfJ1FAR2GgfQcH5DLbO2HL0g98y5e4KWNnd-7PAWt2szQkebXaqU_ihCNuRko2incmxhRqSZTPmZsI6XESn5N72Xpa8VOTmHlqTZOAaHJXv3xG8k8pdUKKUS4lUsu9YFL7yCh1cc53m5JIvIT5-DplFTrMiOaHE_IMXcwhdWOjThQOjO58ynFuOg-xEMOjRfUdVsY_7_W_Ht4rRRV-lREeUcV8QXaHQwZhoNkaYqSq3UPaILyFfe9O--sQpZ8vo4D0VcidigMdVxf6ichcITAjeId1AYmmAJak147fw4Ribjns6Up-0pqKS0RtjSOgBUlu6qjQ_HGYKbyNZy9tAwA1FivcY4L5bIuJ9yWLlQ2ub4GcCgv-6dyXSMyWi7Epd5es7lKkQMRNiJLz8WUCmVqe1UBFJ5oHkFVSuglOCuLcGyr3-JOocHYtM3zGMaRmDFQfgpD_c9TM_CkR--wcWaOzTBTHmHrYmwtRUSW6uy6boyjec5bAfDOfa6NaH5meGzlGpFhflVKOghF10W_SfqZS__iVotJNQCuE5LHZfEHaocBDhx9VMoRMHzIce6rGJ8OaHJahYR4rfuAfpgzN9-avbjZHZzSie7379jW-Xe6XW2J3unMQ_2KoA4NamRBRBr2w3UpAITh2EO7vdvamsK0AgRZeYOMIhahBU-UrxM9cEAEWwkRJ3zDvq1aYH3eAL-wcoCQdHmcECVc-lxFxBL4ibloZRnJyBpIaXlG6nHMElrYXSDlYHwCTMb_cHjF4fEIgEjW6rmYT3_Bb-9M3jz_uSW1UqUyCx7AqbAHZBxY24zAr-y7EGlP8fwgNA6zQabwO-zv1hcE52tnF042dOKK6RffhuCJRElzyzO1qJSyg4Wjz-d0P926zqKJywD6-hhLeWLNfIaPsR3-ji7gNgoL_yt58bjIX8iY5wmo55fc--5eV-vYJtRAbYyLfFJuMHCUntR81r0BjzJveMjfE3rLRcYE7XCTS8aDIBxOSE95aOW7qBJszQy7AlNVwN2X45q3fM6mbywfalQxuqB9VKjjOdIYgNO5jYu-1GOoITgnVN6Wlg503CDoL3YrQajft7zUUUi5itIWfT9ylaorJj41MzUkIkdLNW_bl_NrNfWUxnpFMO_ttinKOk7cb_Xtp98c0KFkGGTCjnss3Ri62lMDvpPKgnt3a0pSC_o9ZujojCPD3ckH6ry_CDJsHUCiJZOb7duKAk4W09RGsDtU3D4IY8BGUydr6YzrKjCOUI3z-0M25RKUiZmREwYz9SwzBDUeTwJXnxfosqB_njE9u-39OO8a3aT1RGfYXK7agmqfyzcXkfyXEaPheqlop9mdAJSU2IXZExKPbp-DqcVi1rnYsKNS90w1kCO0c8lvcQqkrjOQfxbiGFhpebyLnxkGmfJB8e66Qh275IccG0ZnDCjl4wx6Jf2Iad5TBllA84SxICKlIESR6vyxARVc-GkA-Uwu3wvkRYnFxeVHUbcwpzA9MuJORXgtg6temweyVZWxceBkNBIWCVeIKcMg7lOertaLA5h-vEGJ8U1vtCPQaG5U_XkwxOtvJBgjWBUzIuOuPJExji9Q3oILX5jdKEM8uaGL7LWRJdyE9ejbda6gteyF_sJSFiQ5kKJMVEYD83xa-w6sr4es-5TmbybFTXojoCnOI2ZGpg7Ot-dpVYQDCH7xO2g2GQ&cid=CAASEuRoNckqFfERQiWxtpwcE_64OQ

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame ED96 0
0 112ms
87ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CDaGrQlWgYI6MPMbF7gPPjZSgCKOr3Zhh17XLitcNl96ivcABEAEg_f-FI2DxhY6G2B_IAQaoAwHIAwqqBM0BT9BV4R5yAZyqIOA5IlR_4IBNkurtcVMAgZIUhO0Mid0ybb9ksvtzuP2jb5USTd46EX_e333qAtBNUprHySvh4dJLsJi0bZrIxrrGSA2Xq1jLJQZBDRLA5xhn79_DHKgWoYcD671DWOqDmz9qrBiMXXpXMFxkFIqvfyJ07e3KGvVZLC9MSrHoC7wPF7E3XfoySZnUDTn1vMetff4SeMUJpGWR0QisHgbEHwkoNJeqUNusr2VaK_Q9hB6-c_S4MhcLNl4tue-ontf4FtYZtMAEpv-zprcD4AQDiAWk7q6yLZIFBAgDGAGSBQYIGxABGAGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBjeAB9SAwskBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RvYBwHyBwoQ-8ECGOSig5wB0ggJCIDhgBAQARgdgAoDyAsBsBPG-LQKyBPmuL0I0BMA2BMQiBQB2BQB0BUBgBcBshcaChgIABIUcHViLTkxMzgyNDc2NTM3NTQ1MzM&sigh=F1LL8lD0Nuk&cid=CAQSPACNIrLMM_HCe1bRDRwgZmkv27wMESAqB7XRgv09bRYcBWfhGFZFUjCclOV4LwphLFSBsBY1Xii6J6aGOw&template_id=509&vt=10
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s21-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 uk.png
tpc.googlesyndication.com/pagead/images/abg/ Frame ED96 3 KB
3 KB 46ms
8ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/uk.png

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 May 2021 06:08:31 GMT
x-content-type-options: nosniff
server: cafe
age: 61412
etag: 14587847488922671356
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3073
x-xss-protection: 0
expires: Sun, 16 May 2021 06:08:31 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame ED96 344 B
368 B 46ms
9ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 May 2021 09:25:49 GMT
x-content-type-options: nosniff
server: cafe
age: 49574
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Sun, 16 May 2021 09:25:49 GMT

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame ED96
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

15ms
14ms

Image
text/html

2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Sat, 15 May 2021 23:12:03 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H/1.1 200
OK userconnect.js Show response
js.adscale.de/ Frame 714F 14 KB
5 KB 50ms
50ms Script
application/javascript 104.109.91.53
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/userconnect.js
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.91.53 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-91-53.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 58ed344732766704ee535508e3dcd8d4a8ec0c9c79d16adf02293adde110926c

Request headers

Referer: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Vg_Jp.ZJ2u3YbQXNKkA7T4fbgrmEYgFi
Content-Encoding: gzip
Last-Modified: Wed, 03 Mar 2021 00:56:54 GMT
Server: AmazonS3
x-amz-request-id: C09881483449AE33
ETag: "98f37b242862929d9aef4bde91abc8ad"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=7200
Date: Sat, 15 May 2021 23:12:03 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4485
x-amz-id-2: XvGWyMh1NNZA3h7A8mQNHieOAWdSm+smMSR0SfQqPmJuE4ai3zxTv1OIuca1OgRR80GIsGjR2/Q=

GET
H/1.1 200
OK csync
sync.console.adtarget.com.tr/ Frame 714F 86 B
559 B 623ms
413ms Image
image/gif 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=307565&extuid=cbc3ca0cb98a493d8c155801c03571c3
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: 1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: VertaMedia 1.0
Content-Length: 86
Content-Type: image/gif

GET
H2 200 userconnect Show response
ih.adscale.de/ Frame 714F 149 B
224 B 51ms
51ms Script
application/javascript 18.158.173.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/userconnect?ssl=1&sid=0&cbfn=stroeerCoreConnect&ts=1621120323495&umd=false&gdpr=0&gdpr_version=2&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8

Request headers

Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
content-length: 149
content-type: application/javascript

GET
H3-29 200 container.html Show response
1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A324 6 KB
3 KB 20ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1plus1.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 15 May 2021 23:12:02 GMT
expires: Sun, 15 May 2022 23:12:02 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E94E 6 KB
3 KB 17ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1plus1.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 15 May 2021 23:12:02 GMT
expires: Sun, 15 May 2022 23:12:02 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D7FD 6 KB
3 KB 12ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1plus1.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 15 May 2021 23:12:02 GMT
expires: Sun, 15 May 2022 23:12:02 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 map Show response
ih.adscale.de/ Frame CDED 3 KB
3 KB 56ms
56ms Document
text/html 18.158.173.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 5764f31f63909f6026989595eb8423d5984fda5c6fc85fa2484d70c4c185b6fa

Request headers

:method: GET
:authority: ih.adscale.de
:scheme: https
:path: /map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://js.adscale.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: uu=cbc3ca0cb98a493d8c155801c03571c3; cct=1621120323329
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://js.adscale.de/

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
content-type: text/html;charset=ISO-8859-1
content-length: 2792
set-cookie: tu=4#3820569725#48~~450311~450311~1#101~~450311~450311~1#38~~450311~450311~1#39~~450311~450311~1#40~~450311~450311~1#42~~450311~450311~1#108~~450311~450311~1#63~~450311~450311~1; Max-Age=31336000; Domain=ih.adscale.de; Path=/; Secure; SameSite=None cct=1621120323609; Max-Age=31336000; Domain=.adscale.de; Path=/; Secure; SameSite=None

GET
H3-29 200 index_728x90.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/ Frame AFA8 123 KB
40 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/index_728x90.html

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

360f93dc63a30edd23cf33e0de57effd1a4e55c89b02307892b2e5136ab8d32d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/1411503651722103041/728x90/index_728x90.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Fri, 14 May 2021 07:24:59 GMT
expires: Sat, 14 May 2022 07:24:59 GMT
last-modified: Fri, 30 Apr 2021 16:46:12 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 41338
age: 143224
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 82D5 0
0 87ms
87ms Fetch
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CvpDbQ1WgYPrAD5GRgQfE-7PoCvHysJlis_3W990Nv-EeEAEg_f-FI2DxhY6G2B-gAYWp9cwCyAEJ4AIAqAMByAMIqgTUAU_QJAGsCh4x_Xu_5t8H8Pbh4fbrSsjA91wi23mKOoXXi3tRL1LmLneQLFEG_c9dyt0LHOKTZniIjaIklqEY3BKFFmQL2OLbgTkNvKZKbIYC3Y9P1e4K8knowiBkTb31yqc3l___U2MJz5xqzuBypewZzcy7bmDxdMEu90Sytty_GQsJNy8CfVVlRU8iQxQep9w_YRBTTPvJZN5QuELYLiwBNEBXnqvjKqHiDnsPXPIOZN_MNbi5XXEzC7-t6sZlmGodAsIvZ3XEEHi06BLiC0cCcPU0wASCvYmuywPgBAGSBQQIBBgBkgUECAUYBKAGLoAH49aKswGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQ-_YU0ggJCIDhgBAQARgdgAoDyAsB2BMN0BUBgBcBshcaChgIABIUcHViLTkxMzgyNDc2NTM3NTQ1MzM&sigh=ao1uejhjMag&template_id=419
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s21-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/ Frame 82D5 17 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/abg_lite_fy2019.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85e3697fdb65077432d19ff2953a9384b12c6971b9187fd719ac2cf0f1f472d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 175
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7042
x-xss-protection: 0
server: cafe
etag: 2725110100707361309
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 May 2021 23:09:08 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 82D5 2 KB
1 KB 12ms
10ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 May 2021 23:09:06 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 82D5 117 KB
36 KB 29ms
15ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14a6bc9fca94f536d24da272cf684e3e900adaf170804cceda99f44c97c710c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620991973329016"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36585
x-xss-protection: 0
expires: Sat, 15 May 2021 23:12:03 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 82D5 13 KB
6 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:06:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 308
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 May 2021 23:06:55 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 82D5 0
0 14ms
13ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaShWZvRmnPRcmjVnLC127R_NMCLdqLHMkRBYPSbLUUNO9I9tOZNWbIXPu0M150RUrq112STdXYHqKQx3Yz0xnMy7YpsXg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BF8D 624 B
297 B 16ms
16ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIy1wgIQ6_3nAhjmx82gATAB&v=APEucNVG3jzcJ65ym_WS65FCDfY-XcLyhxlaRfUwepT55aomsX__uW5cKO6iCLXwQSoVV7yYaS3c0i9P0e4yHdSsigU44LLip7cbW06NHdUwhKRz9MG_W5thts2lEjHFHsWKKpczaO0rXSmZjSU0em-K3kgcksfbH2kRv_oEDLYUDImpvI7nhkBx0I3TnE1BCiuu1YGoY_X4TwgDdQwaD62XZTLwo80gvg

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CIy1wgIQ6_3nAhjmx82gATAB&v=APEucNVG3jzcJ65ym_WS65FCDfY-XcLyhxlaRfUwepT55aomsX__uW5cKO6iCLXwQSoVV7yYaS3c0i9P0e4yHdSsigU44LLip7cbW06NHdUwhKRz9MG_W5thts2lEjHFHsWKKpczaO0rXSmZjSU0em-K3kgcksfbH2kRv_oEDLYUDImpvI7nhkBx0I3TnE1BCiuu1YGoY_X4TwgDdQwaD62XZTLwo80gvg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmmOkBmHjrgfaRLKo0kMYhGQKvAaGVtjGGZzTHmdSPVkFq7x7PUq0vUJ4nyRM0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 15 May 2021 23:12:03 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E94E 57 KB
23 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DI8qWkIgwL17lhHN6AJjilz-lCm7llSnhK5AqRoHh0D6Is40Fm_1boxftk5A8RcDLwcJbMaHQpWBZFRgAGu_p7LceiksoA1qUwBLvpyXHCjNFgXYCHHWTAnLGCTF7zB0J6OA01vfwSe4pw4Zm-akp0P12f8w&dbm_d=AKAmf-BID8Y6C6YGLT-rR_TrxW9B4rAEgzB_vuvt27g2BDziwKMW2zmUeRJeDuF0i90NxxdXbwbXCXauG7Z_sF096LnBTiAJgKFk_5epTV5OJlgTnf1n4nyeOLBvvwgXPds6xgXxzT0HlRw93vxh9BfSZnxoWQStJ8IxvDBRav300jgipabgeMXWbkKsUrMNjlhd0AP-h-bSWQvffddIA_xsp3Pm_5IiUSNJc3-0HrzxzkJsbUQH2tfeA1vEJEdP2sbUooXzjWbp18V-60j334TZ4GMIu8t5IZnVzHHRp_1bwwz6i9OdZ1yPqPvmKgza-aBMdlPGW_5mntd01bg4G7b-T_4suJ8R1oC7eOH7hn3hPYbltMZL2p-xVeb8M8JlZlgG3Y_3HEmfAMy2LbZbaJkMKjbSUuSpnWkErb8Y046rA1W_dOXIgaKNCcI1B7mIXtmWoaazU_1jBBLMfWVcf3k04CD2YQtThk7ks0R8BET_-5cwBe3Q_ODLaQZrlUDt1TVWhl9ik7jwr5MocgZwM5Ywy6wTh4cl6lquaZ3f2QFZA7eGeqaSWh32D-sYeRrMknlWvHoxmWHLGiIYFQQwhWKLY4xsB7SkyAzAXyigbPn4lRjYeOu0MBTNfhbwCFjylA8xZl5L6upZrARpVOBIPChrUBAmJSzNRGqnUOFeWmi6h0MK5h3DywTFXXL--aSiv8AW4Rs2e8nTEwUfmHa3YV1oOCD1ekMSGT1TGjLvna-xxdrocLNxybBU29gIgDvjDEMoJL7ooLXOBhqXJtLiShHPFQcA1ntKa6tUAdemm3d90Sl8qFNpViylHNRHKRyVf7-cmuYp2uK-JgBZtUd0oxE6yAD9luNCp35H2tWOx3bwGXUVb5z9uAKtk82nJ_ce_39oiM9u6io-IfctSq2-3p_XsmS7CcxMvE2xPht-cWBJAkb3SCl9KvVD57zBKVAnNpk7KgFdKEhH0SAhq9qN7BXM2CN899ItTF_ktA0chCQ5lOiLw3nvKgeRS6LkR5SqxaWF0GKxUA9DSsTymjLC6bUF4wdWIstggmeqda7TW1XLthp0KUWt6gKy4cZrXq6z3vEfDWkA1Vv4Faf66jZdJ7Q3bycNME2ae5XBJNgJzBfvxhYpGcErmdJV0WxxfI0FKNe8LdL9AwUAQKLdpVfD05GC5zjfxRvQqPKcyseIMCgDqbyAwhiHN9Nv8Kf3fmwiik7tBsyO24pGYFyjq79pQ7_fKrBl9GeiBB1L6mp5hUkCtDoBrybiPDeyCoJ-dAGofv_BLaW4j72LNg_QQLatFK4efyncRC9UH6Ugeqf5D-DQZEdxFeRDmas1NfGA4Mn_B4C3bYEmZoh5-fzH7J4IdplxiDztrcb8TEfoxQqJgJCOY-fTxLL8lyLBDle8sfh_67A-Iz0tCm9w28dwobvWlonsR4pJQAgakddBu3IJpzM0HS5yNn8I507Cxyp7CbPPIjGycSgK8BrNdu7sb1wzM7n_iYqtOaY_kIJZ2PvYjF69iewJltOTcEPsZpbiQtsP_STZkJFxpfnVkcBRQ2-Bj7oN18wLwoo4Cuf688IyLRDOk7iFe707-WV6B-aZF_ye4eu0qgy-FPQyI0H1Pvhae0nMwmk0WKa5mh5D3ycb0EI5BEkOrTaRniogMCALKRbbIqfcqM2GXYGksVpd7OKSZeJVPok-KQpNPTaMKUgtxxuYWWhzAPMeMIZiN7Hcu5896kFb9EzEOKNsY5f8CnTTejVcuJ87wWLgLjeFBB8KDwTfbHYWTG27Qetjy3_Kr5SiNvS5iN4lSIUdbF5WcmM1kUXijHxTTwuyFwvSoWRNrIv6IKfsQOaUWiX1EQAgs9WzM0QlSI9Tzgkd81vB0_7XOCm6kD5FPj2-JoMEyod8DaENXj0y--B5omaD0elzhk5kSxzn3_T4J0CG5FogVwdqy4Go6bApI9w0XKFwKbo2RJDE57wKP9eIY0GVo7yOBvJUxrRyCASZz6PUngZxvtY_Rn50F5OjRFwY6ojXgJM1en7YXKeI-IbbEqQsZp27aEroPeigCz7DNhAB-R4RY1rBaquIYeKBvsAo5LIlhAtPEjNIyiImKnd-tloBa0mhkp41VApdIlgEwkDuc3NP_pwf5A4JZsYSb2wiJ-V_kmtNIgUeLxC8qPkrilLjSv63bnjqNx4tfSGjW_Q5x5CJSBJgeHm58lAG9uTL7lk7epx90HHKKXBFKTyrkGA76pjKqE24bcXPNbjhcPjQ68T-l6li_zNriSeiFLEq4ncd7pInVLyHcrVdNSfqyXxKNKeegldUF49IXU3tfvz4HpwBoO3wFGQiIp9OIBQUCEnlpY85BQjlv7JqiJ5_KlYPYAKRuzuUAz4DppXgUUAIllT1QW-uepeL758GCrpUPgUAK3w5U1sXBs7eVqYVuHX-kVn-Tx3SotQEossmTdSX0jxUyinvgVqTplJDyreKEyvLHntrqkkU1XIlm-dU6_FNRp3rtaYfIhwlmkpSSNP4f7HakEFvIXyB0_Tat066M3lwYqkZC4WV33FoCOMoEVB9Abj3x9BwBUl3U4kwH1ORCdsoYjV0lAYXNlWBBNZ8sN1GK5KtIwd-z1Pb2OuLQFmRtiRHWJfyz-HECfl45QuNkXU3oomn-kZU1dE2DMW_8OCmTm5JGVtGak41kXmdyYFiVi5f05sui57gddMQO6hj1jAH_sMwT10eVUiHQ7TUzvlyxK8-A5TnGSlD4vrHvnzcSK-XOFy8I1KicSyeBOLQ4RsbO5wYwt3ggtHLvR9ap1vlo_E069IsCj9DfhFulDQR4aBhYE-Zl4eSXpPeXLCt4HPHJ1crREYrjtVPHjnpwBxoeHolis_shij6N5DA26jOHurSk02dPgxcw58N9f875zniivvbwLS9tAow77si_UJpr0XCgJnGxQKC6GuBxhihyqA_FfwvLLjFIXViyuzTaTxgFHxDcxaiqJw6npjOKQDviKrQiWtcoJfNkkQQwnaupPOlK_58sYFr1RMozWHmPK-7GECfQVMyb_G9jqR2tYeTxzy1pxFPh1Oc99dLrio&cid=CAASEuRoYawowpYhCFVDa58vwy1wlA&rfl=1%2Chttps%253A%252F%252F1plus1.ua%252F%240

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea0940a6c64aff793641bf5e3767e91835cf0bd164ce63f0a526c415b5482de6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23666
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E94E 42 B
63 B 41ms
39ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ByKUuAMNn0AG05Bb4qzyAyQYM-38jyV5m6cf0WpDUV_pPaHts_zRu74lsx4R4AwBgz_7dBgPWp6nKYjeN2yfoGbrhtSjpuepgGBahyCZoa_BUIyTA

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame E94E 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 May 2021 23:09:06 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E94E 117 KB
36 KB 25ms
16ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14a6bc9fca94f536d24da272cf684e3e900adaf170804cceda99f44c97c710c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620991973329016"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36585
x-xss-protection: 0
expires: Sat, 15 May 2021 23:12:03 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame E94E 13 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:06:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 308
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 May 2021 23:06:55 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame E94E 0
0 15ms
14ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSjpPnfx_Wd87esAGiB2DANMkWS29uSdJsd8tn2oVmNpcYzzCdTPm6kMV6JI_EvJc-UoKRebZBiCmWjqScjF5GPsj80JQ
Requested by: Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 index_980x120.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/ Frame 5337 123 KB
40 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/index_980x120.html

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2efbef0bcfb1114634bbd1bfd130d6b44ebe6f147e87d0acd3923c32a39b2873

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/2914925732583289131/980x120/index_980x120.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Fri, 14 May 2021 14:51:03 GMT
expires: Sat, 14 May 2022 14:51:03 GMT
last-modified: Fri, 30 Apr 2021 16:46:53 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 41356
age: 116460
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame EB3E 0
0 88ms
87ms Fetch
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C7HxqQ1WgYPzAD5GRgQfE-7PoCvHysJlio__W990Nv-EeEAEg_f-FI2DxhY6G2B-gAYWp9cwCyAEJ4AIAqAMByAMIqgTYAU_QC1IFhE7q79Jhb3deMk1nWjxh5MdZAgBfPcG_9aKh0Njt1x1TvLWEbo93hIhrend0QXo6CH3oRr0nilzckzLnle4eYFX6uBjxe7gFsLew_x0Efytw8MMuogngnceEVyVOsHmTI8b6Z-CnVZBdf9Ilp6j3bDmDzE7P4cMa9BW5t_XPNkkTEpqTQcwPryYkR8Huw8S2_3I3rYi2rvO9lyLfia3nYIbUJEiut3l7lNNuidEk66-cjBnmWzaSXn2EZRMJQzbfUx2AJfWoo3qCh1sRx7MglUusl8AEgr2JrssD4AQBkgUECAQYAZIFBAgFGASgBi6AB-PWirMBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEKf_RNIICQiA4YAQEAEYHYAKA8gLAdgTDdAVAYAXAbIXGgoYCAASFHB1Yi05MTM4MjQ3NjUzNzU0NTMz&sigh=l5URmsOyS4c&template_id=419
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s21-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/ Frame EB3E 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/abg_lite_fy2019.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85e3697fdb65077432d19ff2953a9384b12c6971b9187fd719ac2cf0f1f472d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 175
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7042
x-xss-protection: 0
server: cafe
etag: 2725110100707361309
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 May 2021 23:09:08 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame EB3E 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 May 2021 23:09:06 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EB3E 117 KB
36 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14a6bc9fca94f536d24da272cf684e3e900adaf170804cceda99f44c97c710c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620991973329016"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36585
x-xss-protection: 0
expires: Sat, 15 May 2021 23:12:03 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame EB3E 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:06:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 308
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 May 2021 23:06:55 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame EB3E 0
0 14ms
13ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaST29YglZ4AnZeMXFweMnSzMs-t-Bcdju_A3d4CjykPqgLyvbDTcHNFKOBDMpMeZdmb-M1_xttp857G4iqdBVwHDpqmug
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BBF7 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmmOkBmHjrgfaRLKo0kMYhGQKvAaGVtjGGZzTHmdSPVkFq7x7PUq0vUJ4nyRM0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 15 May 2021 22:57:10 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 893
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B4EE 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmmOkBmHjrgfaRLKo0kMYhGQKvAaGVtjGGZzTHmdSPVkFq7x7PUq0vUJ4nyRM0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 15 May 2021 22:57:10 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 893
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 82D5 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 53db803dda7eed11fa80f365455ca64e011347e18f7870b3a478c867d2bda87b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame AFA8 9 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/index_728x90.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 03:57:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69302
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 16 May 2021 03:57:01 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame AFA8 26 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/index_728x90.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 18:54:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15443
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 16 May 2021 18:54:40 GMT

GET
H3-29 200 image-0.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/ Frame AFA8 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/image-0.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/index_728x90.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65d1dbcdcaefbf30e2a6550d1c99976a61d8adac18aed610c6bf99d70e44928f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 143224
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1819
x-xss-protection: 0
last-modified: Fri, 30 Apr 2021 16:46:12 GMT
server: sffe
date: Fri, 14 May 2021 07:24:59 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 07:24:59 GMT

GET
H3-29 200 image-1.jpeg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/ Frame AFA8 18 KB
18 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/image-1.jpeg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/index_728x90.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ef23cb6d4c1a8818cab0d4972928bd2d533184871f8f72f80e0863dc65562ee

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 143224
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18055
x-xss-protection: 0
last-modified: Fri, 30 Apr 2021 16:46:12 GMT
server: sffe
date: Fri, 14 May 2021 07:24:59 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 07:24:59 GMT

GET
DATA 200
OK truncated
/ Frame EB3E 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff029faabc552c9d59dc2b7ece2544e5b60713a3236ebad1ef95d8110025507e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame E94E 111 KB
38 KB 20ms
7ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 20:28:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9800
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 May 2021 20:28:43 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210511/r20110914/elements/html/ Frame E94E 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210511/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DI8qWkIgwL17lhHN6AJjilz-lCm7llSnhK5AqRoHh0D6Is40Fm_1boxftk5A8RcDLwcJbMaHQpWBZFRgAGu_p7LceiksoA1qUwBLvpyXHCjNFgXYCHHWTAnLGCTF7zB0J6OA01vfwSe4pw4Zm-akp0P12f8w&dbm_d=AKAmf-BID8Y6C6YGLT-rR_TrxW9B4rAEgzB_vuvt27g2BDziwKMW2zmUeRJeDuF0i90NxxdXbwbXCXauG7Z_sF096LnBTiAJgKFk_5epTV5OJlgTnf1n4nyeOLBvvwgXPds6xgXxzT0HlRw93vxh9BfSZnxoWQStJ8IxvDBRav300jgipabgeMXWbkKsUrMNjlhd0AP-h-bSWQvffddIA_xsp3Pm_5IiUSNJc3-0HrzxzkJsbUQH2tfeA1vEJEdP2sbUooXzjWbp18V-60j334TZ4GMIu8t5IZnVzHHRp_1bwwz6i9OdZ1yPqPvmKgza-aBMdlPGW_5mntd01bg4G7b-T_4suJ8R1oC7eOH7hn3hPYbltMZL2p-xVeb8M8JlZlgG3Y_3HEmfAMy2LbZbaJkMKjbSUuSpnWkErb8Y046rA1W_dOXIgaKNCcI1B7mIXtmWoaazU_1jBBLMfWVcf3k04CD2YQtThk7ks0R8BET_-5cwBe3Q_ODLaQZrlUDt1TVWhl9ik7jwr5MocgZwM5Ywy6wTh4cl6lquaZ3f2QFZA7eGeqaSWh32D-sYeRrMknlWvHoxmWHLGiIYFQQwhWKLY4xsB7SkyAzAXyigbPn4lRjYeOu0MBTNfhbwCFjylA8xZl5L6upZrARpVOBIPChrUBAmJSzNRGqnUOFeWmi6h0MK5h3DywTFXXL--aSiv8AW4Rs2e8nTEwUfmHa3YV1oOCD1ekMSGT1TGjLvna-xxdrocLNxybBU29gIgDvjDEMoJL7ooLXOBhqXJtLiShHPFQcA1ntKa6tUAdemm3d90Sl8qFNpViylHNRHKRyVf7-cmuYp2uK-JgBZtUd0oxE6yAD9luNCp35H2tWOx3bwGXUVb5z9uAKtk82nJ_ce_39oiM9u6io-IfctSq2-3p_XsmS7CcxMvE2xPht-cWBJAkb3SCl9KvVD57zBKVAnNpk7KgFdKEhH0SAhq9qN7BXM2CN899ItTF_ktA0chCQ5lOiLw3nvKgeRS6LkR5SqxaWF0GKxUA9DSsTymjLC6bUF4wdWIstggmeqda7TW1XLthp0KUWt6gKy4cZrXq6z3vEfDWkA1Vv4Faf66jZdJ7Q3bycNME2ae5XBJNgJzBfvxhYpGcErmdJV0WxxfI0FKNe8LdL9AwUAQKLdpVfD05GC5zjfxRvQqPKcyseIMCgDqbyAwhiHN9Nv8Kf3fmwiik7tBsyO24pGYFyjq79pQ7_fKrBl9GeiBB1L6mp5hUkCtDoBrybiPDeyCoJ-dAGofv_BLaW4j72LNg_QQLatFK4efyncRC9UH6Ugeqf5D-DQZEdxFeRDmas1NfGA4Mn_B4C3bYEmZoh5-fzH7J4IdplxiDztrcb8TEfoxQqJgJCOY-fTxLL8lyLBDle8sfh_67A-Iz0tCm9w28dwobvWlonsR4pJQAgakddBu3IJpzM0HS5yNn8I507Cxyp7CbPPIjGycSgK8BrNdu7sb1wzM7n_iYqtOaY_kIJZ2PvYjF69iewJltOTcEPsZpbiQtsP_STZkJFxpfnVkcBRQ2-Bj7oN18wLwoo4Cuf688IyLRDOk7iFe707-WV6B-aZF_ye4eu0qgy-FPQyI0H1Pvhae0nMwmk0WKa5mh5D3ycb0EI5BEkOrTaRniogMCALKRbbIqfcqM2GXYGksVpd7OKSZeJVPok-KQpNPTaMKUgtxxuYWWhzAPMeMIZiN7Hcu5896kFb9EzEOKNsY5f8CnTTejVcuJ87wWLgLjeFBB8KDwTfbHYWTG27Qetjy3_Kr5SiNvS5iN4lSIUdbF5WcmM1kUXijHxTTwuyFwvSoWRNrIv6IKfsQOaUWiX1EQAgs9WzM0QlSI9Tzgkd81vB0_7XOCm6kD5FPj2-JoMEyod8DaENXj0y--B5omaD0elzhk5kSxzn3_T4J0CG5FogVwdqy4Go6bApI9w0XKFwKbo2RJDE57wKP9eIY0GVo7yOBvJUxrRyCASZz6PUngZxvtY_Rn50F5OjRFwY6ojXgJM1en7YXKeI-IbbEqQsZp27aEroPeigCz7DNhAB-R4RY1rBaquIYeKBvsAo5LIlhAtPEjNIyiImKnd-tloBa0mhkp41VApdIlgEwkDuc3NP_pwf5A4JZsYSb2wiJ-V_kmtNIgUeLxC8qPkrilLjSv63bnjqNx4tfSGjW_Q5x5CJSBJgeHm58lAG9uTL7lk7epx90HHKKXBFKTyrkGA76pjKqE24bcXPNbjhcPjQ68T-l6li_zNriSeiFLEq4ncd7pInVLyHcrVdNSfqyXxKNKeegldUF49IXU3tfvz4HpwBoO3wFGQiIp9OIBQUCEnlpY85BQjlv7JqiJ5_KlYPYAKRuzuUAz4DppXgUUAIllT1QW-uepeL758GCrpUPgUAK3w5U1sXBs7eVqYVuHX-kVn-Tx3SotQEossmTdSX0jxUyinvgVqTplJDyreKEyvLHntrqkkU1XIlm-dU6_FNRp3rtaYfIhwlmkpSSNP4f7HakEFvIXyB0_Tat066M3lwYqkZC4WV33FoCOMoEVB9Abj3x9BwBUl3U4kwH1ORCdsoYjV0lAYXNlWBBNZ8sN1GK5KtIwd-z1Pb2OuLQFmRtiRHWJfyz-HECfl45QuNkXU3oomn-kZU1dE2DMW_8OCmTm5JGVtGak41kXmdyYFiVi5f05sui57gddMQO6hj1jAH_sMwT10eVUiHQ7TUzvlyxK8-A5TnGSlD4vrHvnzcSK-XOFy8I1KicSyeBOLQ4RsbO5wYwt3ggtHLvR9ap1vlo_E069IsCj9DfhFulDQR4aBhYE-Zl4eSXpPeXLCt4HPHJ1crREYrjtVPHjnpwBxoeHolis_shij6N5DA26jOHurSk02dPgxcw58N9f875zniivvbwLS9tAow77si_UJpr0XCgJnGxQKC6GuBxhihyqA_FfwvLLjFIXViyuzTaTxgFHxDcxaiqJw6npjOKQDviKrQiWtcoJfNkkQQwnaupPOlK_58sYFr1RMozWHmPK-7GECfQVMyb_G9jqR2tYeTxzy1pxFPh1Oc99dLrio&cid=CAASEuRoYawowpYhCFVDa58vwy1wlA&rfl=1%2Chttps%253A%252F%252F1plus1.ua%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:02:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 565
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 May 2021 23:02:38 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210511/r20110914/ Frame E94E 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210511/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

259f01a4a83ad8a3ea4306becf97b5270bed9e5556f64ed6bde597f2f0601b39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:06:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 321
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8628
x-xss-protection: 0
server: cafe
etag: 13108869059872076478
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 May 2021 23:06:42 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BF8D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJYrSxUAn0bU2S7stXDBfRM&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJYrSxUAn0bU2S7stXDBfRM&google_cver=1&C=1

43 B
1012 B

77ms
76ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJYrSxUAn0bU2S7stXDBfRM&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIy1wgIQ6_3nAhjmx82gATAB&v=APEucNVG3jzcJ65ym_WS65FCDfY-XcLyhxlaRfUwepT55aomsX__uW5cKO6iCLXwQSoVV7yYaS3c0i9P0e4yHdSsigU44LLip7cbW06NHdUwhKRz9MG_W5thts2lEjHFHsWKKpczaO0rXSmZjSU0em-K3kgcksfbH2kRv_oEDLYUDImpvI7nhkBx0I3TnE1BCiuu1YGoY_X4TwgDdQwaD62XZTLwo80gvg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:04 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 May 2021 23:12:04 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:04 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJYrSxUAn0bU2S7stXDBfRM&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Sat, 15 May 2021 23:12:04 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BF8D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YKBVRPomrD6XL571CHriDQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJYrSxUAn0bU2S7stXDBfRM&google_cver=1

43 B
892 B

64ms
63ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJYrSxUAn0bU2S7stXDBfRM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIy1wgIQ6_3nAhjmx82gATAB&v=APEucNVG3jzcJ65ym_WS65FCDfY-XcLyhxlaRfUwepT55aomsX__uW5cKO6iCLXwQSoVV7yYaS3c0i9P0e4yHdSsigU44LLip7cbW06NHdUwhKRz9MG_W5thts2lEjHFHsWKKpczaO0rXSmZjSU0em-K3kgcksfbH2kRv_oEDLYUDImpvI7nhkBx0I3TnE1BCiuu1YGoY_X4TwgDdQwaD62XZTLwo80gvg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:04 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 May 2021 23:12:04 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJYrSxUAn0bU2S7stXDBfRM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame BF8D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOxvgDJYHlRTh0fU7xOvm94&google_cver=1

43 B
1020 B

54ms
54ms

Image
image/gif

185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOxvgDJYHlRTh0fU7xOvm94&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIy1wgIQ6_3nAhjmx82gATAB&v=APEucNVG3jzcJ65ym_WS65FCDfY-XcLyhxlaRfUwepT55aomsX__uW5cKO6iCLXwQSoVV7yYaS3c0i9P0e4yHdSsigU44LLip7cbW06NHdUwhKRz9MG_W5thts2lEjHFHsWKKpczaO0rXSmZjSU0em-K3kgcksfbH2kRv_oEDLYUDImpvI7nhkBx0I3TnE1BCiuu1YGoY_X4TwgDdQwaD62XZTLwo80gvg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:03 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.40:80
AN-X-Request-Uuid: 10fbe8c7-e501-4339-add9-ff417bae63ca
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOxvgDJYHlRTh0fU7xOvm94&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame BF8D
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI0NzQwMDA1OTk1NDE1MDgyMQ%3D%3D

170 B
243 B

113ms
68ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI0NzQwMDA1OTk1NDE1MDgyMQ%3D%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:03 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.187:80
AN-X-Request-Uuid: 8170eb96-96ce-4c56-b2ba-8fe607b3cdbb
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI0NzQwMDA1OTk1NDE1MDgyMQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK match.js Show response
js.adscale.de/ Frame CDED 4 KB
2 KB 49ms
49ms Script
application/javascript 104.109.91.53
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/match.js
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.91.53 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-91-53.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 91b4eb09154d5ebef46352e922194ec6dbb9547b63f9776ae10133fe1ca66879

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: wLpT08_wLXVkyJ1J8XFuEEwEpe2lwEj_
Content-Encoding: gzip
Last-Modified: Wed, 03 Mar 2021 00:56:54 GMT
Server: AmazonS3
x-amz-request-id: 7EFEFA531BDE50C9
ETag: "b75124846aec28a28b7a3441813682d5"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=7200
Date: Sat, 15 May 2021 23:12:03 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1700
x-amz-id-2: YTUDZMFce+FELD8OlST8Dn8xU7Q4dtrSf1ocY31O/+7zml49QcuSZWpZvIiqIxSNnhHKT0HlKs8=

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 5337 9 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/index_980x120.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 03:57:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69302
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 16 May 2021 03:57:01 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5337 26 KB
10 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/index_980x120.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 18:54:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15443
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 16 May 2021 18:54:40 GMT

GET
H3-29 200 image-0.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/ Frame 5337 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/image-0.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/index_980x120.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3d1d0d59e8a98c71cdd54a57ebdd6baf8e143f50aadd92853cc1c1c3e687612

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 116460
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2377
x-xss-protection: 0
last-modified: Fri, 30 Apr 2021 16:46:53 GMT
server: sffe
date: Fri, 14 May 2021 14:51:03 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 14:51:03 GMT

GET
H3-29 200 image-1.jpeg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/ Frame 5337 27 KB
27 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/image-1.jpeg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/index_980x120.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb2bd76c6d661717105dbca868a22b4ff566a1fb161ef719fd08b9c9c36c24a8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 116460
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27662
x-xss-protection: 0
last-modified: Fri, 30 Apr 2021 16:46:53 GMT
server: sffe
date: Fri, 14 May 2021 14:51:03 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 14:51:03 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame AFA8 4 KB
618 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400&subset=latin

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1411503651722103041/728x90/index_728x90.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e7f8fb3de1908cf50ce35acee4c5932760e17fba860ec7c2a591ea5dcffa306d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 May 2021 22:05:04 GMT
server: ESF
date: Sat, 15 May 2021 23:12:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 May 2021 23:12:03 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 5337 4 KB
618 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400&subset=latin

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2914925732583289131/980x120/index_980x120.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e7f8fb3de1908cf50ce35acee4c5932760e17fba860ec7c2a591ea5dcffa306d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 May 2021 22:33:18 GMT
server: ESF
date: Sat, 15 May 2021 23:12:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 May 2021 23:12:03 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame AFA8 15 KB
15 KB 22ms
8ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400&subset=latin

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 04:23:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
age: 586120
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
expires: Mon, 09 May 2022 04:23:23 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame AFA8 15 KB
15 KB 20ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400&subset=latin

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 01:43:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 250111
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Fri, 13 May 2022 01:43:32 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E94E 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 12:02:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40168
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 15 May 2022 12:02:35 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 68CC 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 15 May 2021 06:38:34 GMT
expires: Sun, 16 May 2021 06:38:34 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59609
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame E94E 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7bb56a90360e91425ca5587e23dea63443cb0e9a44d79e97257c506dd9d58d02

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

img
ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/ Frame CDED
Redirect Chain

https://bbnaut.ibillboard.com/match/AdScale?partneruid=cbc3ca0cb98a493d8c155801c03571c3&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b7411e9913b1a511619e58%2F1621120323609%2F0%2Fimg%3Ftpid%...
https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/img?tpid=101&tpuid=BBID-01-02958343250563678-16288920

49 B
481 B

71ms
69ms

Image
image/gif

18.158.173.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/img?tpid=101&tpuid=BBID-01-02958343250563678-16288920
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:05 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Date: Sat, 15 May 2021 23:12:05 GMT
Server: nginx
Transfer-Encoding: chunked
p3p: CP="CUR ADM DEV OUR STP PRE DSP NOI COR NID"
Location: https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/img?tpid=101&tpuid=BBID-01-02958343250563678-16288920
Cache-Control: private, max-age=3600
Access-Control-Allow-Credentials: true
Connection: close

GET
H3-29 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 5337 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400&subset=latin

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 04:23:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
age: 586120
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
expires: Mon, 09 May 2022 04:23:23 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 5337 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400&subset=latin

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 01:43:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 250111
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Fri, 13 May 2022 01:43:32 GMT

GET
H3-29 200 index.html Show response
s0.2mdn.net/9753181/1616408623857/ Frame 9940 11 KB
4 KB 20ms
6ms Document
text/html 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9753181/1616408623857/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c95b18e797d7ab1d6c92df71af627236c4c93172f16c77e96660c30e352da9f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9753181/1616408623857/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 3970
date: Sat, 15 May 2021 04:55:26 GMT
expires: Sun, 16 May 2021 04:55:26 GMT
last-modified: Mon, 22 Mar 2021 10:23:43 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 65797
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E94E 0
575 B 225ms
98ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst-4FjswyvJqsosRVBvSkyy1ygjOkLPa9ZQiWCpW32sS2qwbeMnHiK-rx17oZ-d3TXKnfsEAtOEtNSES02yJvBvawE4XkmZScj8JaTFTC_2jRCgUD8GJwytoME2ffymS5Hq7B0-NI9VVHZOnzwmlgyl5FDKWnRqq-mvRqc1tfvcNVxbRFq57ZXWWAup_Ao9jGBfW_Fn0eRTKHqHVcYVz_SMpypLE0bYM-bivEu1GIoHitfDRWR8qSU_M4YkJk5gDbHNsn2Q78p8T6HLSra98aUws4I9T3pH9dw-QTlxb1qufVqjXWdy3kE7c6vl3yWS0ZliW2CtnxnEZmrr3jmwJd4apVEcQI8gjPZN8Azkks15zJm9rYpLx23VoBC4eMFQvS-2RhtvqD1fOBlJlXtSKtPdLQUT85w9RzHKUhXyzaqYeZ_YtyDqZJ-zggPlkNSx5kPvDnT6gWaViUsV229FXqSyTbfzLzIN5ttXL9r0daWZZjnbGxC68Y27BSNLRBkcAsn8Nw3ROfaetbzpAImssFzfros8U6y1iyurjmBOmGcSNj_KOGAwI7KDiKlKpkjeTMPJYAU-yFjsnMhFWL4mSwdRXqBntMizFSud4Wt7bo5XKtMMYfC_G7ph_A-XgDUXr0Fadoe3n2ly16t7pA4_Dzs3zfvD4PZfQOwUPXrcllz5nYfvxNsVX_4Gp18JFg0jIIMVkV3ShO69RRESk0aSi-ZbJqtXZpywIHXnokDSGqwKnVU1zdO90TGsNhJ8iOUoAucuctfBLc-fvCTD4CKWp3VtI05Gu11VdhOkkdy4A8LR_mxGmemEYVU5d-mQGbKpsr99-ZWkJmftABcs-oH8BfI19EsvujqqTBoKxZAd_5JsBu08H8WlN2DK-YPYANzNaNxcCU3yuOeYIZMol5F0klf_jxpOMSpiG8qM49h1HdkbROlRu7le230q9KbDvwQbQCjQZ635tH6ZfPJEOngrO1IPWXPBoz2bpjQdlmjpkPJwBabDjO84jaqbC6AceyscNCGi2WKsmpnJ4WTfiTSu1N9D9JwtYEtChfBHQ904ZBwFZ2q9nFn9dLu1xsILDdeJtNb-1HqoX3xAbpfdRWIG_f5Oezi5T1DpJAqMqPy2s6-9H7kTwnZGfnZ0cBRZAsxCoV_3YysNwdSR8dqaMVOKW376UPPD4yGzZA&sai=AMfl-YRGHjJkt66TFpLu17a3RFDlUesQWZBQ8UesxPF12R3mFCsncLuZcjoyocxg42UGICsbayqWJFD4MQzT02_IbVW9iC1wJluYyWsJEWfwyJn1AtOgBg1KHyQE-El4t4TstrwfjVDuDmQWeJ1AN_ggffutBEhx3g&sig=Cg0ArKJSzJerBsYwkQD6EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=139&cbvp=1&cstd=137&cisv=r20210511.26565&adurl=

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 15 May 2021 23:12:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BBF7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmmOkBmHjrgfaRLKo0kMYhGQKvAaGVtjGGZzTHmdSPVkFq7x7PUq0vUJ4nyRM0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 15 May 2021 23:12:03 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 16-May-2021 00:12:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 15 May 2021 23:12:03 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 15 May 2021 23:12:03 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B4EE
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

41ms
40ms

Document
text/html

2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmmOkBmHjrgfaRLKo0kMYhGQKvAaGVtjGGZzTHmdSPVkFq7x7PUq0vUJ4nyRM0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 15 May 2021 23:12:03 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 16-May-2021 00:12:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 15 May 2021 23:12:03 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 15 May 2021 23:12:03 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C7BD 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sat, 15 May 2021 12:02:36 GMT
expires: Sun, 15 May 2022 12:02:36 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 40167
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET /
google2waycm.netmng.com/cm/ Frame 68CC 0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 68CC
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEDQBdvDX7UqkldFacRQnqeU&google_cver=1&google_push=AQvitULCUXpNrEs151OUbCUo6HE1r2R7xmJOidGs9mzKbuvOmuEjwzYKjDld4N4kRIoPHn5bhsMFt-sx5VZaPzq1g70nbyFtoQ4
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D9ED4388C532432885D5B47175D27426&google_push=AQvitULCUXpNrEs151OUbCUo6HE1r2R7xmJOidGs9mzKbuvOmuEjwzYKjDld4N4kRIoPHn5bhsMFt-sx5VZaPzq...

170 B
188 B

71ms
69ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D9ED4388C532432885D5B47175D27426&google_push=AQvitULCUXpNrEs151OUbCUo6HE1r2R7xmJOidGs9mzKbuvOmuEjwzYKjDld4N4kRIoPHn5bhsMFt-sx5VZaPzq1g70nbyFtoQ4

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 15 May 2021 23:12:04 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D9ED4388C532432885D5B47175D27426&google_push=AQvitULCUXpNrEs151OUbCUo6HE1r2R7xmJOidGs9mzKbuvOmuEjwzYKjDld4N4kRIoPHn5bhsMFt-sx5VZaPzq1g70nbyFtoQ4
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Fri, 14 May 2021 23:12:04 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 68CC
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEOJwZS0pIR1I5JYvBPWbkR4&google_cver=1&google_push=AQvitUJmpLEKx5JDPxWcRCcSSCVLnutLl6Ku8BmElVZZQJ83GgNvMyBskwR_WsgIhdYYD9ck9RngF0Lk...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEOJwZS0pIR1I5JYvBPWbkR4&google_cver=1&google_push=AQvitUJmpLEKx5JDPxWcRCcSSCVLnutLl6Ku8BmElVZZQJ83GgNvMyBskwR_WsgIhdYYD9ck9Rn...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTA5NzQ0NTY0MTE4NTAwNTY3MA&google_push=AQvitUJmpLEKx5JDPxWcRCcSSCVLnutLl6Ku8BmElVZZQJ83GgNvMyBskwR_WsgIhdYYD9ck9RngF0...

170 B
188 B

69ms
69ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTA5NzQ0NTY0MTE4NTAwNTY3MA&google_push=AQvitUJmpLEKx5JDPxWcRCcSSCVLnutLl6Ku8BmElVZZQJ83GgNvMyBskwR_WsgIhdYYD9ck9RngF0Lk81XRhLj4iF_bmBMUPMw

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:07 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTA5NzQ0NTY0MTE4NTAwNTY3MA&google_push=AQvitUJmpLEKx5JDPxWcRCcSSCVLnutLl6Ku8BmElVZZQJ83GgNvMyBskwR_WsgIhdYYD9ck9RngF0Lk81XRhLj4iF_bmBMUPMw
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 68CC
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEC5AkAJglFNlzJrEb91jk2s&google_cver=1&google_push=AQvitUKWu7BXzxiLr6Lw0cltHpMl4zspacV_rTnEEbPFnNbs7JAt3ThYGnhEY3NM6eHa3QWDPzBGXVPXmit1-YqHkVls1L8EfXA
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKWu7BXzxiLr6Lw0cltHpMl4zspacV_rTnEEbPFnNbs7JAt3ThYGnhEY3NM6eHa3QWDPzBGXVPXmit1-YqHkVls1L8EfXA&google_hm=qoEg3EUDxSI-S5obhoOP9Q==

170 B
188 B

134ms
68ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKWu7BXzxiLr6Lw0cltHpMl4zspacV_rTnEEbPFnNbs7JAt3ThYGnhEY3NM6eHa3QWDPzBGXVPXmit1-YqHkVls1L8EfXA&google_hm=qoEg3EUDxSI-S5obhoOP9Q==

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:03 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUKWu7BXzxiLr6Lw0cltHpMl4zspacV_rTnEEbPFnNbs7JAt3ThYGnhEY3NM6eHa3QWDPzBGXVPXmit1-YqHkVls1L8EfXA&google_hm=qoEg3EUDxSI-S5obhoOP9Q==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: c9gs8b0huabe5t3lqd42if2kthtjra85

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 68CC
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=jlFY6WiEReS4aKu0WPOJxw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

67ms
66ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=jlFY6WiEReS4aKu0WPOJxw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKXM9cpzGOApkdrDWljnvj9BdhCmM21ymECN-1guX4dzwSIPbfT6F-m8RK5AtnMtWn8l9dT2dkGd738zChKS-ctR8zyNOg

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=jlFY6WiEReS4aKu0WPOJxw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKXM9cpzGOApkdrDWljnvj9BdhCmM21ymECN-1guX4dzwSIPbfT6F-m8RK5AtnMtWn8l9dT2dkGd738zChKS-ctR8zyNOg
date: Sat, 15 May 2021 23:12:04 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 68CC
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHvsCr85okE0weA7WnRJZXQ&google_cver=1&google_push=AQvitUKU2bLdG2Wf-iRKw5Xp4lswd6nLOsSXGSjNCeyPoE4xhrzY3GWTVxpeV9A_StRBUA4MSLICPkCIccX2yhz8...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AQvitUKU2bLdG2Wf-iRKw5Xp4lswd6nLOsSXGSjNCeyPoE4xhrzY3GWTVxpeV9A_StRBUA4MSLICPkCIccX2yhz8uoQjByCJwQ

170 B
188 B

68ms
67ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AQvitUKU2bLdG2Wf-iRKw5Xp4lswd6nLOsSXGSjNCeyPoE4xhrzY3GWTVxpeV9A_StRBUA4MSLICPkCIccX2yhz8uoQjByCJwQ

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 15 May 2021 23:12:05 GMT
via: 1.1 c76347c8ef1f3a2b6fb69cd7d1c6f749.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AQvitUKU2bLdG2Wf-iRKw5Xp4lswd6nLOsSXGSjNCeyPoE4xhrzY3GWTVxpeV9A_StRBUA4MSLICPkCIccX2yhz8uoQjByCJwQ
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: tsR0sXOMGUaCnoI-2qYy5JCN-DAVfXFkcqxdtB40tiYTnFUlnivrFA==

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 68CC
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMwodkogdH-8LFBKqDJyGcE&google_cver=1&google_push=AQvitUJLi2j8WiJKnPOnlrHORzZwzFTTsnxv1Wf6VSVxmQMVTQuD5gUNiQ-uclbINsprNFvA9-FeexadMzKes96hNJpAhJDo7A0
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AQvitUJLi2j8WiJKnPOnlrHORzZwzFTTsnxv1Wf6VSVxmQMVTQuD5gUNiQ-uclbINsprNFvA9-FeexadMzKes96hNJpAhJDo7A0&googl...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTE2MDY1Mzc4MjE4NTYxODM1OTY%3D&google_push=AQvitUJLi2j8WiJKnPOnlrHORzZwzFTTsnxv1Wf6VSVxmQMVTQuD5gUNiQ-ucl...

170 B
188 B

69ms
68ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTE2MDY1Mzc4MjE4NTYxODM1OTY%3D&google_push=AQvitUJLi2j8WiJKnPOnlrHORzZwzFTTsnxv1Wf6VSVxmQMVTQuD5gUNiQ-uclbINsprNFvA9-FeexadMzKes96hNJpAhJDo7A0

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTE2MDY1Mzc4MjE4NTYxODM1OTY%3D&google_push=AQvitUJLi2j8WiJKnPOnlrHORzZwzFTTsnxv1Wf6VSVxmQMVTQuD5gUNiQ-uclbINsprNFvA9-FeexadMzKes96hNJpAhJDo7A0
date: Sat, 15 May 2021 23:12:05 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 68CC 0
59 B 69ms
66ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K0uZbva0TYlCYDi0BO4whUKdD2CY0pESMKLCdDih6TSQhvsLoRiNvMdA-NKnr68XPSe-a5

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:03 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 css
fonts.googleapis.com/ Frame 9940 720 B
377 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web&subset=latin

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9753181/1616408623857/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1d4ee68a4b4d3d329089adf12dc360b975f7d6cc57f0a051365f651a4e34643c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 May 2021 23:09:08 GMT
server: ESF
date: Sat, 15 May 2021 23:12:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 May 2021 23:12:03 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 9940 728 B
382 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:600&subset=latin

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9753181/1616408623857/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8cf20f3c0544286ae34be1df4d8c19de9d4b9c6041b769bb4448f9a19036febe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 May 2021 22:04:09 GMT
server: ESF
date: Sat, 15 May 2021 23:12:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 May 2021 23:12:03 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 9940 728 B
382 B 23ms
22ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:700&subset=latin

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9753181/1616408623857/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

79f6f04716a94f383afeb39c9e57117db9a9695f327e04a5a6ac4b55e723e0ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 May 2021 21:26:47 GMT
server: ESF
date: Sat, 15 May 2021 23:12:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 May 2021 23:12:03 GMT

GET
H3-29 200 HYPE-728.thin.min.js Show response
s0.2mdn.net/9753181/1616408623857/ Frame 9940 55 KB
24 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9753181/1616408623857/HYPE-728.thin.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9753181/1616408623857/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11dd5cdff459a5138767096fadda7834f8d4a1c3e546fa5999e5ad38432aedca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9753181/1616408623857/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 10:38:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45207
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24493
x-xss-protection: 0
last-modified: Mon, 22 Mar 2021 10:23:43 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sun, 16 May 2021 10:38:36 GMT

GET
H3-29 200 DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js Show response
pagead2.googlesyndication.com/bg/ Frame C7BD 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f2408d274b2e81505cf5c1b84d9f0d583282490834abfe22710e697342c05e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 21:21:06 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 6657
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5636
x-xss-protection: 0
expires: Sun, 15 May 2022 21:21:06 GMT

GET
H3-29 200 outnorth.png
s0.2mdn.net/9753181/1616408623857/ Frame 9940 4 KB
4 KB 6ms
6ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9753181/1616408623857/outnorth.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9753181/1616408623857/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0fcaed7417c5277e2603cf2c0f5f4a95e77172e74154ec6f7c4c012b5301122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9753181/1616408623857/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 10:43:38 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Mar 2021 10:23:44 GMT
server: sffe
age: 44905
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4438
x-xss-protection: 0
expires: Sun, 16 May 2021 10:43:38 GMT

GET
H3-29 200 grovelsjo-12.jpg
s0.2mdn.net/9753181/1616408623857/ Frame 9940 678 KB
679 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9753181/1616408623857/grovelsjo-12.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9753181/1616408623857/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcd46f947a06d7e9bb7f98aadba4d7872b55590b439801a5fd63b94cf4a43cdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9753181/1616408623857/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 07:05:30 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Mar 2021 10:23:44 GMT
server: sffe
age: 57993
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 694667
x-xss-protection: 0
expires: Sun, 16 May 2021 07:05:30 GMT

GET
H3-29 200 NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v9/ Frame 9940 12 KB
12 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v9/NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzYw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Titillium+Web:600&subset=latin

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef8a5f444c988e2c08260642c8257654f5e825e839a9c3d355933d4d12e0345b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 21:36:51 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:08:23 GMT
server: sffe
age: 178512
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12300
x-xss-protection: 0
expires: Fri, 13 May 2022 21:36:51 GMT

GET
H3-29 200 NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v9/ Frame 9940 11 KB
11 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v9/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Titillium+Web:700&subset=latin

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e35ec3dfa80b7851b7826fcae5e1ef652d03d77c6c2af9f0bf1b97d49fe876d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 00:55:37 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:06:52 GMT
server: sffe
age: 425786
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11720
x-xss-protection: 0
expires: Wed, 11 May 2022 00:55:37 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E94E 0
60 B 95ms
94ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 15 May 2021 23:12:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C7BD 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BzB0lQ1WgYPitJs_V3wOC_o6QCwAAAAA4AeAEAg&bg=!39yl3JjNAAY59bwoOfU7ACkAdvg8Wi59YGWrtnBLTwl5YJWBXGEoLMWJeBLgKNSqAIBOlCp0xzkBWQIAAACHUgAAAA9oAQcKAJQUEF5zzrm1PRJZxnCMRYbNt3-G4j6oGYyoDKzkh679uw5bStvIapveYb6fgdIsCCiYNFwAvv0GBJNv8Qd6aWQKIuz6YhQrY7VED0rTb-1moGPzSKcQoxnNRohoCZn225lT4rKf4tc_p2ioodc5ADGcds6F4S54tJ6lCk3k7i6M3UK_47TfzlvJfJu03BI3jzekClbqmQKNsn9lsQ7W8IFpokieSpW6KAlqBItOpYYKur_LmCInGAjof8JR0M1vpn7XptSGDxi8HA4ghWTBdSgnr8x8gPqBbS8iP8CZsbZLwNsSmgGgDkxKiLGcEwcBJMsA1LbaesTBjjWPYsaQsf194g_DLLDZSMf2MXHEnbgK6GZREXCQ_DG2hsPcFD6OrQFdBCfkWSCqoHWHDP-RHU17wPpaaZ4iVEaoHAKEOtlLss654FbZ03EqwRFiTVcU9FuZ2PQIK-fDFCdmZeLpKT2X_hz6js5IlP9YORDMXN1ciaigTpWlxhVMTEH3h-IyZlEKVN-kpbss0PASUlkUOiU-9Nhu0KiY4Eknu_gRvbjpGk1Z5jGFRqtPP5gM3n8KqvJhZ4Jl-MXJCJgTSbTtWoFyuA96IEq_fpodaBsUSiL3rYfSdXx9gupgpd_12Aou7VvXqKoOj13oLG6uoSujkMiws-rY9yVCQc7gAp3JP_mB9ldazQl1bh-PCB8h5IWKU4XJ3Acwx-nT4EzUOi0bhdLqqRYhuWe-JtU71RmEZhDfbrOc9JLc48mLiu5j4TeJ2wgLLmdw5d_98LkA-Ons5hwKOgvizVDjBlElbHnah-mm2haUv8YMm0z3E87ipL1HBDumPctxm2P51ZVd1T68aWgUt0EjdqIcnwxxP4u50Bo6lFGS3mrzbIDls-Afe-mMjzd_0cbSV1bMQgxIoN-27gExZO5k7BWJOhOUnJFedg1c1foPGs8f8DuJmJcaaZHMUl7Tx1AaTkVPDo_geJ5ilPUXnrUJ0OgNzABwjm9dnQZZOMAwZmELpSgyUyDiUzk7xeiA_MjqHO1an0zHA1moMZm-gtSIVv8aK1lPVvXLndRZnUL6s9c

Requested by

Host: 1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
URL: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content multitracking Show response
ghb.adtelligent.com/adunit/ 0
200 B 88ms
30ms XHR
text/plain 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/multitracking
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18762
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://1plus1.ua
Date: Sat, 15 May 2021 23:12:04 GMT
Access-Control-Allow-Credentials: true
Server: VertaMedia 1.0
Connection: Keep-Alive

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame ED96 42 B
64 B 41ms
40ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssvTcyUdEDNXOcSK31GI1LhcQixL_xabc0M1OFChKJTvSmJ4Udb1ZgTtvk-DfXK7cLwA26FuKLvh491P7vq8jzkO-SlfmDePpDkXwKc2az0QMBT&sai=AMfl-YQCaj3mte5uBw3VDxWDIkgJ_op3S0MkJPGXg8mOGRX5xgovimO8Hoyc3NpTIn7fuwjMo8DBO_6sA2ToyO3_mQMiDG6TNP4ZsQLUKp9o1p4pyeQnzNI5TRnah3EJ&sig=Cg0ArKJSzHRNgniemq8jEAE&cid=CAASEuRoNckqFfERQiWxtpwcE_64OQ&id=ampim&o=1130,820&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1004&mtos=0,0,1004,1004,1004&tos=0,0,1004,0,0&tfs=137&tls=1141&g=100&h=100&tt=1141&r=v&avms=ampa&adk=49368607

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EB3E 42 B
64 B 63ms
46ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss0WaJpKvXmoBXXR8_R_8nY9CvEeGo03OxdTErBVe9CplMnjEmWA2Ev_D5tQuI3tcCmy04kaTy2y2X5HgmV_030dhZzbLty51lRInaq-UDGT-sgukmaXe8SLEWIIg&sai=AMfl-YTAVEY97NQ95IRhSbDKMqVha1CJf_w_1uVuL53HUt4n9vjFNWT665RLmlWcE24VBNK46C_9MXtNdEOv_a-P9F6SBNKQv7cTlGe8FtSmuJChzVcJcH0k8GwlxUvZ&sig=Cg0ArKJSzEaFGMzqoC_XEAE&cid=CAASF-RoYMll7sOqVamVKP1kDuZia9ltB95S&id=lidar2&mcvt=1000&p=1020,80,1140,1060&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210514&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=2198103003&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&rst=1621120323567&dlt=54&rpt=1&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame CDED
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=9e5f4c173d0a5032be571ec71...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YKBVRPomrD6XL571CHriDgAA%26662

49 B
530 B

59ms
58ms

Image
image/gif

18.158.173.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YKBVRPomrD6XL571CHriDgAA%26662
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:05 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:05 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YKBVRPomrD6XL571CHriDgAA%26662
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 309
Expires: Sat, 15 May 2021 23:12:05 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 82 KB
27 KB 67ms
23ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18763/hb_298309_4139.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: d6b7472f98f400d0f4c24dea8eb9a90afb003eda04b32f86f48fddaf56f78fbf

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:04 GMT
content-encoding: gzip
last-modified: Mon, 10 May 2021 10:39:22 GMT
server: nginx
etag: W/"60990d5a-14816"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 May 2021 23:12:04 GMT

POST
H2 204 events
bidder.criteo.com/csm/ 0
139 B 52ms
51ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/csm/events
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://1plus1.ua
date: Sat, 15 May 2021 23:12:04 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 82 KB
27 KB 85ms
41ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: d6b7472f98f400d0f4c24dea8eb9a90afb003eda04b32f86f48fddaf56f78fbf

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:05 GMT
content-encoding: gzip
last-modified: Mon, 10 May 2021 10:39:22 GMT
server: nginx
etag: W/"60990d5a-14816"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 May 2021 23:12:05 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame CDED
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=a997c79418fa9aea9cddf57...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=954860a0-5545-4200-a750-b09ea7617d23&gdpr=0&gdpr_consent=

49 B
575 B

54ms
53ms

Image
image/gif

18.158.173.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=954860a0-5545-4200-a750-b09ea7617d23&gdpr=0&gdpr_consent=
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:05 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Date: Sat, 15 May 2021 23:12:04 GMT
Server: MT3 3736 915c305 master cdg-pixel-x15
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=954860a0-5545-4200-a750-b09ea7617d23&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 15 May 2021 23:12:03 GMT

GET
H2 200 v2_298309_4139.json Show response
player.adtelligent.com/prebidlink/2701867/ 42 KB
5 KB 53ms
52ms XHR
application/json 213.174.135.2
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/2701867/v2_298309_4139.json?cb=1plus1.ua
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18762
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 5b6ed70fc2456e6b1958c651733fb245d2e43d3b1cb3617707c4fc389c83fd1a

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:05 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 21:55:41 GMT
server: nginx
etag: W/"609ef1dd-a7f0"
content-type: application/json
access-control-allow-origin: https://1plus1.ua
expires: Sun, 16 May 2021 00:12:05 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2

200

img
ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/ Frame CDED
Redirect Chain

https://track.adform.net/serving/cookie/match/?party=9&uid=3ce5f625266065c06d105dcc39429bc10db529102a1f56a0af10dc052bf1fcac&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b7411e9913b1...
https://track.adform.net/serving/cookie/match/?CC=1&party=9&uid=3ce5f625266065c06d105dcc39429bc10db529102a1f56a0af10dc052bf1fcac&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b7411e9...
https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/img?tpid=42&gdpr=0&tpuid=1097445641185005670

49 B
584 B

53ms
52ms

Image
image/gif

18.158.173.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/img?tpid=42&gdpr=0&tpuid=1097445641185005670
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:05 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:05 GMT
server: nginx
location: https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/img?tpid=42&gdpr=0&tpuid=1097445641185005670
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame CDED
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&u...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=191c0cdf-03ff-41d0-8294-b44c1e9455aa

49 B
535 B

53ms
52ms

Image
image/gif

18.158.173.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=191c0cdf-03ff-41d0-8294-b44c1e9455aa
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:05 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
x-errorlevel: 0
server: Microsoft-IIS/10.0
date: Sat, 15 May 2021 23:12:04 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=191c0cdf-03ff-41d0-8294-b44c1e9455aa
cache-control: no-cache
server-processing-duration-in-ticks: 1890
content-type: text/html; charset=utf-8
content-length: 237
expires: Sat, 15 May 2021 00:00:00 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame CDED
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=c82298dd86c48a72e3ac8af3...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=954860a0-5545-4200-a750-b09ea7617d23&gdpr=0&gdpr_consent=

49 B
628 B

57ms
56ms

Image
image/gif

18.158.173.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=954860a0-5545-4200-a750-b09ea7617d23&gdpr=0&gdpr_consent=
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:05 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Date: Sat, 15 May 2021 23:12:04 GMT
Server: MT3 3736 915c305 master cdg-pixel-x4
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=954860a0-5545-4200-a750-b09ea7617d23&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 15 May 2021 23:12:03 GMT

GET
H2

200

img
ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/ Frame CDED
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=a0d37406c8ac2d32e71d5c56942b2ad046af33825adf0b5f1c29d7c608df50e1&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09...
https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/img?uid=a0d37406c8ac2d32e71d5c56942b2ad046af33825adf0b5f1c29d7c608df50e1&tpid=38&gdpr=0&tpuid=CAESELl4hYs3PjSimYOgYJYeMdE...

49 B
646 B

63ms
62ms

Image
image/gif

18.158.173.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/img?uid=a0d37406c8ac2d32e71d5c56942b2ad046af33825adf0b5f1c29d7c608df50e1&tpid=38&gdpr=0&tpuid=CAESELl4hYs3PjSimYOgYJYeMdE&google_cver=1
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/img?uid=a0d37406c8ac2d32e71d5c56942b2ad046af33825adf0b5f1c29d7c608df50e1&tpid=38&gdpr=0&tpuid=CAESELl4hYs3PjSimYOgYJYeMdE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 424
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

js Show response
ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/ Frame CDED
Redirect Chain

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=427fe4fdc2edd16fa59ead93c808f91a7379a6ff0aaa573dd1d7c0c07981fca1&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b741...
https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=427fe4fdc2edd16fa59ead93c808f91a7379a6ff0aaa573dd1d7c0c07981fca1&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fc09a9e6e93b741...
https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/js?tpid=48&tpuid=9de6bd9b7cd6dd43218c8b27def3d570

44 B
593 B

52ms
52ms

Script
text/javascript

18.158.173.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/js?tpid=48&tpuid=9de6bd9b7cd6dd43218c8b27def3d570
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 5c5cde291738ac47eafd8efd961b378b8e451486d026f4b371b582de9876cf0f

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
p3p: CP=NOI PSA OUR
content-length: 44
content-type: text/javascript

Redirect headers

Location: https://ih.adscale.de/sium/c09a9e6e93b7411e9913b1a511619e58/1621120323609/0/js?tpid=48&tpuid=9de6bd9b7cd6dd43218c8b27def3d570
Date: Sat, 15 May 2021 23:12:06 GMT
Server: nginx
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Content-Length: 147
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum.casalemedia.com/ Frame 45FE 2 KB
3 KB 89ms
86ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D55541ab6c584a418%26uid%3D
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b12eebd27060324cfaf11df9601bf7e5ad503e6530f0b49de3dbe0b29d059591

Request headers

Host: ssum.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.us.e-planning.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMPS=331; CMID=YKBVRPomrD6XL571CHriDgAA; CMPRO=662; CMRUM3=2d60a055442760CAESEJYrSxUAn0bU2S7stXDBfRM; CMST=YKBVRGCgVUUA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.us.e-planning.net/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 230|39|241|46|152|123|47|4
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1639
Expires: Sat, 15 May 2021 23:12:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 15 May 2021 23:12:06 GMT
Connection: keep-alive
Set-Cookie: CMID=YKBVRPomrD6XL571CHriDgAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 15 May 2022 23:12:06 GMT CMPS=331;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 13 Aug 2021 23:12:06 GMT CMPRO=662;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 13 Aug 2021 23:12:06 GMT CMRUM3=e660a055462760&f160a0554605a0&2f60a0554605a0&7b60a0554605a00&2d60a055442760CAESEJYrSxUAn0bU2S7stXDBfRM&2e60a0554605a0&9860a0554605a00&0460a0554605a0&2760a055460b40;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 15 May 2022 23:12:06 GMT CMST=YKBVRGCgVUYA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 16 May 2021 23:12:06 GMT

GET
H2 200 / Show response
spl.zeotap.com/ Frame E595 8 KB
2 KB 66ms
43ms Document
text/html 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ff4a0ffe660e2d84b440b7c353523e0b28c01ab685e3df1782f355f1b22c65e

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.us.e-planning.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.us.e-planning.net/

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://ads.us.e-planning.net
set-cookie: zc=02f64658-ecbe-45c9-5f28-272c0b1026f3; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure zsc=h%88%CB%E2%FCD1%FEhW%BD%CB%98%7D%D7ZF%E6%B3%DBA%FD%7C%83%01L%E7%3E%CE%A4b%E3-J+O%BEL-%7DH7W%DE%06%14QmH%28%FD%E8n%AEa%5D%EB%E3R%ABG%06%C5z%1C%C8%91%9D%E8%266K%81%E4%B9y7%0E%7B%1E+%D2%04%90R3P%C9%DF%D1%CCLe%07k%DCJ%BC%90%AC%D0%93%B1%08%A8lfl%F1%83%8C%B1%F2%7B%A8%7C9%CE%EF%14%D39M%A1.%FB%10%BB%2Bx%D53%A6%C7c%5C%AA%D2%0D%F3%1CM%A90a%E5%B3%B1%2F%A5F%A9%13%DDO%AC%DEVd%BBS%88%9B%84%AD1%04s%F0; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 0a13e632900000177a43232000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65000c974c31177a-FRA
content-encoding: br

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame E595 0
0 56ms
54ms Image
text/html 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75...
https://mwzeom.zeotap.com/mw?google_gid=CAESECqh6RU_NUpcbuPya5HDHH4&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b...

95 B
188 B

27ms
25ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESECqh6RU_NUpcbuPya5HDHH4&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000c980d2d177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e6330a0000177a21882000000001

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESECqh6RU_NUpcbuPya5HDHH4&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 470
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
https://mwzeom.zeotap.com/mw?cid=267be2a9-11b8-4b99-beed-22222e385650&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0...

95 B
178 B

36ms
36ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=267be2a9-11b8-4b99-beed-22222e385650&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000c999f14177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e634010000177a75bdf000000001

Redirect headers

date: Sat, 15 May 2021 23:12:06 GMT
via: 1.1 google
server: Jetty(9.4.36.v20210114)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://mwzeom.zeotap.com/mw?cid=267be2a9-11b8-4b99-beed-22222e385650&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
alt-svc: clear
content-length: 0

GET
H2 403 /
dmp.adform.net/serving/cookie/match/ Frame E595 0
331 B 446ms
62ms Image
text/plain 37.157.6.242
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:06 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3De...
https://mwzeom.zeotap.com/mw?cid=124ec887-2453-4f75-9dcc-417e8ad956e6&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0...

95 B
178 B

26ms
25ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=124ec887-2453-4f75-9dcc-417e8ad956e6&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000c982d46177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e633150000177a6f262000000001

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:06 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://mwzeom.zeotap.com/mw?cid=124ec887-2453-4f75-9dcc-417e8ad956e6&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 481

GET
H2 200 cm
trc.taboola.com/sg/zeotap/1/ Frame E595 0
162 B 1196ms
57ms Image
text/plain 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Sat, 15 May 2021 23:12:07 GMT
via: 1.1 varnish
server: nginx
x-timer: S1621120328.507492,VS0,VE9
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11543-HHN

GET
H/1.1 200
OK u
dmp.v.fwmrm.net/ad/ Frame E595 0
361 B 3220ms
55ms Image
text/html 154.57.158.51
FREEWHEEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 154.57.158.51 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS: amsadvip2.fwmrm.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:09 GMT
Cache-Control: no-store
Expires: 0
Content-Type: text/html
Content-Length: 0
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame E595 0
41 B 62ms
54ms Image
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3Decae5b38-5c6c-4dc0-75d8-5218c6e2312e%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:05 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=136...
https://mwzeom.zeotap.com/mw?cid=1738b8e5-67f4-41c2-b19e-dc92827e39f9&zpartnerid=317&gdpr=1&gdpr_consent=

95 B
178 B

36ms
36ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=1738b8e5-67f4-41c2-b19e-dc92827e39f9&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000c986d91177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e633440000177a3711d000000001

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:06 GMT
server: Apache-Coyote/1.1
location: https://mwzeom.zeotap.com/mw?cid=1738b8e5-67f4-41c2-b19e-dc92827e39f9&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=02f64658-ecbe-45c9-5f28-272c0b1026f3&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=02f64658-ecbe-45c9-5f28-272c0b1026f3&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
https://mwzeom.zeotap.com/mw?cid=04477243010405014012439963975494566190&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-...

95 B
177 B

25ms
24ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=04477243010405014012439963975494566190&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:09 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000cad0fb9177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e640220000177a6ab70000000001

Redirect headers

DCS: dcs-prod-irl1-1-v006-0c596772b.edge-irl1.demdex.com 6.2.1.20210507120117-PR_1432-SNAPSHOT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: nit2OjYtR/g=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://mwzeom.zeotap.com/mw?cid=04477243010405014012439963975494566190&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 204 /
loadeu.exelator.com/load/ Frame E595 0
324 B 3238ms
80ms Image
text/plain 18.198.69.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.69.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:09 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://bn01.er.bemail.it/zeotap.php?_bid=02f64658-ecbe-45c9-5f28-272c0b1026f3&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-...
https://mwzeom.zeotap.com/mw?cid=BE1-2021051601-92010-0.359160001621120330-6f0a509765742b559de9224fbe49316c&zdid=533&env=mWeb

95 B
201 B

34ms
33ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=BE1-2021051601-92010-0.359160001621120330-6f0a509765742b559de9224fbe49316c&zdid=533&env=mWeb
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:09 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000cac7f48177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e63fcf0000177a7c0a6000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=BE1-2021051601-92010-0.359160001621120330-6f0a509765742b559de9224fbe49316c&zdid=533&env=mWeb
Date: Sat, 15 May 2021 23:12:10 GMT
Server: nginx/1.10.2
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Transfer-Encoding: chunked
Content-Type: text/html

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
https://mwzeom.zeotap.com/mw?cid=6962658787354671248&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-...

95 B
178 B

27ms
26ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=6962658787354671248&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:07 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000ca098da177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e6385d0000177a573d7000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=6962658787354671248&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Date: Sat, 15 May 2021 23:12:07 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame E595
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=02f64658-ecbe-45c9-5f28-272c0b1026f3
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=02f64658-ecbe-45c9-5f28-272c0b1026f3

95 B
426 B

69ms
68ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=02f64658-ecbe-45c9-5f28-272c0b1026f3

Requested by

Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Jetty(9.4.36.v20210114) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
via: 1.1 google
server: Jetty(9.4.36.v20210114)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

Redirect headers

date: Sat, 15 May 2021 23:12:06 GMT
via: 1.1 google
server: Jetty(9.4.36.v20210114)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=02f64658-ecbe-45c9-5f28-272c0b1026f3
alt-svc: clear
content-length: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=02f64658-ecbe-45c9-5f28-272c0b1026f3&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=02f64658-ecbe-45c9-5f28-272c0b1026f3&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://mwzeom.zeotap.com/mw?webouuid=tw0cas7xu8e2yqScb6ddtu&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4d...

95 B
178 B

23ms
23ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?webouuid=tw0cas7xu8e2yqScb6ddtu&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000c9a4fe4177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e6346c0000177a769df000000001

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:06 GMT
via: 1.1 google
last-modified: Sat, 15 May 2021 23:12:06 GMT
server: nginx/1.12.0
location: https://mwzeom.zeotap.com/mw?webouuid=tw0cas7xu8e2yqScb6ddtu&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 2.gif
dmp.theadex.com/d/949/i/ Frame E595 36 B
378 B 442ms
55ms Image
image/gif 89.163.159.103
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=02f64658-ecbe-45c9-5f28-272c0b1026f3&axd_pid=175
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 89.163.159.103 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx /
Resource Hash: 204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:07 GMT
server: nginx
p3p: CP="CAO PSAa PSDa IVAa IVDa OUR UNI COM NAV"
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
content-length: 36
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=02f64658-ecbe-45c9-5f28-272c0b1026f3?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=02f64658-ecbe-45c9-5f28-272c0b1026f3?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdp...
https://mwzeom.zeotap.com/mw?pid=831a49e880a38d8b08653ad8e5bd9b57&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c...

95 B
199 B

32ms
31ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?pid=831a49e880a38d8b08653ad8e5bd9b57&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:10 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000caec9cc177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e6413e0000177a4a9c1000000001

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:10 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://mwzeom.zeotap.com/mw?pid=831a49e880a38d8b08653ad8e5bd9b57&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
cache-control: no-cache
x-server: 10.45.0.239
content-length: 0
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
https://mwzeom.zeotap.com/mw?cid=y-7HDvhPNE2opYEZrf1hoLh5yUL1axpxA22A--~A&zpartnerid=570&env=mWeb

95 B
201 B

27ms
26ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=y-7HDvhPNE2opYEZrf1hoLh5yUL1axpxA22A--~A&zpartnerid=570&env=mWeb
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:07 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000c9c0a78177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e635890000177a5ab84000000001

Redirect headers

date: Sat, 15 May 2021 23:12:07 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: text/html;charset=utf-8
location: https://mwzeom.zeotap.com/mw?cid=y-7HDvhPNE2opYEZrf1hoLh5yUL1axpxA22A--~A&zpartnerid=570&env=mWeb
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zd...
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=g3DODFC4NGPzfod%2FBYBcOvXd%2B8yypxGd%2BS41iYitP1U%3D

95 B
178 B

32ms
32ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=g3DODFC4NGPzfod%2FBYBcOvXd%2B8yypxGd%2BS41iYitP1U%3D
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:07 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000c9cfba8177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e6361f0000177a79217000000001

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:07 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=g3DODFC4NGPzfod%2FBYBcOvXd%2B8yypxGd%2BS41iYitP1U%3D
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 v2
odr.mookie1.com/t/ Frame E595 43 B
324 B 169ms
59ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=02f64658-ecbe-45c9-5f28-272c0b1026f3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:07 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame E595 0
337 B 461ms
70ms Image
text/plain 54.77.62.253
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.62.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:07 GMT
cache-control: private, no-cache, no-store
x-request-time: D=52 t=1621120327
x-served-by: beacon-n010-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 /
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame E595 95 B
358 B 66ms
61ms Image
image/png 168.119.146.39
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=02f64658-ecbe-45c9-5f28-272c0b1026f3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.146.39 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.39.146.119.168.clients.your-server.de
Software: nginx/1.10.3 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
server: nginx/1.10.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YKBVRwAA4BkdTQBg&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-521...

95 B
178 B

29ms
29ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YKBVRwAA4BkdTQBg&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361&_test=YKBVRwAA4BkdTQBg
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:07 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000c9f1f15177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e637730000177a6489f000000001

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:07 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1621120328.514097,VS0,VE0
x-served-by: cache-fra19180-FRA
x-cache: HIT
location: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YKBVRwAA4BkdTQBg&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361&_test=YKBVRwAA4BkdTQBg
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://mwzeom.zeotap.com/mw?cid=954860a0-5545-4200-a750-b09ea7617d23&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b3...

95 B
178 B

43ms
43ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=954860a0-5545-4200-a750-b09ea7617d23&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:07 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000c9fe815177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e637f30000177a29037000000001

Redirect headers

Date: Sat, 15 May 2021 23:12:07 GMT
Server: MT3 3736 915c305 master zrh-pixel-x31
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://mwzeom.zeotap.com/mw?cid=954860a0-5545-4200-a750-b09ea7617d23&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Sat, 15 May 2021 23:11:59 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame E595
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2...

0
336 B

70ms
69ms

Image
text/plain

54.77.62.253
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.62.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:07 GMT
cache-control: private, no-cache, no-store
x-request-time: D=28 t=1621120327
x-served-by: beacon-n020-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
date: Sat, 15 May 2021 23:12:07 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a006-ash-prod.krxd.net

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame E595
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=02f64658-ecbe-45c9-5f28-272c0b1026f3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f2...
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=02f64658-ecbe-45c9-5f28-272c0b1026f3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f2...

43 B
433 B

73ms
72ms

Image
image/gif

52.95.118.60
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=02f64658-ecbe-45c9-5f28-272c0b1026f3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361&dcc=t
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.118.60 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:08 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:08 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=02f64658-ecbe-45c9-5f28-272c0b1026f3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E595
Redirect Chain

https://tags.bluekai.com/site/87734?id=02f64658-ecbe-45c9-5f28-272c0b1026f3&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK...
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

95 B
201 B

24ms
23ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:08 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 65000ca7994b177a-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a13e63cbf0000177a79269000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Date: Sat, 15 May 2021 23:12:08 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: e1b1
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2 200 zeo
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/ Frame E595 0
38 B 1217ms
65ms Image
text/plain 52.49.62.42
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D02f64658-ecbe-45c9-5f28-272c0b1026f3%26reqId%3Decae5b38-5c6c-4dc0-75d8-5218c6e2312e%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.62.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:08 GMT
content-length: 0

GET
H2 200 cmp.min.js Show response
spl.zeotap.com/ Frame E595 557 B
491 B 44ms
41ms Script
text/plain 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01be17d7938f5f317cb03042fcd53de7d76126cb0b00f86df35dafd497b99c0a

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray: 65000c97bcb4177a-FRA
date: Sat, 15 May 2021 23:12:06 GMT
via: 1.1 google
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *
cf-request-id: 0a13e632d30000177a26984000000001

POST
H2 200 sium Show response
ih.adscale.de/ Frame CDED 0
190 B 52ms
52ms XHR
application/json 18.158.173.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/match.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ih.adscale.de
date: Sat, 15 May 2021 23:12:06 GMT
access-control-allow-credentials: true
access-control-allow-headers: x-openrtb-version
content-length: 0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 45FE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YKBVRPomrD6XL571CHriDgAAApYAAAAB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEAtXOa8fESbo2-4qcctC1yg&google_cver=1

43 B
315 B

1274ms
64ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEAtXOa8fESbo2-4qcctC1yg&google_cver=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D55541ab6c584a418%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:07 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Sat, 15 May 2021 23:12:07 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEAtXOa8fESbo2-4qcctC1yg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 45FE 70 B
264 B 68ms
65ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=70&cm_user_id=YKBVRPomrD6XL571CHriDgAA&gdpr=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D55541ab6c584a418%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:06 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 45FE
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKBVRPomrD6XL571CHriDgAAApYAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKBVRPomrD6XL571CHriDgAAApYAAAAB&dcc=t

43 B
433 B

141ms
140ms

Image
image/gif

52.46.130.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKBVRPomrD6XL571CHriDgAAApYAAAAB&dcc=t
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D55541ab6c584a418%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.46.130.13 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:09 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:09 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKBVRPomrD6XL571CHriDgAAApYAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame 45FE 0
0 3197ms
54ms Image
text/html 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D55541ab6c584a418%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 45FE
Redirect Chain

https://sync.extend.tv/r.gif?exchange=index
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a28a8bc4-0f7f-49e2-97d9-667ea1d70f81
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a28a8bc4-0f7f-49e2-97d9-667ea1d70f81&C=1

43 B
1021 B

77ms
77ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a28a8bc4-0f7f-49e2-97d9-667ea1d70f81&C=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D55541ab6c584a418%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:14 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 May 2021 23:12:14 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:14 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a28a8bc4-0f7f-49e2-97d9-667ea1d70f81&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 301
Expires: Sat, 15 May 2021 23:12:14 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 45FE
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=68
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=vF4z7eYRQNthvCtPMRQ-ZrlMCWs
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=vF4z7eYRQNthvCtPMRQ-ZrlMCWs&C=1

43 B
1012 B

80ms
79ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=vF4z7eYRQNthvCtPMRQ-ZrlMCWs&C=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D55541ab6c584a418%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:14 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 May 2021 23:12:14 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:14 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=vF4z7eYRQNthvCtPMRQ-ZrlMCWs&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 291
Expires: Sat, 15 May 2021 23:12:14 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 45FE
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=qObzHTTr1LI3s45&gdpr=1

43 B
1 KB

79ms
78ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=qObzHTTr1LI3s45&gdpr=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D55541ab6c584a418%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:09 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 May 2021 23:12:09 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:08 GMT
Server: PingMatch/v2.0.30-649-g03fe1b8#rel-ec2-master i-06dc1c09a183d011e@eu-central-1b@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=qObzHTTr1LI3s45&gdpr=1
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 45FE
Redirect Chain

https://ad.turn.com/r/cs?pid=21&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3630505328658725185

43 B
1 KB

65ms
65ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3630505328658725185
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D55541ab6c584a418%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:06 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 May 2021 23:12:06 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3630505328658725185
pragma: no-cache
date: Sat, 15 May 2021 23:12:05 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 um
u-ams02.e-planning.net/ Frame 45FE 42 B
103 B 57ms
55ms Image
image/gif 5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=99e41df815fd80b4&fi=55541ab6c584a418&uid=YKBVRPomrD6XL571CHriDgAA%26662
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D55541ab6c584a418%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
server: openresty
content-type: image/gif

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 534E 30 KB
9 KB 58ms
56ms Script
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: b0ed4a055ff198f6605e40f1169c9c9d684a873ed17d90f16ef66cc8cdbf9c93

Request headers

Referer: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:06 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 21:43:33 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=28531
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9237
Expires: Sun, 16 May 2021 07:07:37 GMT

GET
H2 204 cmp
spl.zeotap.com/ Frame E595 0
0 32ms
32ms Document
text/plain 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361&cmp=0
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=02f64658-ecbe-45c9-5f28-272c0b1026f3&reqId=ecae5b38-5c6c-4dc0-75d8-5218c6e2312e&zdid=1361&cmp=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: zc=02f64658-ecbe-45c9-5f28-272c0b1026f3; zsc=h%88%CB%E2%FCD1%FEhW%BD%CB%98%7D%D7ZF%E6%B3%DBA%FD%7C%83%01L%E7%3E%CE%A4b%E3-J+O%BEL-%7DH7W%DE%06%14QmH%28%FD%E8n%AEa%5D%EB%E3R%ABG%06%C5z%1C%C8%91%9D%E8%266K%81%E4%B9y7%0E%7B%1E+%D2%04%90R3P%C9%DF%D1%CCLe%07k%DCJ%BC%90%AC%D0%93%B1%08%A8lfl%F1%83%8C%B1%F2%7B%A8%7C9%CE%EF%14%D39M%A1.%FB%10%BB%2Bx%D53%A6%C7c%5C%AA%D2%0D%F3%1CM%A90a%E5%B3%B1%2F%A5F%A9%13%DDO%AC%DEVd%BBS%88%9B%84%AD1%04s%F0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://spl.zeotap.com
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 0a13e632fd0000177a2b143000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65000c97fd0c177a-FRA

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 534E 284 B
536 B 460ms
53ms Image
image/jpg 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/jpg

GET
H2 200 cc.js Show response
tags.crwdcntrl.net/c/15238/ Frame 0A4E 38 KB
11 KB 171ms
60ms Script
application/json 13.224.95.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Requested by: Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-123.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84

Request headers

Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 15 May 2021 14:36:17 GMT
content-encoding: gzip
last-modified: Thu, 02 Jul 2020 15:35:12 GMT
server: AmazonS3
age: 30950
etag: W/"2b2f816f40499d384e118ce88a266e02"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/json
via: 1.1 ebbd7f31e48ea8cf77f6021cdd92bf62.cloudfront.net (CloudFront)
cache-control: max-age: 86400
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: mIEAGOcxS4IVS1dnBKqaZLDe0EPasAPENgxbSaxov7kc-XEsqqGIhw==

GET
H2 200 sirdata_03022021.html Show response
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame FC40 636 B
577 B 51ms
51ms Document
text/html 5.178.65.253
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
Software: openresty /
Resource Hash: 14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

:method: GET
:authority: s.e-planning.net
:scheme: https
:path: /esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.us.e-planning.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: E=AOYKvKHmvTs-w8Ez
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.us.e-planning.net/

Response headers

server: openresty
date: Sat, 15 May 2021 23:12:06 GMT
content-type: text/html
last-modified: Wed, 03 Feb 2021 21:18:20 GMT
etag: W/"601b131c-27c"
expires: Thu, 14 May 2026 23:12:06 GMT
cache-control: max-age=157680000
access-control-allow-origin: *
content-encoding: gzip

GET
H2 200 e-planning Show response
sync.quantumdex.io/usersync/ Frame 1526 3 KB
1 KB 144ms
129ms Document
text/html 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/e-planning
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7697ebabde698553be8f88c59ea7d249852025acad9d94b6074109c964c2dd4b

Request headers

:method: GET
:authority: sync.quantumdex.io
:scheme: https
:path: /usersync/e-planning
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.us.e-planning.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.us.e-planning.net/

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
content-type: text/html
set-cookie: uid=0463282c-94d6-4b41-8b73-bd24b5dcad27; expires=Fri, 04 Jun 2021 23:12:06 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
cf-request-id: 0a13e633ab00004a55d19d7000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=k%2BNf8PcSw3CHEQlz9j%2FxdtA9y2gM0ahX4v944q8wh%2BqSUA%2ByFaqkn5dhDz%2ByP%2B34QbjRYv1i70Jl4YNsglP9%2BIk65B0VtBWQaRsqNCnBtHXidH6oc92%2B2G4AQFgJ%2BeQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65000c991d594a55-FRA
content-encoding: br

GET
H/1.1 200
OK Cookie set csync Show response
sync.console.adtarget.com.tr/ Frame D7CB 86 B
543 B 413ms
413ms Document
image/gif 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=307442&extuid=AOYKvKHmvTs-w8Ez
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: 1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Host: sync.console.adtarget.com.tr
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.us.e-planning.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: a307080=hf0caCucyo1Xe2yFJNx6; a306709=av-8ce7b0b5-2104-4e62-9a03-0ac63aaeaf98; a307565=cbc3ca0cb98a493d8c155801c03571c3; vmuid=0dd52e24bf26ce9f; a322988=e13f5a23fe66f901
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.us.e-planning.net/

Response headers

Server: VertaMedia 1.0
Date: Sat, 15 May 2021 23:12:06 GMT
Content-Type: image/gif
Content-Length: 86
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: vmuid=0dd52e24bf26ce9f; expires=Fri, 16 Jul 2021 23:12:06 GMT; domain=.console.adtarget.com.tr; path=/; secure; SameSite=None a307442=AOYKvKHmvTs-w8Ez; expires=Fri, 16 Jul 2021 23:12:06 GMT; domain=.console.adtarget.com.tr; path=/; secure; SameSite=None

GET
H2 200 GS.d Show response
js.cookieless-data.com/ Frame FC40 0
367 B 447ms
67ms Script
text/plain 212.129.3.112
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL

https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1621120326613

Requested by

Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.129.3.112 , France, ASN12876 (Online SAS, FR),

Reverse DNS

212-129-3-112.rev.poneytelecom.eu

Software

nginx/1.11.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains; preload
X-Xss-Protection	0

Request headers

Referer: https://s.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:07 GMT
server: nginx/1.11.3
strict-transport-security: max-age=15724800; includeSubDomains; preload
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cross-origin-resource-policy: cross-origin
content-length: 0
x-xss-protection: 0
expires: Tue, 01 Jan 2000 00:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame 1526
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=5247400059954150821

43 B
334 B

124ms
123ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=5247400059954150821
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hPW6P7g26VqF03yyxx%2BkOYhOWL8ihHZGHEiwdD6zG0rL5A0RHanYgyIbeXMsq14AJiRGmT1fUrtu31mH7QX6Htbu5pRgjYYYJRHnu%2BpQOuF3AWLyiDKwNyw5kW2miVw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 65000c9a4f5f4a55-FRA
content-length: 43
cf-request-id: 0a13e6346800004a55d33ac000000001

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:06 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.116:80
AN-X-Request-Uuid: 4ba7bc17-3d98-4eb9-9c1c-c25806e68a7f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=5247400059954150821
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame 1526
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
https://sync.quantumdex.io/setuid?bidder=between&uid=73d176d7-e643-5288-b492-eb94d432bed7

43 B
325 B

127ms
126ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=between&uid=73d176d7-e643-5288-b492-eb94d432bed7
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=X9VoyWGOxMvd1eRqU6MP7wHwmiASdPfPWznhkKkoEIwon1H%2BhhERZiFBT1XUCcy127O4t79BIGs%2FLNpdw9wrW1uysyfkVDjvOaJs%2FX8SHbcaDyzfdXQGJ6PSm3xRxsw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 65000c9a4f794a55-FRA
content-length: 43
cf-request-id: 0a13e6347300004a55bba80000000001

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=between&uid=73d176d7-e643-5288-b492-eb94d432bed7
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame 1526
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=5247400059954150821

43 B
326 B

130ms
129ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=answermedia&uid=5247400059954150821
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iQwO1i7OvlL9inRCChF2FF%2FwvyzckQ5u9zEOte%2BlgiLHjVCNLkHrL0iH0gwW%2FZM2fubd%2FcFKl6aCvCGMnvHt04keJA6%2FS8ggoZKBL8tuiOhGcyIaNrFZ6upnMKdflno%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 65000c9a4f644a55-FRA
content-length: 43
cf-request-id: 0a13e6346a00004a55be2a4000000001

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:06 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.7:80
AN-X-Request-Uuid: 957bf7b0-531c-411b-b513-a54bf2eefb73
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=answermedia&uid=5247400059954150821
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame 1526
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danx152media%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=anx152media&uid=5247400059954150821

43 B
328 B

132ms
132ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=anx152media&uid=5247400059954150821
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KOBYEqJPt5%2F2VaDUT%2FPU5u4oxIHtNl5E0Lq%2F4DY1yl36VSwBApTYNNZgnjM2mcZGVU9KTMa4k5jTC0v%2BrAqOpQqiidqsh8CuM8AsNhMP6PHFbRJix28A80hFL%2BCdf5Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 65000c9a9fdd4a55-FRA
content-length: 43
cf-request-id: 0a13e6349e00004a55f50fe000000001

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:06 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.41:80
AN-X-Request-Uuid: e09d1504-bd9f-4e89-9277-385abbbcbe56
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=anx152media&uid=5247400059954150821
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame 1526 0
474 B 1254ms
56ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame 1526
Redirect Chain

https://ups.analytics.yahoo.com/ups/58424/occ
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-TgHoJhlE2uE3l8Zj4s2DBnxNFmLOLdJZTq1VxJc-~A

43 B
326 B

127ms
127ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-TgHoJhlE2uE3l8Zj4s2DBnxNFmLOLdJZTq1VxJc-~A
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=b1W%2Bo%2FduUHw5cZHqPEK7xQExFNDAtCGgeyOV%2FuJvIBQctLT15G6Rra73xD2L7IOTDqICpNDSczRo2pWANPrxEjGIzUOhv9WRO5AulVWHGdAy6BTP0Rsveo5GedxbjQA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 65000c9a4f614a55-FRA
content-length: 43
cf-request-id: 0a13e6346900004a55d19e3000000001

Redirect headers

Date: Sat, 15 May 2021 23:12:06 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-TgHoJhlE2uE3l8Zj4s2DBnxNFmLOLdJZTq1VxJc-~A
Connection: keep-alive
Content-Length: 0

GET
H2 200 um
sync.e-planning.net/ Frame 1526 42 B
103 B 56ms
55ms Image
image/gif 5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.e-planning.net/um?dc=bcf310d1654d268f&iss=1&uid=0463282c-94d6-4b41-8b73-bd24b5dcad27
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:06 GMT
server: openresty
content-type: image/gif

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame C8CD 2 KB
3 KB 937ms
82ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 987e14bb1cda75b8693077b4090b2a07439b78f1b220c767fb06661cd7be21e3

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMPS=331; CMID=YKBVRPomrD6XL571CHriDgAA; CMPRO=662; CMST=YKBVRGCgVUYA; CMRUM3=2e60a0554605a0&9860a0554605a00&2760a055460b40&0460a0554627603630505328658725185&e660a055462760&f160a0554605a0&2f60a0554605a0&7b60a0554605a00&2d60a055442760CAESEJYrSxUAn0bU2S7stXDBfRM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sync.quantumdex.io/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 73|3|88|206|230|130|47|51
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1728
Expires: Sat, 15 May 2021 23:12:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 15 May 2021 23:12:07 GMT
Connection: keep-alive
Set-Cookie: CMID=YKBVRPomrD6XL571CHriDgAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 15 May 2022 23:12:07 GMT CMPS=331;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 13 Aug 2021 23:12:07 GMT CMPRO=662;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 13 Aug 2021 23:12:07 GMT CMRUM3=2e60a0554605a0&9860a0554605a00&2760a055460b40&3360a0554705a0&0460a0554627603630505328658725185&4960a0554705a0&5860a0554705a0&e660a055472760&ce60a0554705a0&f160a0554605a0&2f60a0554705a0&0360a0554705a0&7b60a0554605a00&8260a05547a8c0&2d60a055442760CAESEJYrSxUAn0bU2S7stXDBfRM;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 15 May 2022 23:12:07 GMT CMST=YKBVRGCgVUcA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 16 May 2021 23:12:07 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 20F1 2 KB
818 B 1407ms
53ms Document
text/html 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=2bb78272a859ca6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sync.quantumdex.io/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK Cookie set uc.html Show response
sync.go.sonobi.com/ Frame F157 43 B
551 B 1193ms
56ms Document
text/html 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Host: sync.go.sonobi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sync.quantumdex.io/

Response headers

Date: Sat, 15 May 2021 23:12:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
X-Xss-Protection: 0
Content-Encoding: gzip
Server: sonobi-go
Set-Cookie: HAPLB5S=s579|YKBVS; path=/; domain=.go.sonobi.com

GET
H2 204 d
ic.tynt.com/r/ Frame 53A8 0
0 140ms
139ms Document
text/plain 67.202.110.33
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.110.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-110.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

:method: GET
:authority: ic.tynt.com
:scheme: https
:path: /r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sync.quantumdex.io/

Response headers

server: nginx/1.16.1
date: Sat, 15 May 2021 23:12:06 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 YKBVRPomrD6XL571CHriDgAAApYAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame C8CD 43 B
923 B 100ms
33ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YKBVRPomrD6XL571CHriDgAAApYAAAAB?gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:07 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame C8CD
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=954860a0-5545-4200-a750-b09ea7617d23&gdpr=1&gdpr_consent=

43 B
1 KB

65ms
64ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=954860a0-5545-4200-a750-b09ea7617d23&gdpr=1&gdpr_consent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:07 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 May 2021 23:12:07 GMT

Redirect headers

Date: Sat, 15 May 2021 23:12:06 GMT
Server: MT3 3736 915c305 master cdg-pixel-x16
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=954860a0-5545-4200-a750-b09ea7617d23&gdpr=1&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 15 May 2021 23:12:05 GMT

GET
H2 200 ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame C8CD 85 B
236 B 147ms
145ms Image
image/png 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:07 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1621120328.677192,VS0,VE93
x-served-by: cache-fra19180-FRA
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/png
content-length: 85
x-cache-hits: 0

GET
H/1.1 204
No Content sync
ups.analytics.yahoo.com/ups/55940/ Frame C8CD 0
234 B 54ms
53ms Image
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YKBVRPomrD6XL571CHriDgAAApYAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS/7.1.2.128 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:07 GMT
Server: ATS/7.1.2.128
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame C8CD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YKBVRPomrD6XL571CHriDgAAApYAAAAB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEAtXOa8fESbo2-4qcctC1yg&google_cver=1

43 B
315 B

62ms
62ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEAtXOa8fESbo2-4qcctC1yg&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:07 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Sat, 15 May 2021 23:12:07 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:07 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEAtXOa8fESbo2-4qcctC1yg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ie
match.prod.bidr.io/cookie-sync/ Frame C8CD 43 B
430 B 521ms
67ms Image
image/gif 52.215.139.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.prod.bidr.io/cookie-sync/ie?gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.215.139.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
Date: Sat, 15 May 2021 23:12:08 GMT
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
content-type: image/gif
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame C8CD
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=KUwGF0ng1LI3s45&gdpr=1

43 B
1 KB

64ms
63ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=KUwGF0ng1LI3s45&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:09 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 May 2021 23:12:09 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:08 GMT
Server: PingMatch/v2.0.30-649-g03fe1b8#rel-ec2-master i-0a1405953f2666354@eu-central-1a@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=KUwGF0ng1LI3s45&gdpr=1
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame C8CD 43 B
146 B 1175ms
52ms Image
image/gif 35.156.19.236
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=index&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.19.236 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:08 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2 200 setuid
sync.quantumdex.io/ Frame C8CD 43 B
350 B 128ms
127ms Image
image/gif 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=ix&uid=YKBVRPomrD6XL571CHriDgAAApYAAAAB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:07 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ThAMI%2FLn6sjoZb5kOVQJzSB3NjiG7C81qTuH3%2FlIkbuVbx7u5iO4g2MMgb46NN%2FeXk6zShvDvayq8bE9Xi0lztFMONtOqHLG2FSrKXs%2FUjBA11FzTHselXtJMWIS8zk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 65000c9fdfc24a55-FRA
content-length: 43
cf-request-id: 0a13e637e300004a55d1a18000000001

GET
H2

200

rt=ifr Show response
bcp.crwdcntrl.net/5/ct=y/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/ Frame 13E1
Redirect Chain

https://bcp.crwdcntrl.net/5/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
https://bcp.crwdcntrl.net/5/ct=y/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr

1 KB
2 KB

84ms
84ms

Document
text/html

34.253.109.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/5/ct=y/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.109.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 959b70ad4f2f8c397e23c06f38ddda7045a5c9774b610b348a1d946c0432a628

Request headers

:method: GET
:authority: bcp.crwdcntrl.net
:scheme: https
:path: /5/ct=y/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.us.e-planning.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _cc_cc=ctst
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.us.e-planning.net/

Response headers

date: Sat, 15 May 2021 23:12:14 GMT
content-type: text/html;charset=UTF-8
content-length: 1196
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.13.50
set-cookie: _cc_dc=1;Path=/;Domain=crwdcntrl.net;Expires=Wed, 09-Feb-2022 23:02:00 GMT;SameSite=None;Secure _cc_id=831a49e880a38d8b08653ad8e5bd9b57;Path=/;Domain=crwdcntrl.net;Expires=Wed, 09-Feb-2022 23:02:00 GMT;SameSite=None;Secure _cc_cc="ACZ4XmNQsDA2TDSxTLWwMEg0tkixSDKwMDM1TkyxSDVNSrFMMjVnAIKEBaF%2Bf%2F7%2F%2F88P4kAAAKqeDm8%3D";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Wed, 09-Feb-2022 23:02:00 GMT;Max-Age=23328000;SameSite=None;Secure _cc_aud="ABR4XmNgYGBIWBDqB6SgAAAUyAGk";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Wed, 09-Feb-2022 23:02:00 GMT;Max-Age=23328000;SameSite=None;Secure
access-control-allow-origin: *

Redirect headers

date: Sat, 15 May 2021 23:12:14 GMT
content-length: 0
location: https://bcp.crwdcntrl.net/5/ct=y/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.0.239
set-cookie: _cc_cc=ctst;Path=/;Domain=crwdcntrl.net;SameSite=None;Secure

GET
H2

200

tpid=7238142560429375486
sync.crwdcntrl.net/map/c=10915/tp=TRNN/ Frame 13E1
Redirect Chain

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/831a49e880a38d8b08653ad8e5bd9b57/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=7238142560429375486

49 B
239 B

204ms
70ms

Image
image/gif

54.194.226.253
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=7238142560429375486
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.226.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:14 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.11.140
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

location: https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=7238142560429375486
pragma: no-cache
date: Sat, 15 May 2021 23:12:13 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

tpid=dc4ffbfa-17b3-42b5-829b-f5c097135bda
sync.crwdcntrl.net/map/c=10158/tp=TPAD/ Frame 13E1
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=831a49e880a38d8b08653ad8e5bd9b57&gdpr=1&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftp...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=LOTAME&partner_device_id=831a49e880a38d8b08653ad8e5bd9b57&gdpr=1&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPA...
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=dc4ffbfa-17b3-42b5-829b-f5c097135bda

49 B
240 B

192ms
69ms

Image
image/gif

54.194.226.253
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=dc4ffbfa-17b3-42b5-829b-f5c097135bda
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.226.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:14 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.19.145
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

date: Sat, 15 May 2021 23:12:14 GMT
via: 1.1 google
server: Jetty(9.4.36.v20210114)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=dc4ffbfa-17b3-42b5-829b-f5c097135bda
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 13E1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ODMxYTQ5ZTg4MGEzOGQ4YjA4NjUzYWQ4ZTViZDliNTc
https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ODMxYTQ5ZTg4MGEzOGQ4YjA4NjUzYWQ4ZTViZDliNTc&google_tc=

170 B
188 B

67ms
67ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ODMxYTQ5ZTg4MGEzOGQ4YjA4NjUzYWQ4ZTViZDliNTc&google_tc=

Requested by

Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:14 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ODMxYTQ5ZTg4MGEzOGQ4YjA4NjUzYWQ4ZTViZDliNTc&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 13E1
Redirect Chain

https://id5-sync.com/s/19/9.gif?puid=831a49e880a38d8b08653ad8e5bd9b57&gdpr=1
https://id5-sync.com/c/19/19/9/1.gif?puid=831a49e880a38d8b08653ad8e5bd9b57&gdpr=1&gdpr_consent=
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODM4ODY2Ni90LzI/dpuid/ID5-ZHMOKqDiwSLoiBlQF2Zig3OF32lMuF9ESiB-9jQXiw/url/https%3A%2F%2Fid5-sync.com%2Fc%2F19%2F224%2F8%2F2.gif%3Fpuid%3D%24%21%7BTURN_...
https://id5-sync.com/c/19/224/8/2.gif?puid=7238142560429375486&gdpr=1&gdpr_consent=&gdpr=1&gdpr_consent=
https://bcp.crwdcntrl.net/map/c=1882/tp=BKAI/gdpr=1/gdpr_consent=?https://tags.bluekai.com/site/5907?limit=0&id=${masked_profileid}&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F19%2F321%2F7%2F3.gif%3Fpui...
https://tags.bluekai.com/site/5907?limit=0&id=2fb3cae7803961fa6309240c63c3314e&redir=https://id5-sync.com/c/19/321/7/3.gif?puid=$_BK_UUID&gdpr=1&gdpr_consent=
https://id5-sync.com/c/19/321/7/3.gif?puid=$_BK_UUID
https://sync.crwdcntrl.net/map/c=2831/tp=GDMP?https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=${base64_profileid}&google_redir={xENCODEDURL}&id5id=ID5-ZHMOKqDiwSLoiBlQF2Zig3OF32l...
https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ODMxYTQ5ZTg4MGEzOGQ4YjA4NjUzYWQ4ZTViZDliNTc&google_redir={xENCODEDURL}&id5id=ID5-ZHMOKqDiwSLoiBlQF2Zig3OF32lMuF9ESiB-9jQXiw

170 B
188 B

68ms
67ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ODMxYTQ5ZTg4MGEzOGQ4YjA4NjUzYWQ4ZTViZDliNTc&google_redir={xENCODEDURL}&id5id=ID5-ZHMOKqDiwSLoiBlQF2Zig3OF32lMuF9ESiB-9jQXiw

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:15 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ODMxYTQ5ZTg4MGEzOGQ4YjA4NjUzYWQ4ZTViZDliNTc&google_redir={xENCODEDURL}&id5id=ID5-ZHMOKqDiwSLoiBlQF2Zig3OF32lMuF9ESiB-9jQXiw
cache-control: no-cache
x-server: 10.45.31.107
content-length: 0
expires: 0

GET
H2

200

tpid=no-consent
sync.crwdcntrl.net/map/c=1389/tp=STSC/ Frame 13E1
Redirect Chain

https://pixel-sync.sitescout.com/connectors/lotame/usersync?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID
https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=no-consent

49 B
238 B

146ms
69ms

Image
image/gif

54.194.226.253
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=no-consent
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.226.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:14 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.27.79
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:14 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=no-consent
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 13E1 70 B
264 B 67ms
66ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=1
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=15238/rand=388872934/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:14 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 dc_oe=ChMIuNuc6OfM8AIVz-p3Ch0CvwOyEAAYACCvhsZGQhMIu-6F6OfM8AIVkUjgCh3E_Qyt;met=1;&timestamp=1621120334383;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame E94E 42 B
498 B 225ms
96ms Image
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIuNuc6OfM8AIVz-p3Ch0CvwOyEAAYACCvhsZGQhMIu-6F6OfM8AIVkUjgCh3E_Qyt;met=1;&timestamp=1621120334383;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 37ms
18ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210511&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e00441c268b27b7bb47e9747d359ca89e0917e0251d59eba516c3f1f2a517b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 May 2021 23:12:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7661
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 7DBF 0
326 B 64ms
22ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=1plus1.ua

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?origin=publishertag&topUrl=1plus1.ua
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1plus1.ua/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1498
set-cookie: uid=6a5e0607-6040-4a52-98f9-6ec5845cc275; expires=Sun, 15 May 2022 23:12:14 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Sat, 15 May 2021 23:12:15 GMT
content-length: 0

GET
H/1.1 200
OK Cookie set nRAnHbS2 Show response
1plus1.video/video/embed/ Frame AFF1 9 KB
4 KB 107ms
106ms Document
text/html 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/video/embed/nRAnHbS2?autoplay=0&l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 744aac588058ddb11b9ff3e8769b4be86f96ca2a2893603ebb5e53bc3e40d974

Request headers

Host: 1plus1.video
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://1plus1.ua/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1plus1.ua/

Response headers

Server: nginx
Date: Sat, 15 May 2021 23:12:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: _opov_sid_=478p057poqdmv0imstfhmkflhn; expires=Tue, 16 May 2023 00:12:15 GMT; Max-Age=63072000; domain=.1plus1.video; path=/; secure; SameSite=None; _opov_uisl_=0; expires=Mon, 15-May-2023 23:12:15 GMT; Max-Age=63072000; path=/; domain=.1plus1.video _opov_uisl_=0; expires=Mon, 15-May-2023 23:12:15 GMT; Max-Age=63072000; path=/; domain=.1plus1.video _opov_uisl_=0; expires=Mon, 15-May-2023 23:12:15 GMT; Max-Age=63072000; path=/; domain=.1plus1.video _opov_uisl_=0; expires=Mon, 15-May-2023 23:12:15 GMT; Max-Age=63072000; path=/; domain=.1plus1.video
Content-Encoding: gzip

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Sat, 15 May 2021 23:12:15 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 81CF 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://1plus1.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Sat, 15 May 2021 17:56:58 GMT
expires: Sun, 15 May 2022 17:56:58 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 18917
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 81CF 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f2408d274b2e81505cf5c1b84d9f0d583282490834abfe22710e697342c05e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 21:21:06 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 6669
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5636
x-xss-protection: 0
expires: Sun, 15 May 2022 21:21:06 GMT

GET
H/1.1 200
OK ovva.0.3.0.css
1plus1.video/static/player/css/ Frame AFF1 171 KB
26 KB 90ms
89ms Stylesheet
text/css 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/static/player/css/ovva.0.3.0.css?v=ab8780303bb814310713b519213bf27f52934d22
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/nRAnHbS2?autoplay=0&l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: d4c668bce61f7b8ce502204a3cd9b5f868384c07bff2b907e561b75f6a6ec56c

Request headers

Referer: https://1plus1.video/video/embed/nRAnHbS2?autoplay=0&l=ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:15 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 11:47:42 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 14 Jun 2021 23:09:48 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame AFF1 88 KB
35 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-104502981-1

Requested by

Host: 1plus1.video
URL: https://1plus1.video/video/embed/nRAnHbS2?autoplay=0&l=ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ba1046219b769e4ed0863b1fd31b8f905886fdea76e95ce0abe716ef6d148f6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:15 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35683
x-xss-protection: 0
last-modified: Sat, 15 May 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 May 2021 23:12:15 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
39ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210511&jk=3498077062137338&bg=!DQ6lDkrNAAY59bwoOfU7ACkAdvg8WoLFgoo7Xtb7BYd8a5M42qQPesIcn-wRjgjNwm2QiCMX9UHL7QIAAABlUgAAAAxoAQcKAAIPVJkCQkUFmQGGeBbBC7a7AmwqII83HvRSWH8ynf837AX1jFKFTf_4f5MILc9tFDQau0Go8YAINm_Cg8NOCQFaFnEHC4of6atFMRVAzZ3n_GAGXNYyFOA8AZ5fU_nsN1_AHQ9Mwn9dZUbe-xwWF2qkfCNygobc_YcCmAljgKIOqmZL-YC6RzpeKBgUFAnTuEFRbTRSlou_n9VEGUfT5I6YT8ZAIaJAfkzjfvDGa-09LMIeTXjDFeN5DOg9aVTvdm3TJlHZjyPybr9GEEhoorS4KdKDUbOQAnljDVKJmQUuCbJCAnVM1Xovpxy0BYk1LMAb2T-eb87kCAgXWK4iiQffX4MUe3B3HjcrnsFq5k2I7SK530jrSu063t48ifv0j6WUduYmwY0PqS14q8nSHJqRLFJNEIt5KhgePWgTEZfZrXl6uTKxZIybi6nah7nXvq5-uRbqB5MzqZ-zI6YYK1qbVFbUtWzO0WlIsagOTeFvP4Q4zXIF1hycvYknBYDPjRvGpId1FWpuGzPUbdO8p2M8jFhn9XwcyEOZFN6zfmwVExSidTx1Cgw29wH9Y2ttEs1uBJT5wwubjX-Y4zH-bX5pqdmBjIrPs22qIQSmpa2zK5cBq44TOkEWk5zpccudoJIfG6Z4Z-0JYGrwaGX57N1vpmFU3qq7-UytSxfbdMc7B9v-lnJLvR6XcdoRh0BoKgNDNacY6WeVKWnMGSJMK2WoLoPjU9HtF8SVwX8goRHnB6mCsi7MkMhSjFpIzD3lKamNtQjlPgeG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK l.js Show response
api.1plus1.video/u/ Frame AFF1 898 B
2 KB 93ms
93ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/u/l.js?p=276&l=ua&f=0&auth=1&login_profile=1&_t=1621120335556
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/nRAnHbS2?autoplay=0&l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 1a25dc1f635f99f47b17f2f73048416edb0e88fcfc775b08d14c729daf4c73af

Request headers

Origin: https://1plus1.video
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 May 2021 23:12:15 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: https://1plus1.video
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=15
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame AFF1 101 KB
37 KB 19ms
18ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WPC3Q76

Requested by

Host: 1plus1.video
URL: https://1plus1.video/video/embed/nRAnHbS2?autoplay=0&l=ua

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e90e6fd12dbd83e4f13e060ecef77141642b15a4fe0c57ce1191b7b83c71717f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:15 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37462
x-xss-protection: 0
last-modified: Sat, 15 May 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 May 2021 23:12:15 GMT

GET
H2 200 3b7c77a8827726670d2e0480bbf8466d.custom.jpg
images.1plus1.video/card-3/nRAnHbS2/ Frame AFF1 226 KB
226 KB 84ms
84ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-3/nRAnHbS2/3b7c77a8827726670d2e0480bbf8466d.custom.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/nRAnHbS2?autoplay=0&l=ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 747fd89e5764f688a5d68391e02ba3a2800fe0ae7ec147eb3a4b7ac3ad070ac4

Request headers

Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 23:12:15 GMT
last-modified: Sun, 09 Feb 2020 21:45:58 GMT
server: nginx
etag: "9e2591c0c8ffd5cbcff87fc3af903c0c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 231252
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 15 May 2021 23:12:15 GMT
expires: Sat, 22 May 2021 23:12:15 GMT

GET
DATA 200
OK truncated
/ Frame AFF1 369 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5f9ecc527406b9b72bc3a9f4527892dcf842584b7e6aeb7ce816a4c7c8803954

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame AFF1 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-104502981-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6139
date: Sat, 15 May 2021 21:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sat, 15 May 2021 23:29:56 GMT

GET
H/1.1 200
OK api.auth.0.0.5.js Show response
api.1plus1.video/static/js/ Frame AFF1 98 KB
32 KB 84ms
83ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/js/api.auth.0.0.5.js?v=ab8780303bb814310713b519213bf27f52934d22
Requested by: Host: api.1plus1.video
URL: https://api.1plus1.video/u/l.js?p=276&l=ua&f=0&auth=1&login_profile=1&_t=1621120335556
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 5a4b1f2808b146ffbc15aaef9be736ffb04bfeff1b0e07787ea5b61f6f1620f8

Request headers

Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:15 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 11:56:24 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 14 Jun 2021 23:11:07 GMT

GET
H/1.1 200
OK api.auth.css
api.1plus1.video/static/css/ Frame AFF1 56 KB
9 KB 82ms
82ms Stylesheet
text/css 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/css/api.auth.css?_t357211636988
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/nRAnHbS2?autoplay=0&l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: a691ce0fb054d5f2128394b9ad9c5961d7c0cdc1804bc83d6760df78ee304d7f

Request headers

Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 15 May 2021 23:12:15 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Aug 2020 07:12:56 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 14 Jun 2021 23:12:15 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame AFF1 4 KB
727 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Requested by

Host: api.1plus1.video
URL: https://api.1plus1.video/static/css/api.auth.css?_t357211636988

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

016b91219c6ed7712bdfed0dfa714b53c5df005847771cddf79e2a3a5d5679ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://api.1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 May 2021 21:45:34 GMT
server: ESF
date: Sat, 15 May 2021 23:12:15 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 May 2021 23:12:15 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ Frame AFF1 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://1plus1.video
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 01:50:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 422498
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Wed, 11 May 2022 01:50:37 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFUZ0bbck.woff2
fonts.gstatic.com/s/opensans/v18/ Frame AFF1 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFUZ0bbck.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

547ded99e5139a10d4145e6e5c62ce35fa03495f625ee8d1e457011408428154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://1plus1.video
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 21:46:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:24 GMT
server: sffe
age: 350774
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9400
x-xss-protection: 0
expires: Wed, 11 May 2022 21:46:01 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&wpc=ca-pub-9111367348737651&su=1plus1.ua&eid=42530889&doc=complete&pg_h=7013&pg_w=1600&pg_hs=7013&c=4&aa_c=0&av_h=232.500&av_w=845&av_a=183250&s=310&all_s=310&b=2280&all_b=2280&d=0.133&all_d=0.133&ard=0.065&all_ard=0.065&dt=d

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 400 / Show response
graph.facebook.com/v2.2/ 202 B
607 B 125ms
66ms XHR
application/json 2a03:2880:f016:b:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/v2.2/?fields=og_object{engagement}&id=https://1plus1.ua/golos-krainy/video/prozarka-treneriv-golosu-i-polskij-rep-vid-volodimira-ostapcuka-golos-kraini-backstage

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/assets/9262aebb/jquery.min.js?v=1522140588

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f016:b:face:b00c:0:2 Warsaw, Poland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

eeadc0ee383b67004a88a4312b94d00a8d0e31fea686dbf6661553013a7d6dae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1003799566
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 149
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: LhqENTxJK+mk8eDv7rUSRelaxGs7bTfsLJMZBC3KBqjTmbvpoY21GX2wO+InnXFdYfm55pCHnheE8NVkyDSTjw==
x-fb-trace-id: FQS0Dj2R/3+
date: Sat, 15 May 2021 23:12:18 GMT
vary: Origin, Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-fb-request-id: AVdC-IEwckTJyM-D18-HgFk
cache-control: no-store
facebook-api-version: v3.3
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 400 / Show response
graph.facebook.com/v2.2/ 202 B
303 B 124ms
67ms XHR
application/json 2a03:2880:f016:b:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/v2.2/?fields=og_object{engagement}&id=https://1plus1.ua/golos-krainy/video/prozarka-treneriv-golosu-i-polskij-rep-vid-volodimira-ostapcuka-golos-kraini-backstage

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/assets/9262aebb/jquery.min.js?v=1522140588

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f016:b:face:b00c:0:2 Warsaw, Poland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a7efa201343f8bbc55bd0c4e26babd367969fc3359baca798b625400db3d11d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1003799566
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 148
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: zviYq/Y1pkF9A97s5/V5k9cbc0TxFjMTmErQ4ZrqlRvdBBVKUEiuTODKTMhgdHkBBsnWAXAsfN5GCvFm0lauLg==
x-fb-trace-id: H2MexQBxnkd
date: Sat, 15 May 2021 23:12:18 GMT
vary: Origin, Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-fb-request-id: AvlsnP6itlYAe1rONtSUPRM
cache-control: no-store
facebook-api-version: v3.3
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 dc_oe=ChMIuNuc6OfM8AIVz-p3Ch0CvwOyEAAYACCvhsZGQhMIu-6F6OfM8AIVkUjgCh3E_Qyt;met=1;&timestamp=1621120344383;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame E94E 42 B
107 B 96ms
96ms Image
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIuNuc6OfM8AIVz-p3Ch0CvwOyEAAYACCvhsZGQhMIu-6F6OfM8AIVkUjgCh3E_Qyt;met=1;&timestamp=1621120344383;eid1=2;ecn1=0;etm1=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 May 2021 23:12:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pa.tns-ua.com
URL: http://pa.tns-ua.com/bug/get_cookie

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEIq-t8XvzI3HovJ-0nQecDs&google_cver=1&google_push=AQvitUJLR7B4Jvv-7LInD2RuXpSjO-_XIAI27sQCrCXnhR56BZhNYZNsmSkBLyGPJCoIczqdkiljsFzakhWhnKH_Zq_4qk1uE9Q

Verdicts & Comments Add Verdict or Comment

162 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.crwdcntrl.net/	1970-01-20 00:47:28	Name: _cc_aud Value: "ABR4XmNgYGBIWBDqB6SgAAAUyAGk"
.crwdcntrl.net/	1970-01-20 00:47:28	Name: _cc_cc Value: "ACZ4XmNQsDA2TDSxTLWwMEg0tkixSDKwMDM1TkyxSDVNSrFMMjVnAIKEBaF%2Bf%2F7%2F%2F88P4kAAAKqeDm8%3D"
.crwdcntrl.net/	1970-01-20 00:47:27	Name: _cc_id Value: 831a49e880a38d8b08653ad8e5bd9b57
.crwdcntrl.net/	1970-01-20 00:47:27	Name: _cc_dc Value: 1
.casalemedia.com/	1970-01-20 03:04:16	Name: CMRUM3 Value: 7b60a0554e2760vF4z7eYRQNthvCtPMRQ-ZrlMCWs
.casalemedia.com/	1970-01-19 20:28:16	Name: CMPRO Value: 327
.casalemedia.com/	1970-01-20 03:04:16	Name: CMID Value: YKBVTn9t5ELSjfwnP1eh1wAA
.casalemedia.com/	1970-01-19 18:20:06	Name: CMST Value: YKBVTmCgVU4A
.casalemedia.com/	1970-01-19 20:28:16	Name: CMPS Value: 331
.doubleclick.net/	1970-01-19 18:18:41	Name: test_cookie Value: CheckForPermission

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js(Line 1) Message: Chrome
console-api	log	URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js(Line 1) Message: Mraid Ready false
console-api	error	URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18762(Line 1) Message: localStorage unavailable
console-api	warning	URL: https://player.adtelligent.com/prebidlink/ex18763/hb_298309_4139.js(Line 3) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	info	URL: https://cdn.ampproject.org/rtv/012103020108001/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2103020108001 https://1plus1.ua/
console-api	warning	URL: https://1plus1.ua/js/main.js?v=1620303585(Line 1465) Message: Cannot send the request.
console-api	warning	URL: https://1plus1.ua/js/main.js?v=1620303585(Line 1465) Message: Cannot send the request.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1298b004a4f6b16d08218585ceb74628.safeframe.googlesyndication.com
1plus1.ua
1plus1.video
a.audrte.com
aa.agkn.com
aax-eu.amazon-adsystem.com
ad.turn.com
ade.googlesyndication.com
ads.betweendigital.com
ads.pubmatic.com
ads.us.e-planning.net
adservice.google.com
adservice.google.de
ap.lijit.com
api.1plus1.video
assay.1plus1.ua
bbnaut.ibillboard.com
bcp.crwdcntrl.net
beacon.krxd.net
bidder.criteo.com
bn01.er.bemail.it
c1.adform.net
cdn.admatic.com.tr
cdn.admixer.net
cdn.ampproject.org
cm.adform.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
control.1plus1.ua
creativecdn.com
cs.admanmedia.com
csync.loopme.me
d.turn.com
dis.criteo.com
dm.hybrid.ai
dmp.adform.net
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
gaua.hit.gemius.pl
ghb.adtelligent.com
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
graph.facebook.com
gum.criteo.com
hb-api.omnitagjs.com
ib.adnxs.com
ic.tynt.com
id5-sync.com
idsync.frontend.weborama.fr
ih.adscale.de
image6.pubmatic.com
images.1plus1.ua
images.1plus1.video
inv-nets.admixer.net
js.adscale.de
js.cookieless-data.com
l1.heyhelga.net
loadeu.exelator.com
match.adsrvr.org
match.prod.bidr.io
mug.criteo.com
mwzeom.zeotap.com
nep.advangelists.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
odr.mookie1.com
onetag-sys.com
pa.tns-ua.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-sync.sitescout.com
pixel.mathtag.com
pixel.sitescout.com
pixel.tapad.com
player.adtelligent.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid-eu.creativecdn.com
prebid-match.dotomi.com
rtb.openx.net
s.ad.smaato.net
s.adtelligent.com
s.amazon-adsystem.com
s.console.adtarget.com.tr
s.e-planning.net
s0.2mdn.net
script.hotjar.com
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
source.mmi.bemobile.ua
spl.zeotap.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.criteo.net
static.hotjar.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.adtelligent.com
sync.console.adtarget.com.tr
sync.crwdcntrl.net
sync.e-planning.net
sync.extend.tv
sync.go.sonobi.com
sync.mathtag.com
sync.quantumdex.io
sync.richaudience.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.tidaltv.com
t.trafmag.com
tag.navdmp.com
tags.bluekai.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
tracking.m6r.eu
trc.taboola.com
u-ams02.e-planning.net
um.simpli.fi
ups.analytics.yahoo.com
usermatch.krxd.net
vars.hotjar.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
google2waycm.netmng.com
pa.tns-ua.com
104.109.91.53
104.111.230.142
104.111.237.88
13.224.95.123
13.224.95.38
13.32.6.14
142.250.185.130
142.250.186.130
142.250.186.66
146.0.227.110
146.59.10.80
151.1.205.165
151.101.14.49
154.57.158.51
159.253.128.188
162.55.6.210
168.119.146.39
178.162.133.149
178.250.0.157
178.250.0.163
178.250.2.131
18.158.173.146
18.158.191.20
18.198.69.109
185.184.8.30
185.255.84.150
185.29.135.190
185.33.220.244
185.59.220.198
185.64.189.115
188.42.196.115
193.200.65.5
194.213.62.34
194.247.175.26
194.247.175.38
195.137.240.100
195.137.240.12
195.137.240.19
195.137.240.20
195.137.240.88
199.232.137.44
2.18.233.180
2.18.233.201
2.18.234.21
2001:678:cb4:bbbb::11
2001:678:cb4:bbbb::13
212.129.3.112
212.82.100.182
213.174.135.2
213.19.147.44
216.52.2.48
216.58.212.130
23.45.99.241
23.79.143.124
2606:4700:10::6816:1957
2606:4700:20::ac43:47f1
2606:4700::6810:ef3
2a00:1288:110:c305::8000
2a00:1450:4001:802::2003
2a00:1450:4001:803::2003
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::200e
2a00:1450:4001:812::2001
2a00:1450:4001:812::2006
2a00:1450:4001:813::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2002
2a00:1450:4001:831::2004
2a00:1450:400c:c0c::9d
2a02:2638::1c
2a02:2638::3
2a02:fa8:8806:16::1400
2a03:2880:f016:14:face:b00c:0:3
2a03:2880:f016:b:face:b00c:0:2
2a03:2880:f116:83:face:b00c:0:25de
2a03:90c0:41:2801::254
2a05:d018:24:b002:ebbe:4057:3491:6f67
2a0c:5c81:5095:0:225:90ff:fefa:245d
2a0c:5c81:5139::2
2a0c:5c81:5142::2
3.120.52.200
3.126.56.137
3.127.92.82
34.237.161.69
34.252.115.248
34.253.109.165
34.98.67.61
35.156.19.236
35.170.39.52
35.186.253.211
35.201.81.244
35.227.248.159
37.157.4.25
37.157.6.242
37.18.16.16
46.249.52.249
5.178.65.245
5.178.65.253
51.89.21.10
51.89.9.254
52.203.5.125
52.215.139.246
52.46.130.13
52.49.62.42
52.95.118.60
54.194.226.253
54.226.160.243
54.234.240.118
54.77.62.253
62.149.0.72
66.155.71.25
67.202.110.33
69.173.144.139
76.223.111.131
85.114.159.93
88.214.206.142
89.163.159.103
99.86.242.11
016b91219c6ed7712bdfed0dfa714b53c5df005847771cddf79e2a3a5d5679ac
01be17d7938f5f317cb03042fcd53de7d76126cb0b00f86df35dafd497b99c0a
045f04f00f65304db06a18e3ab669c31e22b5d54433e2a9e4cc7401268b84783
04ed66329439ee574ba5f90f060620c67f86ef2b1511d7fe2c42bc9945bccd64
0905b61cd031c9735f1035e9e93dda5d0d16df31725a0f57910a6edc990d46bc
0b3bd6059f9b77a5a857a2599aba1f6824a30b1762dd5a968cc38797dec0ec22
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e35ec3dfa80b7851b7826fcae5e1ef652d03d77c6c2af9f0bf1b97d49fe876d
0e671a70fbf1155ed9ec58398fb6d144360a73646429e52701ef584533fbb610
0f2408d274b2e81505cf5c1b84d9f0d583282490834abfe22710e697342c05e4
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
111f99c36f79c0c0dc7caffd5b53bfe11d94b0580f282c850d947ac1eed19499
117e4d5b9c742a081423aa9964d7f481b772510517dda5edfccf6b5cafbd12f1
11dd5cdff459a5138767096fadda7834f8d4a1c3e546fa5999e5ad38432aedca
1252a07c4db3367b430e6e5c15e30d0cd879c1edbb2926dc7d75e4eed0a1080d
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14a6bc9fca94f536d24da272cf684e3e900adaf170804cceda99f44c97c710c4
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
178db29e93351a3d6b57a9c3c817eba6a2625d77e372c17cf47c86b37d7c40cd
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84
18cbfcb608af5885f7916274b60578d32006c90e8fce3d98dbcc89a646707608
18cda553c3c3b2540349b6bfa49c87a66eaa54fe137ed0f58944bbd78b45af1f
1a25dc1f635f99f47b17f2f73048416edb0e88fcfc775b08d14c729daf4c73af
1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74
1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997
1d20ef34fb2b7a8d6409fac19fabba3fe1c922c674b469e57b92aed5a417d3ea
1d4ee68a4b4d3d329089adf12dc360b975f7d6cc57f0a051365f651a4e34643c
200de1c82d88b5995c8447ada41c12388f644ebef20bbeda3a82ea9895c5bb7a
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223
21d45a4ed77653b3b1ee2b47a786a4dbb936a3b19fc56e1b44c16aed35eb80ee
22e82a377e041381856c538ed697de7fd3293893d468b944043bb285f05e4497
23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e
259f01a4a83ad8a3ea4306becf97b5270bed9e5556f64ed6bde597f2f0601b39
25a64f08844cf48f162ef1f844cef5ceaf5cc316c00eb672e63d2af1725c0a8a
2828352f78a32a8155791f4497d25d486d2c059f30290e37f1255add757855d1
28328061bf9db47f4fb33a3d446854095eb51eccc32793be4c58fee1c17a5f94
2bb8bb255f361f4ce7cbef4bd6e3c04ed602a91379ab5136aaf031a2df9bc8f3
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2d310648a31461f6b76c38bca295da135b9825938ad1defab174fc29b414487b
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2efbef0bcfb1114634bbd1bfd130d6b44ebe6f147e87d0acd3923c32a39b2873
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8
35a07fb55ba049aaca56a25b0f41c72139affe01dff5e197ecb59f7b9bf55a13
360f93dc63a30edd23cf33e0de57effd1a4e55c89b02307892b2e5136ab8d32d
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888
39d0c36984e27fd85e5675e302597661553268078ed5ec2206c5d7b3b87f934f
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ef23cb6d4c1a8818cab0d4972928bd2d533184871f8f72f80e0863dc65562ee
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
43af7f12c539ce9806bca75b45a9cd3d5ec7a6c9b5402f04f605b9d315fd2536
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
486762d56893f9b12fdfad41c3a76f11fc745b5436e97e596a63c22ee13d2e33
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4a9fc6c446ddef5f6205d3ad238112ce639e542546f3f3c0ad2f5951c2313332
4aaa9004e0f614a37077fd1d7c1cd3af1dd1719f7e7555195199ef02bb8b79ab
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bf63af61eae56517944f32094187ba6082c7d29cfaac60064142769f57af1c5
4c6af60796cc240ad277098308cf363c2700f5296264ec1b43b4e1362763c439
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5063a9e0f92d436b151a31c58ef2c304d147c8e241a9158f6a49edbdc1731ad8
5195b5533eaad9e23ee9c1ad9dd017b4f0fca8d54921a3f045858eaf4145689d
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
53db803dda7eed11fa80f365455ca64e011347e18f7870b3a478c867d2bda87b
544a9af62229801218d1ba1e9c1d7bb14833ce35e7d77a0737a038c245d9ab4e
547ded99e5139a10d4145e6e5c62ce35fa03495f625ee8d1e457011408428154
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55b6a6276b53d4aeb9b1c841db9ff49b552897ee4faa32937a39c7da50f05958
5764f31f63909f6026989595eb8423d5984fda5c6fc85fa2484d70c4c185b6fa
579139fab0ac92bf5ecfa3b3f0467abb0e5f2b83718bf0d34b97ebdbc6c6a629
57b24c34a0dd3107f539db7588721f6beef36943795bd03ae580164e933424ab
5816c6b00e67e96078708cb8f297505f783cbf4b5653e66647ad7202ca753717
58ed344732766704ee535508e3dcd8d4a8ec0c9c79d16adf02293adde110926c
594ca5002b9cdd63b301365c4dd76f3a08e23049f6aee1f62258d20da8ef1345
5a4b1f2808b146ffbc15aaef9be736ffb04bfeff1b0e07787ea5b61f6f1620f8
5b6ed70fc2456e6b1958c651733fb245d2e43d3b1cb3617707c4fc389c83fd1a
5c5cde291738ac47eafd8efd961b378b8e451486d026f4b371b582de9876cf0f
5c819ec60a426a277958529cb82fd86d9d3ce828cd271abb6a29de53b88872a9
5d1b56a762d63b6e9bfb8a70552ce75c1c3938c782f8d9de971ecc960836c451
5d939a6531a918f550dff0615d8d07c917e9f2549f24e1d124c3600e8d2b6941
5e00441c268b27b7bb47e9747d359ca89e0917e0251d59eba516c3f1f2a517b5
5f9ecc527406b9b72bc3a9f4527892dcf842584b7e6aeb7ce816a4c7c8803954
5ff4a0ffe660e2d84b440b7c353523e0b28c01ab685e3df1782f355f1b22c65e
62b58b017cf4d54dc404dbc48e49b0429cbbb46678a868a95bf17664cc6340fd
65281bd4c18cc9b2cd11159b76435a896df4266dbfbdceca853532d1940352a9
65cef8a94d8a09cac56b85e15c92c37ea129d38a094fa8e1f3fd812a550b74be
65d1dbcdcaefbf30e2a6550d1c99976a61d8adac18aed610c6bf99d70e44928f
66399bcab4bed5fb6a37486acf01a34a11f4f0dfbcdcbff90b54fe0f7797fd42
66f661926ae6c1e13c6b2169733476eb03b9be46e333e5f81eab69a5b0d27ace
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e39ba4fad6e787f935f33ea8dac9105b1384cae25041a12bc108805c86598fb
6e553b4e88ac4a1819d608fe9dcb46544ca5fb776d4e0c84d773f37b1df18211
6eb578cdb8ad2849ee8eac7af86100d2c1dd2780246ec275abcfb44a0d39175d
714576ef1d7b58980b7658ae9b8b4d74a223fba87934dc442db4098873e179a3
7238153399ca356c43579ac0becd19727cf51d040c3edbff1596b6bb8869bc59
7313a606ffdc3713d435678459ced16c9390171f8b693d19a882c5853ef8ec94
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
744aac588058ddb11b9ff3e8769b4be86f96ca2a2893603ebb5e53bc3e40d974
747fd89e5764f688a5d68391e02ba3a2800fe0ae7ec147eb3a4b7ac3ad070ac4
7697ebabde698553be8f88c59ea7d249852025acad9d94b6074109c964c2dd4b
76cab4cda3775ca3e8c1d232d36178258ea52b2f85991098c43b6f02b2575d4b
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7
792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4
79f6f04716a94f383afeb39c9e57117db9a9695f327e04a5a6ac4b55e723e0ea
7b6e72abfd6be8c9eaa11afa202dcf2d0305a502a8facbee15b8e0332376cf6a
7b90253fd93dae3c4bae4ef55d38fc0550b3a58caaa0408505c581872ca46722
7bb56a90360e91425ca5587e23dea63443cb0e9a44d79e97257c506dd9d58d02
7dc681d01102df974fed5cda3c065e3b286870aeee2c10f3616a8c2539833a23
7f26d2782bef2f468f9522ac5384691217f815565a04396eb244776d769769de
7f75e79ec3f481ce050adc9b0e9fbc75ba3e8e70cdd02613b96477f4e1ccde77
7fdd66d2dd069b68c623a02434301dc2cdf8007a0af2b3fa0b809455679af456
820a5c6758c92428368ba0b8ec651dbd593aafd0046c9e970c0252bf4301828c
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
850f27d1b165d32c880861dfbfe01443215a0f51310d2c96239879cfcdff995c
85e3697fdb65077432d19ff2953a9384b12c6971b9187fd719ac2cf0f1f472d5
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8980ccb5946abcc0aafab8f2eaca0021a48dc264bd3c040b618c56f4d2e3b984
8abfb95a0d75c4822ccf98fefe287247d26b6e753988814d82838af1bf59c8c7
8b5cbe512fbb056de7aa42963d3bac7e38adb05e32fbe6f502b4fad3cabf57fc
8cccd7da46e757c29d90ebbdd06911e724baf818543d032fe7fd657761008dbe
8cf20f3c0544286ae34be1df4d8c19de9d4b9c6041b769bb4448f9a19036febe
8cf7b190fddf777d12e3ff6b9fd4bb4c580ee9c1488bc78a40750c55bd6d4e1a
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
8e803df870509df5596e431097ee1fffed78481509f955db288e3f3cd47b16e8
8f9560479a05fb86854546c40ec030edc2bac692d4142391d69b16e5c033a185
91b4eb09154d5ebef46352e922194ec6dbb9547b63f9776ae10133fe1ca66879
93ccd84af7169966aca404a214147c622a90cd8e65c1061a33d0c87f6c5819ff
93e3f4a80e5e0b448a58947028eb19f4c62c95a402b4df807a22c2250d4e764c
959b70ad4f2f8c397e23c06f38ddda7045a5c9774b610b348a1d946c0432a628
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
987e14bb1cda75b8693077b4090b2a07439b78f1b220c767fb06661cd7be21e3
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a3d1d0d59e8a98c71cdd54a57ebdd6baf8e143f50aadd92853cc1c1c3e687612
a44d0dbd6674f6bc5ff19108f139572b3c1425e2177094d05a2f62e88b79dc8f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5af34b74868f58da2483e0ad87af7bfb087d4fc23ee86139a4fba443bb66e5f
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
a641f67a18c95ca7315ff24fe983bbf069722e26bbc2a992aa9cad2ee740a07d
a691ce0fb054d5f2128394b9ad9c5961d7c0cdc1804bc83d6760df78ee304d7f
a6f768cbb894f2690011ee62662d3ac9480d12f5088fa46be57e650fcc4d835c
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7efa201343f8bbc55bd0c4e26babd367969fc3359baca798b625400db3d11d2
a8d806423ab35feaee7f0d7c1e8cd01639c35bc3862842ec298dec3f8af7ac66
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ac89e5da9a44bf33849a1d501ea97ccf43b026745695fee1ed2e0de76b4c881d
ac8b061cc8c823050265ffea8a045d1a69daf9b0fc049f775a003b1a3edd7d75
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
acfb5505224b87bb0b96395f64d741bc3f5bbebf7b480c290d9ca069c1fc8761
b06437eb7d795fa51787e55d921e1928e9e32e45495f34591115b24a6a6c2790
b0ed4a055ff198f6605e40f1169c9c9d684a873ed17d90f16ef66cc8cdbf9c93
b0fcaed7417c5277e2603cf2c0f5f4a95e77172e74154ec6f7c4c012b5301122
b12eebd27060324cfaf11df9601bf7e5ad503e6530f0b49de3dbe0b29d059591
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b19865c2e8366fc6cef8f869b9447b23243e4917d73591e554f1b697a1f8da9a
b3340bea4ee5045a4288eeff667625d1d5e8698e66db48fd4c9bcd644f1e4680
b87c086edf82604a1a5d4892ea8b121d480c6570d0ab7be8464322312e60c2a7
b87cdeb7fe32acd67895d6f8faf63d41c774079f67bdc13f5248c9193f7f13cc
ba1046219b769e4ed0863b1fd31b8f905886fdea76e95ce0abe716ef6d148f6e
bb7a8c984417a77f846d70464f10364b4e5cb40c50ad1140b805bf43f2984b4d
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
c0d8da4160b4a1931109717e5f8a0633b5833bc396cf32b54df1e0b4a5e61e3e
c1627399fe6ff6313825ef2f28265ee71ca235e72d0bcf4b924fc10788fc1cb3
c1d8c1269dd3540fd5209c776e2f03bddbb53f4d4a39ced794906f5bc742e058
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c589b30b68800d200a04bbdbc40d7fdcbdbbc10fe83e6c4d292034224026ea32
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c8b5d984e6d2cdaf64b8a50c9b645e347e74ffa712aa0b9422015700c98f9bb9
c8fc1109963ab540f2ee448e9c38c8168805bf3c90d34842a31090d4fd9e6b78
c95b18e797d7ab1d6c92df71af627236c4c93172f16c77e96660c30e352da9f0
c9e721a0fa4def37dfb177f59d4becab89f82bdbad85dfbd4e3144ce61cff6cf
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d417e4491ffab026708b52d3daceb656cf919f94e21d0b283626218184eb1912
d4c668bce61f7b8ce502204a3cd9b5f868384c07bff2b907e561b75f6a6ec56c
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d6b7472f98f400d0f4c24dea8eb9a90afb003eda04b32f86f48fddaf56f78fbf
db1ddd2f61dbad3bc06f5c02819ccbf4b9508380b37aec20a6df6f4660c078a2
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e74af528af322f03aeb5027145ffbe6b259d3b29424de9c82a733a414f46b283
e76161afe81de38b97738d5d9008b7f211017ed268ebc8998acce1f3e9c49f61
e7eeca1c924364f1aa6d48427fa90f6a9b0f620147928a531237a7aa308cc523
e7f8fb3de1908cf50ce35acee4c5932760e17fba860ec7c2a591ea5dcffa306d
e859459902fb9bb75189df502e8f6ec40c8dea2c59b301f9fe43933ded390680
e90e6fd12dbd83e4f13e060ecef77141642b15a4fe0c57ce1191b7b83c71717f
ea0940a6c64aff793641bf5e3767e91835cf0bd164ce63f0a526c415b5482de6
eb2bd76c6d661717105dbca868a22b4ff566a1fb161ef719fd08b9c9c36c24a8
eb7c9303c1909cb61c459c12b535c69eb76ed3b08720c97a586e26b0b4ab8028
ecde72bc5d9fd5bc5150218535ae8f75ad9161924b91e64b7995c495fc90c246
eeadc0ee383b67004a88a4312b94d00a8d0e31fea686dbf6661553013a7d6dae
eef37805e49ddda5f7b9abc013c4a0a84d34edf980f4ec5c9abd49f9af18b954
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef8a5f444c988e2c08260642c8257654f5e825e839a9c3d355933d4d12e0345b
f470d727967e38ee769e6ce10b7b07f7830ef361ff743944dd0724185d9442c8
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
fc025890b2544e23fc6ee0df711326e1b4a38b00849b9e5c914ad074902edec5
fcd46f947a06d7e9bb7f98aadba4d7872b55590b439801a5fd63b94cf4a43cdd
fd14d8a9ac18340825861bf9b89b91a73c37728b15941e3ed285fe8cd390073c
ff029faabc552c9d59dc2b7ece2544e5b60713a3236ebad1ef95d8110025507e

1plus1.ua Open in urlscan Pro 195.137.240.100 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

369 Requests

99 %HTTPS

27 %IPv6

91 Domains

141 Subdomains

94 IPs

14 Countries

5632 kBTransfer

11284 kBSize

10 Cookies

18 Outgoing links

Page URL History

Redirected requests

369 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

1plus1.ua Open in urlscan Pro
195.137.240.100 Public Scan

Screenshot
Live screenshot

Full Image

369
Requests

99 %
HTTPS

27 %
IPv6

91
Domains

141
Subdomains

94
IPs

14
Countries

5632 kB
Transfer

11284 kB
Size

10
Cookies

369 HTTP transactions
6 data transactions