ua.nesrakonk.ru Open in urlscan Pro
2606:4700:3030::6815:2e4c Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ua.nesrakonk.ru/
Submission Tags: 0xscam
Submission: On December 18 via api (December 18th 2023, 4:33:56 am UTC) from US — Scanned from DE

Summary HTTP 239 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 58 IPs in 10 countries across 46 domains to perform 239 HTTP transactions. The main IP is 2606:4700:3030::6815:2e4c, located in United States and belongs to CLOUDFLARENET, US. The main domain is ua.nesrakonk.ru.
TLS certificate: Issued by GTS CA 1P5 on December 15th 2023. Valid for: 3 months.

This is the only time ua.nesrakonk.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 16	2606:4700:303... 2606:4700:3030::6815:2e4c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:215... 2600:9000:2156:ea00:6:b871:4f00:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:225e:ce00:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
18	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a02:6b8:a::a 2a02:6b8:a::a	13238 (YANDEX) (YANDEX)
3 7	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
4	95.163.52.67 95.163.52.67	47764 (VK-AS) (VK-AS)
1 4	188.42.191.196 188.42.191.196	7979 (SERVERS-COM) (SERVERS-COM)
11	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
2	81.19.89.18 81.19.89.18	24638 (RAMBLER-T...) (RAMBLER-TELECOM-AS)
1	2a02:6ea0:c70... 2a02:6ea0:c700::18	60068 (CDN77 ^_^) (CDN77 ^_^)
1	151.236.118.146 151.236.118.146	204720 (CDNETWORKS) (CDNETWORKS)
2 7	18.192.88.240 18.192.88.240	16509 (AMAZON-02) (AMAZON-02)
1 1	176.122.21.226 176.122.21.226	48096 (ITGRAD) (ITGRAD)
1	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
3 13	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:6ea0:c70... 2a02:6ea0:c700::10	60068 (CDN77 ^_^) (CDN77 ^_^)
1	23.32.184.192 23.32.184.192	16625 (AKAMAI-AS) (AKAMAI-AS)
2	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	2a05:d018:d29... 2a05:d018:d29:3605:24c3:ec91:3ba9:b85a	16509 (AMAZON-02) (AMAZON-02)
7	2a02:6b8:20::215 2a02:6b8:20::215	13238 (YANDEX) (YANDEX)
1	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
3	81.19.89.17 81.19.89.17	24638 (RAMBLER-T...) (RAMBLER-TELECOM-AS)
29	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
12	2606:4700:20:... 2606:4700:20::681a:ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:e365:4988:e8a7:3270	16509 (AMAZON-02) (AMAZON-02)
3	2a02:fa8:8806... 2a02:fa8:8806:13::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 3	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 20	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
2	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
1 2	23.32.185.35 23.32.185.35	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	31.172.81.158 31.172.81.158	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
2 2	89.108.120.68 89.108.120.68	197695 (AS-REG) (AS-REG)
1	2a02:6b8::90 2a02:6b8::90	13238 (YANDEX) (YANDEX)
4	2001:4860:480... 2001:4860:4802:32::3	15169 (GOOGLE) (GOOGLE)
1	64.233.166.157 64.233.166.157	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
5 5	37.157.5.132 37.157.5.132	198622 (ADFORM) (ADFORM)
1 1	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:66::a	15169 (GOOGLE) (GOOGLE)
9	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:61b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	34.160.236.64 34.160.236.64	15169 (GOOGLE) (GOOGLE)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8101:ecdd:a035:7b09:ae7f	16509 (AMAZON-02) (AMAZON-02)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	213.155.156.185 213.155.156.185	1299 (TWELVE99 ...) (TWELVE99 Arelion)
16	2a02:2638:3::10 2a02:2638:3::10	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	23.60.204.187 23.60.204.187	16625 (AKAMAI-AS) (AKAMAI-AS)
2	95.101.149.233 95.101.149.233	16625 (AKAMAI-AS) (AKAMAI-AS)
1	91.121.248.44 91.121.248.44	16276 (OVH) (OVH)
2	23.199.221.167 23.199.221.167	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2001:6d0:4001... 2001:6d0:4001::226	52016 (ADFACT) (ADFACT)
239	58

16 2606:4700:3030::6815:2e4c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ua.nesrakonk.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:ea00:6:b871:4f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:ce00:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8:a::a (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)

yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:6b8::1:119 (Moscow, Russian Federation) 3 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 95.163.52.67 (Russian Federation)

ASN47764 (VK-AS, RU)
PTR: top-fwz1.mail.ru

top-fwz1.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 188.42.191.196 (Luxembourg) 1 redirects

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 81.19.89.18 (Russian Federation)

ASN24638 (RAMBLER-TELECOM-AS, RU)
PTR: kraken.rambler.ru

st.top100.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::18 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

vid.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.236.118.146 (Moscow, Russian Federation)

ASN204720 (CDNETWORKS, RU)

cache.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.192.88.240 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-88-240.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 176.122.21.226 (Russian Federation) 1 redirects

ASN48096 (ITGRAD, RU)

ads.adlook.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::10 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

vpaid.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.32.184.192 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-184-192.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:d018:d29:3605:24c3:ec91:3ba9:b85a (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:6b8:20::215 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)

yastatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.19 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 81.19.89.17 (Russian Federation)

ASN24638 (RAMBLER-TELECOM-AS, RU)
PTR: kraken.rambler.ru

kraken.rambler.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:e365:4988:e8a7:3270 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.96.105.8 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.114.159.93 (Loerrach, Germany) 3 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.250.184.226 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.75.86.98 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.32.185.35 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-185-35.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.172.81.158 (Germany) 3 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync.bumlam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 89.108.120.68 (Russian Federation) 2 redirects

ASN197695 (AS-REG, RU)
PTR: d51803.reg.regrucolo.ru

x01.aidata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8::90 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:32::3 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.166.157 (United States)

ASN15169 (GOOGLE, US)
PTR: wm-in-f157.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.5.132 (Denmark) 5 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:66::a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r5---sn-4g5e6nze.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:61b (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.160.236.64 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 64.236.160.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8101:ecdd:a035:7b09:ae7f (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.185 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a02:2638:3::10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.60.204.187 (Düsseldorf, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-60-204-187.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.101.149.233 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-149-233.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.121.248.44 (France)

ASN16276 (OVH, FR)
PTR: ip44.ip-91-121-248.eu

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.199.221.167 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-199-221-167.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:6d0:4001::226 (Russian Federation) 1 redirects

ASN52016 (ADFACT, RU)

www.tns-counter.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	564 KB
34	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 bid.g.doubleclick.net — Cisco Umbrella Rank: 840	228 KB
26	criteo.net static.criteo.net — Cisco Umbrella Rank: 631 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 10143 csm.eu.criteo.net — Cisco Umbrella Rank: 9625	392 KB
18	gstatic.com fonts.gstatic.com www.gstatic.com csi.gstatic.com	320 KB
16	nesrakonk.ru 1 redirects ua.nesrakonk.ru	289 KB
14	ad4m.at as.ad4m.at — Cisco Umbrella Rank: 25796 ad4m.at — Cisco Umbrella Rank: 11359 assets.ad4m.at — Cisco Umbrella Rank: 35458	134 KB
8	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29 imasdk.googleapis.com — Cisco Umbrella Rank: 487	140 KB
7	yastatic.net yastatic.net — Cisco Umbrella Rank: 7053	201 KB
7	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 336	2 KB
6	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138
5	adform.net 5 redirects c1.adform.net — Cisco Umbrella Rank: 560	3 KB
5	criteo.com dis.criteo.com — Cisco Umbrella Rank: 550 ads.eu.criteo.com — Cisco Umbrella Rank: 9522 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 10971 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 16218	57 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	322 KB
5	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 339 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 946 eus.rubiconproject.com — Cisco Umbrella Rank: 588 token.rubiconproject.com — Cisco Umbrella Rank: 461	15 KB
5	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 8902	3 KB
5	betweendigital.com 1 redirects ads.betweendigital.com — Cisco Umbrella Rank: 1601 cache.betweendigital.com — Cisco Umbrella Rank: 31380	4 KB
4	yahoo.com 3 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 307 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474	2 KB
4	mail.ru top-fwz1.mail.ru — Cisco Umbrella Rank: 10579	22 KB
4	yandex.ru 1 redirects yandex.ru — Cisco Umbrella Rank: 2221 mc.yandex.ru — Cisco Umbrella Rank: 4182 an.yandex.ru — Cisco Umbrella Rank: 5624	169 KB
3	2mdn.net 1 redirects gcdn.2mdn.net — Cisco Umbrella Rank: 1193 r5---sn-4g5e6nze.c.2mdn.net — Cisco Umbrella Rank: 986726	961 B
3	bumlam.com 3 redirects sync.bumlam.com — Cisco Umbrella Rank: 3569	2 KB
3	adition.com 3 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1428	2 KB
3	blismedia.com 2 redirects tr.blismedia.com — Cisco Umbrella Rank: 1618	584 B
3	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2627	310 B
3	google.com www.google.com — Cisco Umbrella Rank: 2	560 B
3	rambler.ru kraken.rambler.ru — Cisco Umbrella Rank: 37769	2 KB
2	tns-counter.ru 1 redirects www.tns-counter.ru — Cisco Umbrella Rank: 14336	703 B
2	awin1.com www.awin1.com — Cisco Umbrella Rank: 13930	1 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4497	653 B
2	ctnsnet.com 2 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 49153	1011 B
2	ad4mat.net static-de.ad4mat.net — Cisco Umbrella Rank: 192580 prod-rtb.ad4mat.net — Cisco Umbrella Rank: 145563	1010 B
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 331	297 B
2	aidata.io 2 redirects x01.aidata.io — Cisco Umbrella Rank: 13957	1 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1299	450 B
2	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 714	389 B
2	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 544 image6.pubmatic.com — Cisco Umbrella Rank: 793	6 KB
2	vidoomy.com vid.vidoomy.com — Cisco Umbrella Rank: 2232 vpaid.vidoomy.com — Cisco Umbrella Rank: 2959	19 KB
2	top100.ru st.top100.ru — Cisco Umbrella Rank: 47429	42 KB
2	optad360.io cmp.optad360.io — Cisco Umbrella Rank: 55535 get.optad360.io — Cisco Umbrella Rank: 39286	798 B
1	medialead.de pv.medialead.de — Cisco Umbrella Rank: 47317	327 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5555	556 B
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1771	297 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 1226	204 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	5 KB
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 749	464 B
1	adlook.me 1 redirects ads.adlook.me — Cisco Umbrella Rank: 34405	328 B
239	46

	Domain	Requested by
29	tpc.googlesyndication.com	googleads.g.doubleclick.net imasdk.googleapis.com tpc.googlesyndication.com pagead2.googlesyndication.com
20	cm.g.doubleclick.net	1 redirects googleads.g.doubleclick.net ua.nesrakonk.ru
18	pagead2.googlesyndication.com	ua.nesrakonk.ru pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
16	imageproxy.eu.criteo.net	ads.eu.criteo.com
16	ua.nesrakonk.ru	1 redirects ua.nesrakonk.ru
13	googleads.g.doubleclick.net	3 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
11	fonts.gstatic.com	fonts.googleapis.com
9	static.criteo.net	ads.eu.criteo.com
7	yastatic.net	yandex.ru
7	x.bidswitch.net	2 redirects ua.nesrakonk.ru cache.betweendigital.com googleads.g.doubleclick.net
6	assets.ad4m.at	as.ad4m.at
6	www.googleadservices.com	ua.nesrakonk.ru
6	fonts.googleapis.com	ua.nesrakonk.ru googleads.g.doubleclick.net
5	c1.adform.net	5 redirects
5	www.googletagservices.com	googleads.g.doubleclick.net
5	mc.yandex.com	2 redirects ua.nesrakonk.ru
4	ad4m.at	as.ad4m.at ad4m.at
4	csi.gstatic.com	imasdk.googleapis.com
4	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
4	ads.betweendigital.com	1 redirects ua.nesrakonk.ru vid.vidoomy.com
4	top-fwz1.mail.ru	ua.nesrakonk.ru top-fwz1.mail.ru
3	sync.bumlam.com	3 redirects
3	dsp.adfarm1.adition.com	3 redirects
3	tr.blismedia.com	2 redirects googleads.g.doubleclick.net
3	dclk-match.dotomi.com	googleads.g.doubleclick.net
3	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
3	www.gstatic.com	googleads.g.doubleclick.net
3	kraken.rambler.ru	st.top100.ru ua.nesrakonk.ru
3	pr-bh.ybp.yahoo.com	3 redirects
2	www.tns-counter.ru	1 redirects
2	www.awin1.com	as.ad4m.at
2	eus.rubiconproject.com	cache.betweendigital.com eus.rubiconproject.com
2	d5p.de17a.com	2 redirects
2	gcm.ctnsnet.com	2 redirects
2	r5---sn-4g5e6nze.c.2mdn.net	ua.nesrakonk.ru
2	match.adsrvr.org	googleads.g.doubleclick.net
2	x01.aidata.io	2 redirects
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	onetag-sys.com	1 redirects cache.betweendigital.com
2	dis.criteo.com	googleads.g.doubleclick.net
2	imasdk.googleapis.com	googleads.g.doubleclick.net
2	st.top100.ru	ua.nesrakonk.ru st.top100.ru
2	mc.yandex.ru	1 redirects ua.nesrakonk.ru
1	token.rubiconproject.com	eus.rubiconproject.com
1	pv.medialead.de	as.ad4m.at
1	secure-assets.rubiconproject.com	1 redirects
1	rtb.nl3.eu.criteo.com	googleads.g.doubleclick.net
1	prod-rtb.ad4mat.net	googleads.g.doubleclick.net
1	csm.eu.criteo.net	ads.eu.criteo.com
1	ads.travelaudience.com	1 redirects
1	ag.innovid.com	googleads.g.doubleclick.net
1	odr.mookie1.com	googleads.g.doubleclick.net
1	cdnjs.cloudflare.com	ads.eu.criteo.com
1	static-de.ad4mat.net	as.ad4m.at
1	cat.nl3.eu.criteo.com	ads.eu.criteo.com
1	gcdn.2mdn.net	1 redirects
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	an.yandex.ru	ua.nesrakonk.ru
1	cms.quantserve.com	googleads.g.doubleclick.net
1	image6.pubmatic.com	ads.pubmatic.com
1	pixel.rubiconproject.com	ua.nesrakonk.ru
1	ads.pubmatic.com	vid.vidoomy.com
1	vpaid.vidoomy.com	vid.vidoomy.com
1	ups.analytics.yahoo.com	ua.nesrakonk.ru
1	ads.adlook.me	1 redirects
1	cache.betweendigital.com	ads.betweendigital.com
1	vid.vidoomy.com	ads.betweendigital.com
1	yandex.ru	ua.nesrakonk.ru
1	get.optad360.io	ua.nesrakonk.ru
1	cmp.optad360.io	ua.nesrakonk.ru
239	71

This site contains links to these domains. Also see Links.

Domain
kamiltaylan.blog
nesrakonk.ru
id.nesrakonk.ru
tr.nesrakonk.ru
kz.nesrakonk.ru

Subject Issuer	Validity	Valid
nesrakonk.ru GTS CA 1P5	`2023-12-15` - `2024-03-14`	3 months	crt.sh
*.optad360.io Amazon RSA 2048 M02	`2023-09-17` - `2024-10-15`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.xn--d1acpjx3f.xn--p1ai GlobalSign ECC OV SSL CA 2018	`2023-10-26` - `2024-04-24`	6 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-08-14` - `2024-01-24`	5 months	crt.sh
*.mail.ru GlobalSign ECC OV SSL CA 2018	`2023-10-06` - `2024-11-06`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.top100.ru GlobalSign GCC R3 DV TLS CA 2020	`2023-02-08` - `2024-03-11`	a year	crt.sh
*.vidoomy.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-06` - `2024-10-06`	a year	crt.sh
cache.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-16` - `2024-03-18`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-03` - `2024-01-24`	6 months	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-11-26` - `2024-11-26`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.yastatic-net.ru GlobalSign ECC OV SSL CA 2018	`2023-06-02` - `2024-01-02`	7 months	crt.sh
*.rambler.ru GlobalSign GCC R3 DV TLS CA 2020	`2023-04-17` - `2024-05-18`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
quantserve.com R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-12-02` - `2024-03-01`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-15` - `2024-03-10`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-03` - `2024-02-28`	3 months	crt.sh
ad4mat.net GTS CA 1P5	`2023-11-18` - `2024-02-16`	3 months	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-27` - `2024-03-29`	a year	crt.sh
*.innovid.com RapidSSL TLS RSA CA G1	`2023-03-15` - `2024-04-14`	a year	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-17` - `2024-01-18`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2023-11-21` - `2024-02-19`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-12-05` - `2024-02-13`	2 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
pv.medialead.de R3	`2023-12-04` - `2024-03-03`	3 months	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-28` - `2024-01-28`	a year	crt.sh
*.ads.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2023-01-13` - `2024-02-13`	a year	crt.sh

This page contains 31 frames:

Primary Page: https://ua.nesrakonk.ru/
Frame ID: 5DB01AA71A7C007237D83B1E88DA00C8
Requests: 53 HTTP requests in this frame

Frame: https://ads.betweendigital.com/match?bidder_id=261&external_user_id=6f36ee19082ae311fe188bedefaa0549
Frame ID: 56794EC2FEC88A28E809D04875272C2C
Requests: 5 HTTP requests in this frame

Frame: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=fdcb8495-a194-5260-9976-fd8ffc093621&CACHEBUSTER=2466
Frame ID: 141567652152A71B494C599B1B6ECD00
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html
Frame ID: 470B6DA078A7C243DA71E8024EA62CAF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&adk=1812271804&adf=3025194257&lmt=1702874030&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874030679&bpp=4&bdt=190&idt=191&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8318130936125&frm=20&pv=2&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=207
Frame ID: CCFF34A5E5B8B4987995AAFA8D0F505C
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156498&gdpr=0&gdpr_consent=&userIdMacro=(PM_UID)&predirect=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fpbscookie%3Fuid%3D%28PM_UID%29%26vid%3D6f36ee19082ae311fe188bedefaa0549%26dspid%3Dpubmatic
Frame ID: DCD6C7CE2115341130BDE029C60793DE
Requests: 2 HTTP requests in this frame

Frame: https://ua.nesrakonk.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
Frame ID: 56D8562AE7A5F4F1231DDEF4A51F7F40
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=280&adk=4144480424&adf=2571114240&pi=t.aa~a.1665869076~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x280&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1621&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2
Frame ID: 02DFE44D49C316ED4D688A404DFFB370
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=280&adk=3809598800&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x280&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=732&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2172&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=6
Frame ID: F8AA39C24AFF6533E025974296ADF8B1
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=90&adk=1002792709&adf=1065720476&pi=t.aa~a.1367413946~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x90&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1911&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=8
Frame ID: 956FE4159087D1518900552361A7BD8E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=60&adk=3660842011&adf=569783962&pi=t.aa~a.1367413946~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x60&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x90&nras=5&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2102&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=10
Frame ID: 7F9F56C0810567C35AFFD22446BD269F
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: CCCE20A380B6F6368E2EF82A4A7B126F
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 7600A57BCE18FECC6A930DDEDDB5D654
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js
Frame ID: F0047D996B8FD641A421718B911FDE30
Requests: 14 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1kgg2h50mmq1hedjaaagb0tv1qg6tpchm3zxbcr4zpxyyn70fxzt1bpvnt9xkmac3dm7r40xjfyhc5bqj4fh0sqnbkg9wxaetcnd0y8f8hxffjhz5rnavv6mf72j6vv8grdswjnn3kvn9va3z42g1sxcztm9xz5b4xk0k8nr549fprgha3sp69zt8h6sbrnw4qywq8amb3wf59c5v92znkpf1m11g9hjt0r95y3jyz1fnd7j4gq06gnqkrard499tvyxsnjbfagdjsk1ydf34120db7v1sd9t5eh64mympbzjqj4kdxtvz2q9g2s7cq2kpzya67cz9z9jkcwx52kh6n9xzp1y34rcgk3v7zjke5sq8fc67y0w0qds40ymd0w2r513c5eqgcn0x1ryykq1nxgkgze9p5zhq5g3h0q0k3k9dp525cygphptpw44fkxnnt2d0rx&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%26client%3Dca-pub-2661896136775218%26adurl%3D
Frame ID: FC6B03EC9B08F55E64CDB0EBBC79923A
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Frame ID: D8D79C43D85D6AFC0E952C786D672C06
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A63A3A194C74FBF4657E6D3943D7D5EB
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZX_LrwADw4IH_Z7qAA8dMr7nqSxCxfHFBAj5Hw&u=%7CupLRa2PRaItMuauxrdp9dymZPZ%2F3UsndZf8ByElNRAY%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZWgJ4RDTbq-Wb6C9K-cesMV_WPikrq5at_ACdAcfQ797WXjMvyWgYJqOQOzabhQ03_y66hfcyx8Jhvcz45gHOOR79ysngZNRwOvBU9G4tKidQa1hjUxoEMfD9oSLhmX6odAopQYyqWcHzPISVkxHVWnJRnAKAXrBlGuBqrJ91l4HXTZZvjZQLXCCYQMxI1hQ-vTesMgYmQ5Le_g3k5TKQILZzpbI-pynv-o82U8FQqQcVMZEmRDKlXcW3poSlpzax-tMbWuWECbiGkWbPVDPDb1d0dI_hq3m4-1h-de9ptfQHYDgj4nS8u__6AcVH1gWlP_seJ5hLNMp3BNyaBHf6srVNYIXSkicujEzNhPMAmqaNf4Q5-WbyF8y5Lu0Q31vOXdILJqmk2kL7oSxjXgXu-4C7HbAvv1FnSWL26mpGxbxwGO3X6uRKTGnQQUHwg8SZhI9zYJC3Nwtc66cydzy_iAPWYooY9iSyOieMzvDanP554MRJrQCVIR3s611cZAP3fwLBpHSHNF_jgnrWvDVELOBJpcXQo0SswtZeQGzXPcbFyB4GqVSCaXpmayZCtrc2E2x9_VI9FpaF8L3bK9E0LV&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCT77ur8t_ZYKHD-q99u8Psrq8-APJntKxXM3x4t2IAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEywFP0OfX_md0WE7ATtUoaYBP5yi7nwUXHQ0CXAAvXBVO8l8sJYpqArfVuDkZv_AO1IMtva3EpMN2dwjx-v0AVSLV2DJcpez2Yyl0E3emEgRsoqyixziWOBh5NspiY6bdWa3Jh8op_d3SFnY2IMad8b2jp9IbTHa8KdHF9dFGydTOQViW4EMc-nByIdSXJQtuvHn_6WBrsRrJssdJEJRDKT1-Zef_GmnopcVfzmuv2IxwKGUgMRmp7B53ZAKG2iaTeMVi0Mu4Tsf_ZYwEW4AG3IqBvYCDxve2AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOljU-eqNlJiDA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0zS8ErGDKZumDKC8EEflTiiEKlrQ%26client%3Dca-pub-2661896136775218%26adurl%3D
Frame ID: 1BA83A02879315AFD937D64DAE6779AB
Requests: 29 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EC2B7CDC416214637F7EB5E833B65F1F
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 68CCA576B7CFAAC75696626E1CD929C1
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E31B9955BFA3C549713F07396375FAD7
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js
Frame ID: DD825CEF098E1FF762EE7A7D7072D60A
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/cookie-frame.html
Frame ID: F0B80247D755F04515550649851B39E9
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 53752067D7DC78FE6495257956EF7D4E
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js
Frame ID: C5F9EE27E37984B881AE3C7EFB030445
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js
Frame ID: 544A292BE1CA3B0DDD4199404C309B83
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Frame ID: 274AC8602A3F2E4236A8E4ECF12E2186
Requests: 3 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=34719%2C19769%2C117569&b=KXRURfZfk7dT5HMHktPteG4S7SAT88qcp25b%2Cjk8aEfGfP4JCYHEH2t6tRMDTZSzT11bTdrg7%2CJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=kkDa5f3fBKMa4HwHetmCw5WuZSjTmmAa91Ye%2CxmDFQfAf3RbSPHdHztDCRzpT7S6TKKps17xd%2CG1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=728&d=90&e=&g=9c0d01fb432861ad19332f35825019b4%2F1307532906771011093&i=26474%2C21630%2C29981&j=41%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1702874031926&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jq1nmaq05s7zx1qfjaty1pcacjgqbtpjs0a4ws5zz0b2gqg0s9a96yknx5e9c0j3n1papnk6y5q3nghsnrv3tndsr04hehp454xfwsr3zgztr6rcfd6c09nf3b7ajn4dz3vzaa2yp9xep3scarney8fapvrg8shr3twnfbx65ya5m5gnsa28xc6bmkvhhys5qfresjxavmysemzqk4c1df654jkq712nhskp04jttgqgkzvarqz6r1tay2dcjrya4g8rj243z72rv5dwf5aga8x%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%2526client%253Dca-pub-2661896136775218%2526adurl%253D&y=1&s=&z=0
Frame ID: 137A43A1D77AF7B443099421581C72C9
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B74EA3EA10264BBF9E7A0E3262106747
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D380333E6D8DD64813E5DD8811517863
Requests: 2 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5d1628750185ace
Frame ID: 6F19A8F1C076C816E85BC6005CCD2ED2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Фінансова енциклопедія – Фінансові поняття і терміни

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

Yandex.Direct (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://an\.yandex\.ru/

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

239
Requests

88 %
HTTPS

53 %
IPv6

46
Domains

71
Subdomains

58
IPs

10
Countries

2937 kB
Transfer

8295 kB
Size

62
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://kamiltaylan.blog/
Title: KamilTaylan.blog

Search URL Search Domain Scan URL

URL: https://nesrakonk.ru/
Title: RU

Search URL Search Domain Scan URL

URL: https://id.nesrakonk.ru/
Title: ID

Search URL Search Domain Scan URL

URL: https://tr.nesrakonk.ru/
Title: TR

Search URL Search Domain Scan URL

URL: https://kz.nesrakonk.ru/
Title: KZ

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

https://ads.betweendigital.com/sspmatch-js?p=42565&randsalt=8078080575 HTTP 302
https://ads.betweendigital.com/sspmatch-js?p=42565&randsalt=8078080575&crf=1&rts=1160685750885572132

Request Chain 27

https://ads.adlook.me/csync?pid=btw&uid=fdcb8495-a194-5260-9976-fd8ffc093621&url=https%3A%2F%2Fads.betweendigital.com%2Fmatch%3Fbidder_id%3D128%26external_user_id%3D%7BuserId%7D HTTP 302
https://ads.betweendigital.com/match?bidder_id=128&external_user_id=8ee1bdafebf54e8f9714e9cc1b839876

Request Chain 32

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10220.cgLlCn5ouGvX8qqjcmKSS5I_quhlhhgZ0DJd1tiprL0acT5ixVq7nABUHzGzNyYJ.7OiK1yAYK8vc_YdDUHM1toyvj4g%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=10220.Zyo5MRudyUkyGWRdx-imdQ-NqMvVlmJMRel-HzPBavAv_YSNDtTBHme-gpVNMgmZCTrQsA-HVhK2vCb_V7UcuDS0KlYaEW0JMTs1Q-Pdd3MC1DubmYRFxViqIlYp4Uvux3jr0koccuifNXAzY4Xq32513vclHeO9qNzmRzfD-mihtBR8yQcpntA8Kk21BrgOmXWX0OLKu1DYBhf3f7IB0y1CcZwL0-JnOA2jDoEy1lU%2C.G8NYvisi-xRFzj6I5zuudnA-zXA%2C

Request Chain 36

https://x.bidswitch.net/sync?ssp=vidoomy&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy&gdpr=0&gdpr_consent= HTTP 302
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=vidoomy&ssp_user_id=34169302-541b-4de4-a44e-03746331a36d&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=74&&user_id=y-bEpRKPNE2pkE0shItqXeUv4PIKT_f6j8aDyXOw--~A&expires=5&ssp=vidoomy

Request Chain 53

https://ua.nesrakonk.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://ua.nesrakonk.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

Request Chain 54

https://mc.yandex.com/watch/56818315?wmode=7&page-url=https%3A%2F%2Fua.nesrakonk.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3bfl5e3f8ptrmgtp6nxhmpy3%3Afp%3A688%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A1%3Adp%3A0%3Als%3A1257658286586%3Ahid%3A282768033%3Az%3A60%3Ai%3A20231218053350%3Aet%3A1702874031%3Ac%3A1%3Arn%3A627676723%3Arqn%3A1%3Au%3A170287403165226735%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C31%2C418%2C%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1702874029969%3Arqnl%3A1%3Ast%3A1702874031%3At%3A%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D0%B0%20%D0%B5%D0%BD%D1%86%D0%B8%D0%BA%D0%BB%D0%BE%D0%BF%D0%B5%D0%B4%D1%96%D1%8F%20%E2%80%93%20%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D1%96%20%D0%BF%D0%BE%D0%BD%D1%8F%D1%82%D1%82%D1%8F%20%D1%96%20%D1%82%D0%B5%D1%80%D0%BC%D1%96%D0%BD%D0%B8&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)ti(1) HTTP 302
https://mc.yandex.com/watch/56818315/1?wmode=7&page-url=https%3A%2F%2Fua.nesrakonk.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3bfl5e3f8ptrmgtp6nxhmpy3%3Afp%3A688%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A1%3Adp%3A0%3Als%3A1257658286586%3Ahid%3A282768033%3Az%3A60%3Ai%3A20231218053350%3Aet%3A1702874031%3Ac%3A1%3Arn%3A627676723%3Arqn%3A1%3Au%3A170287403165226735%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C31%2C418%2C%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1702874029969%3Arqnl%3A1%3Ast%3A1702874031%3At%3A%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D0%B0%20%D0%B5%D0%BD%D1%86%D0%B8%D0%BA%D0%BB%D0%BE%D0%BF%D0%B5%D0%B4%D1%96%D1%8F%20%E2%80%93%20%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D1%96%20%D0%BF%D0%BE%D0%BD%D1%8F%D1%82%D1%82%D1%8F%20%D1%96%20%D1%82%D0%B5%D1%80%D0%BC%D1%96%D0%BD%D0%B8&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

Request Chain 93

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIHjTsUefOYPpMU7MfqpAYs&google_cver=1&google_push=AXcoOmTkvNDcexRNDhCJaPAoAAKZdJmMw_aZcEGeT-7DLzJLD4IbgUoptuR8BWxtC1FTcUEl6f1mzKGUYu5S8iRPBnwtn-qrcj0dAxIt HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMzc4ODI3MjM1OTU2OTU1NA%3D%3D&google_push=AXcoOmTkvNDcexRNDhCJaPAoAAKZdJmMw_aZcEGeT-7DLzJLD4IbgUoptuR8BWxtC1FTcUEl6f1mzKGUYu5S8iRPBnwtn-qrcj0dAxIt

Request Chain 95

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEN8P5Autz9xA3nwVghXVt4c&google_cver=1&google_push=AXcoOmQ4hXxTUoSS61WcGSCLeF1gsjsuJyivW8KA_nBpAiEt4qnkFG4R_vPTfpuk9svo4vw8dryryNdzXMVS_z7cldS8KhiwLgsD8V5Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQ4hXxTUoSS61WcGSCLeF1gsjsuJyivW8KA_nBpAiEt4qnkFG4R_vPTfpuk9svo4vw8dryryNdzXMVS_z7cldS8KhiwLgsD8V5Q

Request Chain 96

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEEttOazPiiXwkXi8lV-KHNk&google_cver=1&google_push=AXcoOmRe2tOXVblfLiPJ51txlrzIeZNDoBHdR_xEPSDgtJ9Npjb1Y0GA_upr1KlVBPye3wh1Bi6ETgc6sdANweAFdHS_qIeCMM_jFICc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRe2tOXVblfLiPJ51txlrzIeZNDoBHdR_xEPSDgtJ9Npjb1Y0GA_upr1KlVBPye3wh1Bi6ETgc6sdANweAFdHS_qIeCMM_jFICc HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 98

https://sync.bumlam.com/?src=aid0 HTTP 302
https://sync.bumlam.com/?src=aid0&s_data=CAIQARivl_-rBqIBEKTunUKdXhHuu7EAJZDIJDY* HTTP 302
https://x01.aidata.io/0.gif?pid=ADSNIPER&id=a4ee9d42-9d5e-11ee-bbb1-002590c82436 HTTP 302
https://x01.aidata.io/0.gif?pid=ADSNIPER&id=a4ee9d42-9d5e-11ee-bbb1-002590c82436&bounce=1 HTTP 302
https://sync.bumlam.com/?src=aid1&uid=nugdOppDtbYbxdW3Wd7vjg& HTTP 302
https://an.yandex.ru/mapuid/adsniperis/a4ee9d42-9d5e-11ee-bbb1-002590c82436

Request Chain 138

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEAalI8JvgeY5w4YhNF2wjFc&google_cver=1&google_push=AXcoOmRNVby0zMRCG6ClpRIi7MMow8QkeRdZAGq0JUYxHuchrOJScxnpN_40YPiFX2O0YLHiOGUu_HIujkGqrRFseV5X6p9Wjhv2em4 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmRNVby0zMRCG6ClpRIi7MMow8QkeRdZAGq0JUYxHuchrOJScxnpN_40YPiFX2O0YLHiOGUu_HIujkGqrRFseV5X6p9Wjhv2em4&google_hm=hmV_y68hT8CaOCSbUg&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D657FCBAF214FC09A38249B52BLIS

Request Chain 139

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEBCCX625GkcSupCgynqLyJk&google_cver=1&google_push=AXcoOmQ1clvKZ8Bq66gJeJBzKqV2zsazWZ8NcXCHwmIdTntBZ_UYJQEz4nB-c10bUG1O2FXi3Shbp0ty7vH77O57M9A4eID4ECTq75aH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMzc4ODI3MjM1OTU2OTU1NA%3D%3D&google_push=AXcoOmQ1clvKZ8Bq66gJeJBzKqV2zsazWZ8NcXCHwmIdTntBZ_UYJQEz4nB-c10bUG1O2FXi3Shbp0ty7vH77O57M9A4eID4ECTq75aH

Request Chain 140

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEAtTdEBqr_rKcGNwRsQspDo&google_cver=1&google_push=AXcoOmTmw4b9ir4dYj9MyKdBiz8MbmiyOUbmWXTFdSBobNLQo6PgBta1VgLOBsNTE6bZLxzLxTgZNiDq0JTUcdsoTSW3fvRQ-STmSv9X HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTmw4b9ir4dYj9MyKdBiz8MbmiyOUbmWXTFdSBobNLQo6PgBta1VgLOBsNTE6bZLxzLxTgZNiDq0JTUcdsoTSW3fvRQ-STmSv9X&google_hm=eS1EX1hCTUhCRTJwR0NCZDVFeVVQN25qX1hQRHI2SEU0Vn5B

Request Chain 142

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESENyOJD91wcdihunU4UUnrkQ&google_cver=1&google_push=AXcoOmSOwm8rc2D4FOT5zfdDIVFFDGc5UbF4hq7IroKygu1CYBeqwZApZKE5DWMq9SRksmy2AXaN64YUQFRFoCvuilbiaF4Zs4zh-spp HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESENyOJD91wcdihunU4UUnrkQ&google_cver=1&google_push=AXcoOmSOwm8rc2D4FOT5zfdDIVFFDGc5UbF4hq7IroKygu1CYBeqwZApZKE5DWMq9SRksmy2AXaN64YUQFRFoCvuilbiaF4Zs4zh-spp HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTMwNTcwMzMwMjA4ODQ2ODI2NA&google_push=AXcoOmSOwm8rc2D4FOT5zfdDIVFFDGc5UbF4hq7IroKygu1CYBeqwZApZKE5DWMq9SRksmy2AXaN64YUQFRFoCvuilbiaF4Zs4zh-spp

Request Chain 146

https://gcdn.2mdn.net/videoplayback/id/fe798b597ebe020e/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846668050/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/12CE858742555CB9A5105833BD750B2669527650.2A5A8B42D3C8406C926FAB44367013E8FC22B29C/key/ck2/file/file.mp4 HTTP 302
https://r5---sn-4g5e6nze.c.2mdn.net/videoplayback/id/fe798b597ebe020e/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846668050/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/17F6696A0BFC375B07DC0387FE86EDF7BD399613.3DA90B8124281174AFDFDB804D97940CC5DC8743/key/cms1/cms_redirect/yes/mh/vK/mip/2a02:6ea0:c71b:0:1011:d03f:cf9e:5f45/mm/42/mn/sn-4g5e6nze/ms/onc/mt/1702873729/mv/m/mvi/5/pl/40/file/file.mp4

Request Chain 152

https://googleads.g.doubleclick.net/pagead/adview?ai=Cc_zcrst_ZdKHN6SS7_UPoeSEoAO4-KvkdL7z8eSSEqfVjKjqQRABIIHY7oQBYJXikIKgB6ABg6yNqirIAQmpAg6oy9JgR7I-qAMByAPLBKoE5AFP0IBqEuzwT4UPVW99T5qZQekj_bY81unJbNTEdepPn4nVRskK78xlw-2neTLTi21xAOwIc0AUjpiZjAqaWoASuErJg8Q-nBwYvrLxa5QG-eXh-sq1I5zn82BkwpiEW6y_go5qtUQLD6b6n6UmzH6E2tfNBFAV5oE3BAjjx4z3mDsbOsasHWpyDdG25KTGxx022yJ0GNHdMAuVptNyZgUWRUkFnajb-uOMRDiDcq30oVyl-O6XCzumf6enLdxLGUQEjw05UeHnnOhx5YsfvgRwdhRaZpJXUunJ98w1LiXk0rpH5kPABK310JbHBIgFo9yZ102gBi6AB4Pk3YkFqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQ8cUc0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOliY-tWNlJiDA5oJNWh0dHBzOi8vbm92YXBvc3QuY29tL3VrLWRlL3NlbmQvcGFyY2Vscy1hbmQtZG9jdW1lbnRzgAoByAsBogwgKh4KHOS0sQLutbECtbixAqy6sQLktLEC7rWxAru7sQLYEwOIFALQFQGYFgGAFwGyFxwKGggAEhRwdWItMjY2MTg5NjEzNjc3NTIxOBgA&sigh=WsGRtF-roQs&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgAvHhf_o7gyyoEZWCUKlIZ3JBScwXLjApGMffbxWAMOIZA5BWxJ3x7rt4Xxmzx4DuGXTnjji0eLhySgc4vtdeJhzOs-J2MT46-rJJTuGxgB&template_id=5000&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217783567135294417192%22,%22debug_reporting%22:true,%22destination%22:%22https://novapost.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211362588163%22],%2222%22:[%22true%22],%224%22:[%2212-18%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216066241592267021889%22}&andc=true

Request Chain 157

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOKo19xABN8c124e2Yte1To&google_cver=1&google_push=AXcoOmQqSz2EJo5-Ew-wNxJT76ck1hkH_JknKuCzU2lTzv2o1UAS-2cUiQSSdhEUbDlIp8vvlf0suLmvgemHozUxGp37qTWQlm_D19E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQqSz2EJo5-Ew-wNxJT76ck1hkH_JknKuCzU2lTzv2o1UAS-2cUiQSSdhEUbDlIp8vvlf0suLmvgemHozUxGp37qTWQlm_D19E&google_hm=dYnb1zjOSUKFP4BQF30oLYY

Request Chain 158

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEOtIBSykRGqSbRW6EH7mnxE&google_cver=1&google_push=AXcoOmSYQSjX6SPk0fd_jfCx7GwJAuBNUpjYOdPSCOABYqKoCh954eghFqjIuesfuHBwR_3puZhxO0S4-kIeublALZ_xwM509v3Lt3gd HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmSYQSjX6SPk0fd_jfCx7GwJAuBNUpjYOdPSCOABYqKoCh954eghFqjIuesfuHBwR_3puZhxO0S4-kIeublALZ_xwM509v3Lt3gd&google_hm=hmV_y68hT8CaOCSbUg&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D657FCBAF214FC09A38249B52BLIS

Request Chain 159

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEMxOtUGwTRk9KWbkWSW8r3Q&google_cver=1&google_push=AXcoOmQSO1MT6mO9L32oWgFMQpLICuIRGqwAWiPbELAYdU3FL9sDm8G2icwRJPc1CN7500tet4cv3PNKBNIR-5ei9wzShxl4Z4PKK3fw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMzc4ODI3MjM1OTU2OTU1NA%3D%3D&google_push=AXcoOmQSO1MT6mO9L32oWgFMQpLICuIRGqwAWiPbELAYdU3FL9sDm8G2icwRJPc1CN7500tet4cv3PNKBNIR-5ei9wzShxl4Z4PKK3fw

Request Chain 161

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEOjzMaj8K6dqZj1Xoi0TPPk&google_cver=1&google_push=AXcoOmTp3Wb_7baoWuoRwn3ktYzluhwHTRYRE6szA8SsSNKbL8Bi0f998kP79z0uCeI9j8E-m3nThwbNHJqFvhDn-s8NlBo7xEBsTH-b HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEOjzMaj8K6dqZj1Xoi0TPPk&google_cver=1&google_push=AXcoOmTp3Wb_7baoWuoRwn3ktYzluhwHTRYRE6szA8SsSNKbL8Bi0f998kP79z0uCeI9j8E-m3nThwbNHJqFvhDn-s8NlBo7xEBsTH-b HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjU3Nzc1MDc5NjkzODQ2MDkwNA&google_push=AXcoOmTp3Wb_7baoWuoRwn3ktYzluhwHTRYRE6szA8SsSNKbL8Bi0f998kP79z0uCeI9j8E-m3nThwbNHJqFvhDn-s8NlBo7xEBsTH-b

Request Chain 167

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEA1AXAaKJzug9h4C5pkHZAU&google_cver=1&google_push=AXcoOmQTpbyqXm8WGw_0A9yuzttl412NK8USDt6QjAE7u4WtOB57V9xWYkigo0p6Be-e1zwwzen4vt70aGAIabVvHLn32ezCoy2EOMs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQTpbyqXm8WGw_0A9yuzttl412NK8USDt6QjAE7u4WtOB57V9xWYkigo0p6Be-e1zwwzen4vt70aGAIabVvHLn32ezCoy2EOMs&google_hm=orFEQYN-RCuUXHHm9LY9wYY

Request Chain 168

https://ads.travelaudience.com/google_pixel?google_gid=CAESEFk18eKwqElMZeZbN4ULAlk&google_cver=1&google_push=AXcoOmQSKzIE58cUSN-DVp4kEsjwUMcC_wFczmOR_6WKzcMImbFH2JTLB0Kd2ZM_LPsPKUHK-VEvJY3Os9NB_4Pz2-prlQOPHgkx6WM HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Q_L9GoXyQPw4dnfRf0-9lA&google_push=AXcoOmQSKzIE58cUSN-DVp4kEsjwUMcC_wFczmOR_6WKzcMImbFH2JTLB0Kd2ZM_LPsPKUHK-VEvJY3Os9NB_4Pz2-prlQOPHgkx6WM

Request Chain 170

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEN15ynuR8FAKRwax1_6swjo&google_cver=1&google_push=AXcoOmQMoR-0rVNtDBrtNrC8IVaNBzk3hgG_LgG4YHPTUgugPQUOjEZQWZ_C-GP5-uDNzPTFmcYH83s83WQegSlrnq1s8vvwaQ_nFU4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQMoR-0rVNtDBrtNrC8IVaNBzk3hgG_LgG4YHPTUgugPQUOjEZQWZ_C-GP5-uDNzPTFmcYH83s83WQegSlrnq1s8vvwaQ_nFU4&google_hm=eS1EX1hCTUhCRTJwR0NCZDVFeVVQN25qX1hQRHI2SEU0Vn5B

Request Chain 171

https://d5p.de17a.com/cookies/google?google_gid=CAESEJahRQk07wPyT3plWq35zlE&google_cver=1&google_push=AXcoOmTeXI8LzMWXJ5a6CWkpwaA40KCkhGK-tD3RaGC8vcydz2Qnmn-tUqgqp-FGv0bNTgA-0vYgzusz7iEmbPzafEKvrhVaIv4KMlE HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEJahRQk07wPyT3plWq35zlE&google_cver=1&google_push=AXcoOmTeXI8LzMWXJ5a6CWkpwaA40KCkhGK-tD3RaGC8vcydz2Qnmn-tUqgqp-FGv0bNTgA-0vYgzusz7iEmbPzafEKvrhVaIv4KMlE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTeXI8LzMWXJ5a6CWkpwaA40KCkhGK-tD3RaGC8vcydz2Qnmn-tUqgqp-FGv0bNTgA-0vYgzusz7iEmbPzafEKvrhVaIv4KMlE

Request Chain 172

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELZnOYU04A4CNDvwDwGWh4w&google_cver=1&google_push=AXcoOmShKT7UTnGiiMUstDBxsvyLTZfMcQzDHW_7ucOKojsZNBl8lV5kWnTD7zmRncpc6d8ojtb5ldrJV0ABw1Pa74peacc9loHe8iE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTYyNzg0MDcxMjYzODU0NTc5&google_push=AXcoOmShKT7UTnGiiMUstDBxsvyLTZfMcQzDHW_7ucOKojsZNBl8lV5kWnTD7zmRncpc6d8ojtb5ldrJV0ABw1Pa74peacc9loHe8iE

Request Chain 202

https://googleads.g.doubleclick.net/pagead/adview?ai=CFUMKr8t_ZZbBDqaS9u8PrLqmuAjo2JaydIKnu6GwEsCNtwEQASCB2O6EAWCV4pCCoAegAcX2pp0DyAEJqQIOqMvSYEeyPqgDAcgDywSqBN0BT9Cj38xb1QRO2qVUufMh8fxzpgXYYYNIy0a7ykU_BJF_Y47df1sv8YzAmonz_7q4K2l2bzcyAAQfsbKcnn-ANs6jbyQXe52Kxb_p5yU9uYA38qrj3pr8owz2TxgnvuGFpHLz6ztR-BlEptQdi44fRZc2WmRjNxf2HqGzXgzPSq2bwDM_3sgKS6RtwhwqutkfyXBEg6xK24SOM1jt78tgTD8eIkkUTnldcKhbIar0z3LjU-cZN_vC85Y5COVOlZsFgmX2rKMBvbkXm4R0SHp0TTOzgvnMSzumEn4Oz5fABMDOlbXeBIgFksX4u02gBi6AB6OJ2WKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCR_QTSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPS36o2UmIMDmgk7aHR0cHM6Ly9zaXRlcy5ybXYuZGUvZGUvcm12Z28jYXVzZmx1Z3N0aXBwcy1mdWVyLWRlbi13aW50ZXKACgHICwGiDBQqEgoQ5LSxAu61sQK1uLECrLqxArgT5APYEwOIFAjQFQGYFgGAFwGyFxwKGggAEhRwdWItMjY2MTg5NjEzNjc3NTIxOBgA&sigh=OjqwztE4Mns&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSOwAvHhf_oSmsnJIkMjIcdrfWRneXZMb1rBjRWIWNwFJq_NawtCnZjVE_4iUL8GB53LgaSfLhbnCt1bZfGAE&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227267277231695809185%22,%22debug_reporting%22:true,%22destination%22:%22https://rmv.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22866761541%22],%2222%22:[%22true%22],%224%22:[%2212-18%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212674969833289438305%22}&andc=true

Request Chain 205

https://googleads.g.doubleclick.net/pagead/adview?ai=CQzOAr8t_ZbjgDviU9u8P-Z2EkA6QtMDrdOb4_tL1EeXy7OuuPxABIIHY7oQBYJXikIKgB6ABwJuglgPIAQmpAg6oy9JgR7I-qAMByAPLBKoEywFP0EGxEejPjkbMDSOKs4_eKnnot33xn1uoAmaX_nF-jyTWxUFUUrsuOn4L6oOnmxSVM6Xg_WaiWRTnDMJh4D0tzDCDWN23TSR8XNmprJvuiiEaPIBcu6UKhXIddKCWgc2gaKcCTFqhkTD3yP5meuCLK5oHfVIhBOv71O5_uR0mRIO80QE0Wsc8que8N_Eg_OInw02aBRD_oCJFanZfgdMMXw2IWg0yIlhJri_K48xDbP0Pg4_VG_Fb_CgDh_w5iCrxHGDSvcbui_XsKMAEvfDpnawEiAW6y9LgKpIFBAgEGAGSBQQIBRgEoAYugAeXkbcvqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQudsC0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOliz0-qNlJiDA5oJMWh0dHBzOi8vYWlyY2FsbC5pby9kZS9jL2J1c2luZXNzLXRlbGVmb25zeXN0ZW0tYi-ACgHICwGiDBwqGgoY5LSxAu61sQK1uLEC5LSxAu61sQK7u7EC2BMN0BUBmBYBgBcBshccChoIABIUcHViLTI2NjE4OTYxMzY3NzUyMTgYALIYAyIBAA&sigh=tN0LTkbdIkc&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSOwAvHhf_TjO9-2bSvTnKMXLoLTt3paaPBGJU9mlCrc-mv6cAqhbsYR0M7E9dZHRDyIwlh2V43u6u2Zc1GAE&template_id=5000&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213141025618308191397%22,%22debug_reporting%22:true,%22destination%22:%22https://aircall.io%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22851971520%22],%2222%22:[%22true%22],%224%22:[%2212-18%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228405181589480742017%22}&andc=true

Request Chain 218

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=btwnex&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu

Request Chain 238

https://www.tns-counter.ru/V13a****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/2466 HTTP 302
https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/2466

239 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
ua.nesrakonk.ru/ 49 KB
12 KB 517ms
419ms Document
text/html 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ua.nesrakonk.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 747c70819088486e70b5bb2b2aba8d67e1cb8176755133dd60d5213a60ba4b33

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8374b09ffb90b764-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 18 Dec 2023 04:33:50 GMT
link: <https://ua.nesrakonk.ru/wp-json/>; rel="https://api.w.org/"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZHBdiBUhQLf8C6qwRB8ti0%2ForsUkhJAaEARPy00OKJHUR4ojzv313QIv0B0uAbXL7ZR2MoAO8lZ4ChjP3MxMgGyQTrO0f17Gg5b9JmnKsW0S5HBHkQUfmJS42IgCHkILdRvc9xKYZjgJlX2WWt8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 5821d831-02ac-4374-a4fa-ee4c3db5e9d3.min.js Show response
cmp.optad360.io/items/ 2 B
406 B 91ms
36ms Script
application/javascript 2600:9000:2156:ea00:6:b871:4f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.optad360.io/items/5821d831-02ac-4374-a4fa-ee4c3db5e9d3.min.js
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:6:b871:4f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
via: 1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
last-modified: Thu, 20 Oct 2022 19:29:31 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
etag: "99914b932bd37a50b983c5e7c90ae93b"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
content-length: 2
x-amz-cf-id: J3wEG1GpRSJ7KX2yyDawFIXQ59Lf_-AbGtOFAJ_rBLl5ocD6Cg1PGw==

GET
H2 200 plugin.min.js Show response
get.optad360.io/sf/8fb80c6f-017d-4735-a448-bbf37a7d080d/ 2 B
392 B 64ms
8ms Script
application/javascript 2600:9000:225e:ce00:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/8fb80c6f-017d-4735-a448-bbf37a7d080d/plugin.min.js
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:ce00:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 21:41:26 GMT
via: 1.1 307395f1eb3989f15e6f525475291c86.cloudfront.net (CloudFront)
last-modified: Fri, 23 Jun 2023 10:18:52 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 24745
etag: "99914b932bd37a50b983c5e7c90ae93b"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
content-length: 2
x-amz-cf-id: gH-sNtYZMyp4Ismm8yHIe8m9fyXMEbTB7m_UQsn7nDlfaWq0rAB1zA==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
51 KB 79ms
59ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2661896136775218

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a827fb352bc7067faa4ea7cd9530d0ffd7eb1a97cd28f5008054f5da07135800

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ua.nesrakonk.ru/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51697
x-xss-protection: 0
server: cafe
etag: 8319440072943807919
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 04:33:50 GMT

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 37ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,cyrillic-ext

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7de48a1559f0ab973cee3ee26a794d5931aa9d7d7887290bfe13436cf7f3f5af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 04:33:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 18 Dec 2023 04:33:50 GMT

GET
H2 403 style.min.css
ua.nesrakonk.ru/wp-includes/css/dist/block-library/ 0
0 17ms
16ms Stylesheet
text/html 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ua.nesrakonk.ru/wp-includes/css/dist/block-library/style.min.css?ver=5.7.4

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: br
referrer-policy: same-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PKhP8OdKsU5at3qLqFLhhu17a3s3Cd7fPWquRiKpO%2F7uhGxbqI%2Fi7FYrAlt8iYOWgpvkTke42sY91DrhR1%2Bby%2FmmQHiAEZociEQWR89C9wq0Bfn0INikHivqQ83iqeP%2BkHYFICVhfDIGBoGnu%2Bk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8374b0a29ce9b764-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 main.min.css
ua.nesrakonk.ru/wp-content/themes/hueman/assets/front/css/ 92 KB
19 KB 22ms
22ms Stylesheet
text/css 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ua.nesrakonk.ru/wp-content/themes/hueman/assets/front/css/main.min.css?ver=3.7.16
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 722bca0f91daf3eaed212ada19ad6809a179bd9d576051ada272c6098ae1c37d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Dec 2021 04:35:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 93399
etag: W/"17182-61c159a6-22a36b5;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bTDCG8aQN46fhrEFNfDmKG%2FyNwhq7J2Au3Egs%2BlbteNWFBLnogIhlGGqe1aR2H0NsJbWnUXEwpfpggrE2XAW61t4Pp2bMzd5uSs%2BWVGHTzK8J0QtDv1C1ZymXMVzbRc2WrtLs4ibMqPSb3MRl5M%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 8374b0a29cebb764-AMS
alt-svc: h3=":443"; ma=86400
expires: Sun, 24 Dec 2023 02:37:11 GMT

GET
H2 200 font-awesome.min.css
ua.nesrakonk.ru/wp-content/themes/hueman/assets/front/css/ 58 KB
13 KB 25ms
24ms Stylesheet
text/css 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ua.nesrakonk.ru/wp-content/themes/hueman/assets/front/css/font-awesome.min.css?ver=3.7.16
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c76cae4aabc1d4236da2fecf8fcae818a2cf95406446774ccf9db5ca14d4b59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 10 Oct 2021 07:01:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 93399
etag: W/"e877-61628fc5-22a36b7;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KNVwCQgWXTnICwjCqQdfokCvwEo4unAdpHGPwSt6gQI2QK6gj7NNwnk7pjWHyysdOG1diEv1oiEfM0d56MP2wztUwpCmHtbVI%2BdR%2FU26tG8CciMV9FM6Uo%2BFGXAlGJFG67u8xvZDdRvR64mjs64%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 8374b0a29cecb764-AMS
alt-svc: h3=":443"; ma=86400
expires: Sun, 24 Dec 2023 02:37:11 GMT

GET
H2 200 jquery.min.js Show response
ua.nesrakonk.ru/wp-includes/js/jquery/ 87 KB
32 KB 26ms
26ms Script
application/x-javascript 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ua.nesrakonk.ru/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:12:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 93399
etag: W/"15d98-615eabdd-22604db;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FnArlkX3%2B7ERibzRrYehEOyUUyWxoncH1hs%2BhV0fmCs6LN%2BX5bJU5zES6TYt2vSjM9jEyACBqRLGjhqEVzrsWWj%2Fbjb0Y7Za7w0wa1Zvp71FwX5Td7XXFLyDu%2B9dhj7S0GjrD382JHfF1HB2V1k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 8374b0a29cedb764-AMS
alt-svc: h3=":443"; ma=86400
expires: Sun, 24 Dec 2023 02:37:11 GMT

GET
H3 200 jquery-migrate.min.js Show response
ua.nesrakonk.ru/wp-includes/js/jquery/ 11 KB
5 KB 25ms
25ms Script
application/x-javascript 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ua.nesrakonk.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:12:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 176172
etag: W/"2bd8-615eabdd-22604d6;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j7RMH4iAfsWLjBueUJnbXc13eEQ0m4CsCqlKOqjCpVS3tlVdla5peSFSp4oOlygbsUPwuoBXS4%2BYx7lvz2u2pPKX1B6rXo1fjUFOf00w9%2FDN0nlecSFaqGRpsvtZO3oXTcXdFx%2BCdBspt0T9Ilc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 8374b0a2ddbe229a-CDG
alt-svc: h3=":443"; ma=86400
expires: Sat, 23 Dec 2023 03:37:38 GMT

GET
H3 200 fa-brands-400.woff2
ua.nesrakonk.ru/wp-content/themes/hueman/assets/front/webfonts/ 77 KB
77 KB 39ms
38ms Font
font/woff2 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ua.nesrakonk.ru/wp-content/themes/hueman/assets/front/webfonts/fa-brands-400.woff2?v=5.15.2
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 529d0a7b3944929222155bca3272ba1a87acc2faa09b2ed26a713872b7ff8794

Request headers

Referer: https://ua.nesrakonk.ru/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 176172
alt-svc: h3=":443"; ma=86400
content-length: 78472
last-modified: Sun, 10 Oct 2021 07:01:25 GMT
server: cloudflare
etag: "13288-61628fc5-22a3674;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=scR5IVH2MP4x8V%2FgDrryiJ%2FVtcGj5xRdGHYxWF58oOFYWfM1MHD9%2BhbvMUDjEPWqn99xK4qbetdt%2B0jav5JyvOaYZ4Z82nbAi8fNGf1Vb1rEbb%2FUzk6BAxrFyfVu8kXj6wYUpw6foY3eqveyuX0%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8374b0a2ddbf229a-CDG
expires: Sat, 23 Dec 2023 03:37:38 GMT

GET
H3 200 fa-regular-400.woff2
ua.nesrakonk.ru/wp-content/themes/hueman/assets/front/webfonts/ 13 KB
14 KB 23ms
22ms Font
font/woff2 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ua.nesrakonk.ru/wp-content/themes/hueman/assets/front/webfonts/fa-regular-400.woff2?v=5.15.2
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61

Request headers

Referer: https://ua.nesrakonk.ru/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 176172
alt-svc: h3=":443"; ma=86400
content-length: 13588
last-modified: Sun, 10 Oct 2021 07:01:25 GMT
server: cloudflare
etag: "3514-61628fc5-22a367d;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rA8R7NdKEluKonPVaV%2FRer1MZTFSqaOu38wLHDt1FFp4f6j2OE88pd8aY3yysBF3JBBG700RdJsRU6R4HHPgfdS0YSsFR99DsKipGKv2u30HvlhPMfqIYxx%2Bgg0tm1KhiPEEk0Aoa%2BzzovzqoOk%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8374b0a2ddc0229a-CDG
expires: Sat, 23 Dec 2023 03:37:38 GMT

GET
H3 200 fa-solid-900.woff2
ua.nesrakonk.ru/wp-content/themes/hueman/assets/front/webfonts/ 78 KB
79 KB 69ms
68ms Font
font/woff2 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ua.nesrakonk.ru/wp-content/themes/hueman/assets/front/webfonts/fa-solid-900.woff2?v=5.15.2
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2

Request headers

Referer: https://ua.nesrakonk.ru/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 176172
alt-svc: h3=":443"; ma=86400
content-length: 80252
last-modified: Sun, 10 Oct 2021 07:01:25 GMT
server: cloudflare
etag: "1397c-61628fc5-22a3677;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZeuWmbO844yat6nOQuH552wdMBzlm9deXypxEFg9jeqWYOTq6jc9EfznWVILlD8eBQYZKB7%2BkebHSpRo50%2BVMw%2B1VHTwio4Vjjr9UyLlITsL5hTC%2FKNCE7ryqM%2Fg7KvqZBuVT%2BTfsZcg%2BTmX6Uc%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8374b0a2ddc1229a-CDG
expires: Sat, 23 Dec 2023 03:37:38 GMT

GET
H2 200 context.js Show response
yandex.ru/ads/system/ 345 KB
98 KB 178ms
69ms Script
text/javascript 2a02:6b8:a::a
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/system/context.js

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

c506a206318a086c6d24975293e94fb9a3adff3055c99327eebacbc8224d6209

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1702874030703087-14700754615458130166-balancer-l7leveler-kubr-yp-sas-14-BAL-1699
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 18 Dec 2023 05:33:50 GMT

GET
H3 200 wp-emoji-release.min.js Show response
ua.nesrakonk.ru/wp-includes/js/ 14 KB
5 KB 41ms
40ms Script
application/x-javascript 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ua.nesrakonk.ru/wp-includes/js/wp-emoji-release.min.js?ver=5.7.4
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:12:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 175716
etag: W/"3795-615eabdd-2260383;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zCf%2FhHllCWOvLjT%2BVakyHbDxZcjHzfPFU4W8MJ8WYVigUbfhNCXgXp0kUKSA2GjwLW2FvKMgziMnEu3a4mbYbDDWjITA7Q8Denk2NMEH8j3o6pQmLIJg4o%2F%2FtZLbZBuFAP%2BfLPl5pxMa5a6KmTE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 8374b0a31de7229a-CDG
alt-svc: h3=":443"; ma=86400
expires: Sat, 23 Dec 2023 03:45:14 GMT

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 202 KB
70 KB 224ms
120ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

9b2c36195d8149926940ce2d9ed3b6c4e4390464224b8f4733cf096cc4494e74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Tue, 12 Dec 2023 08:38:02 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65781bea-1158c"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 71052
expires: Mon, 18 Dec 2023 05:33:50 GMT

GET
H2 200 code.js Show response
top-fwz1.mail.ru/js/ 44 KB
19 KB 324ms
46ms Script
application/javascript 95.163.52.67
VK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://top-fwz1.mail.ru/js/code.js

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

797d36c5083f2539d2db1a563ebfa9e7a0a81f33fbb5216a64b4ad0bb6b60fd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
amp-access-control-allow-source-origin: *
last-modified: Tue, 12 Dec 2023 14:12:54 GMT
server: nginx
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
etag: W/"65786a66-af43"
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
accept-ch-lifetime: 86400
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: max-age=3600, private
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: *
expires: Mon, 18 Dec 2023 05:33:50 GMT

GET
H2

200

sspmatch-js Show response
ads.betweendigital.com/
Redirect Chain

https://ads.betweendigital.com/sspmatch-js?p=42565&randsalt=8078080575
https://ads.betweendigital.com/sspmatch-js?p=42565&randsalt=8078080575&crf=1&rts=1160685750885572132

1 KB
1 KB

15ms
15ms

Script
text/javascript

188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/sspmatch-js?p=42565&randsalt=8078080575&crf=1&rts=1160685750885572132
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H2
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: d2de3fe95801bb0c9073e98273a4d26bff3791de90f5c31207f2e3154afc8287

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 1058
content-type: text/javascript

Redirect headers

location: /sspmatch-js?p=42565&randsalt=8078080575&crf=1&rts=1160685750885572132
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H2 200 4iCv6KVjbNBYlgoCxCvjsGyN.woff2
fonts.gstatic.com/s/ubuntu/v20/ 29 KB
30 KB 28ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,cyrillic-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 17:45:55 GMT
x-content-type-options: nosniff
age: 211675
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29752
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:05:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Dec 2024 17:45:55 GMT

GET
H2 200 4iCv6KVjbNBYlgoC1CzjsGyN.woff2
fonts.gstatic.com/s/ubuntu/v20/ 38 KB
38 KB 33ms
13ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoC1CzjsGyN.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,cyrillic-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5515c53111bb4a4f45aff63d06df893ae9033dc85e82cc2ef27fc099a4d7609

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 21:34:51 GMT
x-content-type-options: nosniff
age: 543539
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38752
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:04:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 10 Dec 2024 21:34:51 GMT

GET
H2 200 top100.js Show response
st.top100.ru/top100/ 118 KB
38 KB 210ms
50ms Script
application/javascript 81.19.89.18
RAMBLER-TELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://st.top100.ru/top100/top100.js
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 81.19.89.18 , Russian Federation, ASN24638 (RAMBLER-TELECOM-AS, RU),
Reverse DNS: kraken.rambler.ru
Software: nginx /
Resource Hash: 5b1396003e2821c437960323ef4c4716ef2df0e2c6c4ed73272458db8304091d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: gzip
last-modified: Fri, 15 Dec 2023 13:58:32 GMT
server: nginx
x-amz-request-id: tx000000000000142d94fe1-00657fcaa4-783970ff-default
etag: W/"6442501dd7791df09c2f40d696ea2a7a"
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
x-rgw-object-type: Normal
cache-control: max-age=3600
expires: Mon, 18 Dec 2023 05:33:50 GMT

GET
H2 200 4iCs6KVjbNBYlgoKew72j00.woff2
fonts.gstatic.com/s/ubuntu/v20/ 20 KB
20 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKew72j00.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,cyrillic-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1400c92345dcd9dbf746acab2c60e8580aa959473e9e56c8772cadcf7734b76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 23:20:17 GMT
x-content-type-options: nosniff
age: 537213
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20860
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:15:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 10 Dec 2024 23:20:17 GMT

GET
H2 200 4iCs6KVjbNBYlgoKfw72.woff2
fonts.gstatic.com/s/ubuntu/v20/ 34 KB
34 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,cyrillic-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 19:39:36 GMT
x-content-type-options: nosniff
age: 204854
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34852
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Dec 2024 19:39:36 GMT

GET
H2 200 4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2
fonts.gstatic.com/s/ubuntu/v20/ 18 KB
18 KB 11ms
11ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,cyrillic-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caeaf02fa4a8a45438c270767c4e50fc7f3ed5f94a4c90984eaacb87c2e8a693

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:54:17 GMT
x-content-type-options: nosniff
age: 502773
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18200
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:10:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 08:54:17 GMT

GET
H2 200 4iCv6KVjbNBYlgoC1CzjtGyNL4U.woff2
fonts.gstatic.com/s/ubuntu/v20/ 21 KB
21 KB 11ms
11ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoC1CzjtGyNL4U.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,cyrillic-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92ca60a1917b9ebb08ee7ddf0860b217985b8468acf0de9ed41d90c3f5dda926

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 07:20:58 GMT
x-content-type-options: nosniff
age: 508372
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21128
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:04:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 07:20:58 GMT

GET
H2 200 sync Show response
vid.vidoomy.com/ Frame 5679 49 KB
19 KB 100ms
11ms Document
text/html 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.vidoomy.com/sync?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fads.betweendigital.com%2Fmatch%3Fbidder_id%3D261%26external_user_id%3D{{VID}}
Requested by: Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-js?p=42565&randsalt=8078080575
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4cd9d7fe6bef9e82616b20d2c4a7a9842652ed469b704922e4c682f209754768

Request headers

Referer: https://ua.nesrakonk.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-encoding: gzip
content-type: text/html
date: Mon, 18 Dec 2023 04:33:50 GMT
etag: W/"64abbb76-c2af"
last-modified: Mon, 10 Jul 2023 08:04:06 GMT
server: CDN77-Turbo
vary: Accept-Encoding
x-77-age: 414870
x-77-cache: HIT
x-77-nzt: EgwBnJIhiwH3jzsGAAwB1GY4EQH3BxkAAA
x-77-nzt-ray: cf878727af6476aaaecb7f659e07352c
x-77-pop: frankfurtDE
x-accel-date: 1702465567
x-accel-expires: @1703495960
x-age-lb: 408463
x-cache-lb: HIT

GET
H2 200 bidder_18.html Show response
cache.betweendigital.com/code/ Frame 1415 4 KB
1 KB 742ms
6ms Document
text/html 151.236.118.146
CDNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=fdcb8495-a194-5260-9976-fd8ffc093621&CACHEBUSTER=2466
Requested by: Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-js?p=42565&randsalt=8078080575
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 151.236.118.146 Moscow, Russian Federation, ASN204720 (CDNETWORKS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 0771c19c407aac665a7b2c8eecf0709b0990dfd62358a4dc9f373fbf56404878

Request headers

Referer: https://ua.nesrakonk.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Mon, 18 Dec 2023 04:33:51 GMT
etag: W/"638623e5-e7e"
last-modified: Tue, 29 Nov 2022 15:23:17 GMT
server: nginx
x-cdn-edge-cache: HIT
x-cdn-edge-id: 310
x-cdn-request-id: 5a2b088bcbf9948fbe7422d0399d3a4a

GET
H2 200 sync
x.bidswitch.net/ 43 B
146 B 46ms
7ms Image
image/gif 18.192.88.240
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=between
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.192.88.240 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-88-240.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2

200

match
ads.betweendigital.com/
Redirect Chain

https://ads.adlook.me/csync?pid=btw&uid=fdcb8495-a194-5260-9976-fd8ffc093621&url=https%3A%2F%2Fads.betweendigital.com%2Fmatch%3Fbidder_id%3D128%26external_user_id%3D%7BuserId%7D
https://ads.betweendigital.com/match?bidder_id=128&external_user_id=8ee1bdafebf54e8f9714e9cc1b839876

68 B
598 B

16ms
15ms

Image
image/png

188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.betweendigital.com/match?bidder_id=128&external_user_id=8ee1bdafebf54e8f9714e9cc1b839876
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H2
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

Redirect headers

location: https://ads.betweendigital.com/match?bidder_id=128&external_user_id=8ee1bdafebf54e8f9714e9cc1b839876
date: Mon, 18 Dec 2023 04:33:50 GMT
server: Microsoft-IIS/10.0

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58665/ 0
125 B 82ms
8ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58665/occ?gdpr=0&gdpr_consent=

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.94 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 399 KB
135 KB 83ms
68ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2661896136775218&plah=ua.nesrakonk.ru

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2661896136775218

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b32f9abc380fdde9a12ec52a80249e09fa6cb380f81d7982ce882549dac1f93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137961
x-xss-protection: 0
server: cafe
etag: 7486523718616120767
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 04:33:50 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/ Frame 470B 9 KB
4 KB 27ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2661896136775218

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ua.nesrakonk.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 18897
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 17 Dec 2023 23:18:53 GMT
etag: 5585625838579639069
expires: Sun, 31 Dec 2023 23:18:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 urlsvid.json Show response
vpaid.vidoomy.com/sync/ Frame 5679 1 KB
860 B 82ms
6ms XHR
application/json 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.vidoomy.com/sync/urlsvid.json
Requested by: Host: vid.vidoomy.com
URL: https://vid.vidoomy.com/sync?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fads.betweendigital.com%2Fmatch%3Fbidder_id%3D261%26external_user_id%3D{{VID}}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b05155416aa1689236072fb1338ceaefc9809a849bda6588965f5979e8a01aa8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vid.vidoomy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: gzip
x-age-lb: 419317
x-77-cache: HIT
x-accel-date: 1702454713
x-77-nzt: EQwBw7WvDgH39WUGAA
x-accel-expires: @1703415035
x-77-age: 419317
x-cache-lb: HIT
last-modified: Mon, 10 Jul 2023 08:02:46 GMT
server: CDN77-Turbo
etag: W/"64abbb26-479"
x-77-nzt-ray: 90833930ad3375e1aecb7f6511967933
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://vid.vidoomy.com
access-control-allow-credentials: true

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10220.cgLlCn5ouGvX8qqjcmKSS5I_quhlhhgZ0DJd1tiprL0acT5ixVq7nABUHzGzNyYJ.7OiK1yAYK8vc_YdDUHM1toyvj4g%2C
https://mc.yandex.com/sync_cookie_image_decide?token=10220.Zyo5MRudyUkyGWRdx-imdQ-NqMvVlmJMRel-HzPBavAv_YSNDtTBHme-gpVNMgmZCTrQsA-HVhK2vCb_V7UcuDS0KlYaEW0JMTs1Q-Pdd3MC1DubmYRFxViqIlYp4Uvux3jr0koccu...

43 B
516 B

53ms
53ms

Image
image/gif

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=10220.Zyo5MRudyUkyGWRdx-imdQ-NqMvVlmJMRel-HzPBavAv_YSNDtTBHme-gpVNMgmZCTrQsA-HVhK2vCb_V7UcuDS0KlYaEW0JMTs1Q-Pdd3MC1DubmYRFxViqIlYp4Uvux3jr0koccuifNXAzY4Xq32513vclHeO9qNzmRzfD-mihtBR8yQcpntA8Kk21BrgOmXWX0OLKu1DYBhf3f7IB0y1CcZwL0-JnOA2jDoEy1lU%2C.G8NYvisi-xRFzj6I5zuudnA-zXA%2C

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=10220.Zyo5MRudyUkyGWRdx-imdQ-NqMvVlmJMRel-HzPBavAv_YSNDtTBHme-gpVNMgmZCTrQsA-HVhK2vCb_V7UcuDS0KlYaEW0JMTs1Q-Pdd3MC1DubmYRFxViqIlYp4Uvux3jr0koccuifNXAzY4Xq32513vclHeO9qNzmRzfD-mihtBR8yQcpntA8Kk21BrgOmXWX0OLKu1DYBhf3f7IB0y1CcZwL0-JnOA2jDoEy1lU%2C.G8NYvisi-xRFzj6I5zuudnA-zXA%2C
date: Mon, 18 Dec 2023 04:33:50 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CCFF 302 KB
73 KB 300ms
299ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&adk=1812271804&adf=3025194257&lmt=1702874030&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874030679&bpp=4&bdt=190&idt=191&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8318130936125&frm=20&pv=2&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=207

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2661896136775218&plah=ua.nesrakonk.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f5a7c611179a596beb5fa96104328c345f332080d431810c0e8ab9464dc31046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ua.nesrakonk.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 74248
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 04:33:51 GMT
expires: Mon, 18 Dec 2023 04:33:51 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame DCD6 16 KB
6 KB 34ms
7ms Document
text/html 23.32.184.192
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156498&gdpr=0&gdpr_consent=&userIdMacro=(PM_UID)&predirect=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fpbscookie%3Fuid%3D%28PM_UID%29%26vid%3D6f36ee19082ae311fe188bedefaa0549%26dspid%3Dpubmatic
Requested by: Host: vid.vidoomy.com
URL: https://vid.vidoomy.com/sync?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fads.betweendigital.com%2Fmatch%3Fbidder_id%3D261%26external_user_id%3D{{VID}}
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.184.192 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-184-192.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer: https://vid.vidoomy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=134497
content-encoding: gzip
content-length: 5622
content-type: text/html
date: Mon, 18 Dec 2023 04:33:50 GMT
expires: Tue, 19 Dec 2023 17:55:27 GMT
last-modified: Thu, 16 Nov 2023 09:11:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 5679 0
239 B 44ms
8ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-vidoomy&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vid.vidoomy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: bcdac959321a8cf7d38f9eb638bfa14f
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

sync
x.bidswitch.net/ Frame 5679
Redirect Chain

https://x.bidswitch.net/sync?ssp=vidoomy&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy&gdpr=0&gdpr_consent=
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=vidoomy&ssp_user_id=34169302-541b-4de4-a44e-03746331a36d&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=74&&user_id=y-bEpRKPNE2pkE0shItqXeUv4PIKT_f6j8aDyXOw--~A&expires=5&ssp=vidoomy

43 B
145 B

7ms
7ms

Image
image/gif

18.192.88.240
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=74&&user_id=y-bEpRKPNE2pkE0shItqXeUv4PIKT_f6j8aDyXOw--~A&expires=5&ssp=vidoomy
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H2
Server: 18.192.88.240 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-88-240.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vid.vidoomy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://x.bidswitch.net/sync?dsp_id=74&&user_id=y-bEpRKPNE2pkE0shItqXeUv4PIKT_f6j8aDyXOw--~A&expires=5&ssp=vidoomy
content-length: 0

GET
H2 200 3fdf806dd8bb727f2873.js Show response
yastatic.net/partner-code-bundles/929136/ 14 KB
5 KB 234ms
135ms Script
text/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/929136/3fdf806dd8bb727f2873.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

0d0833439c6f3bb996b79245fadefb40401d206b6bcc70a57150fb1348d1691e

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://ua.nesrakonk.ru/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:08:05 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 4771
last-modified: Thu, 14 Dec 2023 17:08:21 GMT
etag: "da9dcbd562f4ebec86300653fa21e901"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Wed, 17 Dec 2053 11:09:51 GMT

GET
H2 200 5b36b7a883c6014be3af.js Show response
yastatic.net/partner-code-bundles/929136/ 24 KB
8 KB 236ms
138ms Script
text/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/929136/5b36b7a883c6014be3af.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

b63a60040f349e0cef67c793f9c50d548a23a9c64e796aa81427652568990c7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://ua.nesrakonk.ru/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 03:38:05 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 7947
last-modified: Thu, 14 Dec 2023 17:08:21 GMT
etag: "1ec490c3aa5f6d7449860e2acd28f8f6"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Wed, 17 Dec 2053 11:09:51 GMT

GET
H2 200 01da932a6544247afbfe.js Show response
yastatic.net/partner-code-bundles/929136/ 118 KB
24 KB 237ms
139ms Script
text/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/929136/01da932a6544247afbfe.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

a46fcae966b995c77b103434a77440a3deb3d41a688f549e04a41fcc64e05c3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://ua.nesrakonk.ru/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 03:38:05 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 24643
last-modified: Thu, 14 Dec 2023 17:08:20 GMT
etag: "f732c1d02b7b4c006aa0405a406815fb"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Wed, 17 Dec 2053 11:09:51 GMT

GET
H2 200 host.js Show response
yastatic.net/safeframe-bundles/0.83/ 33 KB
9 KB 235ms
137ms Script
text/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/safeframe-bundles/0.83/host.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://ua.nesrakonk.ru/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 03:38:05 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 8878
last-modified: Wed, 03 Nov 2021 13:42:58 GMT
etag: "f80882bf67cf261aa08d636da095149a"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Wed, 17 Dec 2053 11:09:51 GMT

GET
H2 200 text-variable-full.woff2
yastatic.net/s3/home/fonts/ys/3/ 25 KB
26 KB 187ms
90ms Font
font/woff2 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/s3/home/fonts/ys/3/text-variable-full.woff2

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://ua.nesrakonk.ru/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:28:05 GMT
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 26004
x-amz-meta-owner: {"role":"admin","login":"4eb0da"}
last-modified: Mon, 25 Apr 2022 14:02:39 GMT
etag: "7f0cdaf91230f9789ca4162aedff612e"
vary: Accept-Encoding
x-nginx-request-id: 9a1dd430db48c72a
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
access-control-allow-origin: *
content-type: font/woff2
cache-control: public, max-age=31556952
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Dec 2024 10:23:03 GMT

GET
H2 200 0956b39becd09af409d0.js Show response
yastatic.net/partner-code-bundles/929136/ 59 KB
15 KB 229ms
134ms Script
text/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/929136/0956b39becd09af409d0.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

aecd415b61d0a3a5185ec7b1cc96669a2b78d1b387028c5dd2f5f74f36b644c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://ua.nesrakonk.ru/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:08:05 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 14815
last-modified: Thu, 14 Dec 2023 17:08:20 GMT
etag: "ef6429bb523b34ae49fc2513e146eff4"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Wed, 17 Dec 2053 11:09:51 GMT

GET
H2 200 0961f191dc5246a58cbc.js Show response
yastatic.net/partner-code-bundles/929136/ 599 KB
115 KB 162ms
162ms Script
text/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/929136/0961f191dc5246a58cbc.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

90c8fd0a3a257ad6caff905820723d243ede8cd3d6d5fcacd94ba9ad504f3226

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://ua.nesrakonk.ru/
Origin: https://ua.nesrakonk.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 03:38:05 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 117617
last-modified: Thu, 14 Dec 2023 17:08:20 GMT
etag: "c483270691f5b59ce9d46e56101911da"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Wed, 17 Dec 2053 11:09:51 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame DCD6 0
42 B 53ms
12ms Script
text/plain 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=87381255&p=156498&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156498&gdpr=0&gdpr_consent=&userIdMacro=(PM_UID)&predirect=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fpbscookie%3Fuid%3D%28PM_UID%29%26vid%3D6f36ee19082ae311fe188bedefaa0549%26dspid%3Dpubmatic
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
content-length: 0

GET
H2 200 userip Show response
kraken.rambler.ru/ 14 B
466 B 328ms
51ms XHR
text/plain 81.19.89.17
RAMBLER-TELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://kraken.rambler.ru/userip
Requested by: Host: st.top100.ru
URL: https://st.top100.ru/top100/top100.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.89.17 , Russian Federation, ASN24638 (RAMBLER-TELECOM-AS, RU),
Reverse DNS: kraken.rambler.ru
Software: nginx /
Resource Hash: 48e6339feb0998f1c1959c3c03d7f4599ed2ee4289918743110fc14b3ac84aba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: nginx
x-srv: 1kraken-prod0002.ad.rambler.tech
content-type: application/octet-stream, text/plain
access-control-allow-origin: https://ua.nesrakonk.ru
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
cache-control: no-store,no-cache,must-revalidate
content-length: 14

GET
H2 200 usability.js Show response
st.top100.ru/top100/3.15.1/ 14 KB
4 KB 51ms
51ms Script
application/javascript 81.19.89.18
RAMBLER-TELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://st.top100.ru/top100/3.15.1/usability.js
Requested by: Host: st.top100.ru
URL: https://st.top100.ru/top100/top100.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 81.19.89.18 , Russian Federation, ASN24638 (RAMBLER-TELECOM-AS, RU),
Reverse DNS: kraken.rambler.ru
Software: nginx /
Resource Hash: 459f57f8684b82b40fa355c994b814070aca457eca4c0f57de23b3e4ae561d3e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
content-encoding: gzip
last-modified: Fri, 15 Dec 2023 13:58:32 GMT
server: nginx
x-amz-request-id: tx000000000000142d7fb4b-00657fc9ad-783970ff-default
etag: W/"cc308e833416ed1d082bcacee73fdd9e"
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
x-rgw-object-type: Normal
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 counter
top-fwz1.mail.ru/ 43 B
962 B 55ms
55ms Image
image/gif 95.163.52.67
VK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://top-fwz1.mail.ru/counter?_=0.17948899573975607;id=3230435;u=https%3A//ua.nesrakonk.ru/;title=%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D0%B0%20%D0%B5%D0%BD%D1%86%D0%B8%D0%BA%D0%BB%D0%BE%D0%BF%D0%B5%D0%B4%D1%96%D1%8F%20%E2%80%93%20%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D1%96%20%D0%BF%D0%BE%D0%BD%D1%8F%D1%82%D1%82%D1%8F%20%D1%96%20%D1%82%D0%B5%D1%80%D0%BC%D1%96%D0%BD%D0%B8;s=1600*1200;vp=1600*1200;touch=0;hds=1;sid=3cd1a4cb1067b838;ver=60.3.0;tz=-60%2FEurope%2FBerlin;ct=1006/1014/1014/;gl=u;ni=10//4g/0/0/;lvid=1702874030983%3A1702874030984%3A1%3Af8a52387c317805a22171a5b78a4f42c;opts=jst-ym;visible=true;js=13

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length: 43
pragma: no-cache
amp-access-control-allow-source-origin: *
server: nginx
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: image/gif
access-control-allow-origin: *
accept-ch-lifetime: 86400
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: private, no-cache, no-store, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: *

GET
H3 200 underscore.min.js Show response
ua.nesrakonk.ru/wp-includes/js/ 16 KB
6 KB 25ms
24ms Script
application/x-javascript 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ua.nesrakonk.ru/wp-includes/js/underscore.min.js?ver=1.8.3
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:12:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 311460
etag: W/"3ead-615eabdd-2260360;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vaQfoxEWb3M2yaQN5bhtw6uucNo6a4%2Fwni%2F1lPtAj2nPoltQal7kqWJxKUJFSfac3xCPGbtRY7fOPUVAqiTalFyzQKB5dIaDjjyjZInnavG%2FxlR4IWFiIJR5gw9x55I1P39MO7KVO32onBb2dQY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 8374b0a5bf47229a-CDG
alt-svc: h3=":443"; ma=86400
expires: Thu, 21 Dec 2023 14:02:51 GMT

GET
H3 200 scripts.min.js Show response
ua.nesrakonk.ru/wp-content/themes/hueman/assets/front/js/ 76 KB
22 KB 28ms
28ms Script
application/x-javascript 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ua.nesrakonk.ru/wp-content/themes/hueman/assets/front/js/scripts.min.js?ver=3.7.16
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32786d444e9857efb3f20c41c2b06bb1c814b0ccf3de31d83bec30c8b3fa96d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 10 Oct 2021 07:01:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 311460
etag: W/"12e40-61628fc5-22a36ac;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v5bTuJfiBuXGKKCqfbXcWiFwKJV65RyLxFi8ijTcylpQLbPZ7fPJqJI7OMZsst6yVUQ%2Bl7OGTFHDfkkFZS4v%2Fe%2FG0aYc6qPS38K8FOLG3V9pbo5PeyBt9eG8hwMK2tBsgxsd%2BBMo7ru0oG5V6Z4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 8374b0a5bf4b229a-CDG
alt-svc: h3=":443"; ma=86400
expires: Thu, 21 Dec 2023 14:02:51 GMT

GET
H3 200 wp-embed.min.js Show response
ua.nesrakonk.ru/wp-includes/js/ 1 KB
1 KB 23ms
22ms Script
application/x-javascript 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ua.nesrakonk.ru/wp-includes/js/wp-embed.min.js?ver=5.7.4
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:12:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 311460
etag: W/"592-615eabdd-2260477;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cN0rzHGf%2FgPlp180pIJkJ9iW2HpD4wVSfUJhJDfIYdpoo8rd9iMRH5%2FIaU06OPDzRXiLR7toWmRv65%2Fx9O2F7bhLZ7uN4HjLDdEON2STEdDSG5%2BRZEuIGENCs8HS%2B%2B%2FmQx4IxvW%2BDNUEVUrNtV8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 8374b0a5bf4c229a-CDG
alt-svc: h3=":443"; ma=86400
expires: Thu, 21 Dec 2023 14:02:51 GMT

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
564 B 102ms
102ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 12 Dec 2023 08:38:02 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65781bea-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Mon, 18 Dec 2023 05:33:51 GMT

GET
H2 200 dyn-goal-config.js Show response
top-fwz1.mail.ru/js/ 2 KB
2 KB 47ms
47ms Script
application/javascript 95.163.52.67
VK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://top-fwz1.mail.ru/js/dyn-goal-config.js?ids=3230435

Requested by

Host: top-fwz1.mail.ru
URL: https://top-fwz1.mail.ru/js/code.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

489b36c66d89d768b386541c192b3e8e00f5f562236f2e89834fe8269a6e2797

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
amp-access-control-allow-source-origin: *
server: nginx
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
accept-ch-lifetime: 86400
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: max-age=600, private
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: *
expires: Mon, 18 Dec 2023 04:43:51 GMT

GET
H3

200

main.js Show response
ua.nesrakonk.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/ Frame 56D8
Redirect Chain

https://ua.nesrakonk.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://ua.nesrakonk.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

7 KB
4 KB

21ms
21ms

Script
application/javascript

2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ua.nesrakonk.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Server

2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a97189914589a4acbf25bab8eefeb250b03e736c61108dde73c1bbfddf010e15

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vGQ0ceXvCu0cgyCuM2I7yDzsB9iOcRezJtepVEqt8NXDTrLe7P2iwAVNEkJ3btgP%2FXnX3z2Q8i2ibc1alK2BJf1v2DwKvl%2FDOxZrTm9Wui2%2B3b0MxPwjwSRmqFWzFJlFAh%2BucoYv1%2FyZINNYtYM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 8374b0a61f85229a-CDG
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Mon, 18 Dec 2023 04:33:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=800q64vUkPSMNUfKscg%2FhMdUq7rcUc2gpdZa3PCtAPS1FxQ9w594DtWGPCyCqT7X9iLkkZYNXS8NaQ7AFqMzkkMlKc8J536eP9nCC5AdX%2FiWc7ZAukIyZTaPIh3s7tLRT3Y0%2F0VDIwfHJahkOg8%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
cache-control: max-age=300, public
cf-ray: 8374b0a5ff6c229a-CDG
alt-svc: h3=":443"; ma=86400

GET
H2

200

1 Show response
mc.yandex.com/watch/56818315/
Redirect Chain

https://mc.yandex.com/watch/56818315?wmode=7&page-url=https%3A%2F%2Fua.nesrakonk.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3bfl5e3f8ptrmgtp6nxhmpy3%3Afp%3A688%3Afu%3A0%3Aen%3Aut...
https://mc.yandex.com/watch/56818315/1?wmode=7&page-url=https%3A%2F%2Fua.nesrakonk.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3bfl5e3f8ptrmgtp6nxhmpy3%3Afp%3A688%3Afu%3A0%3Aen%3A...

439 B
573 B

56ms
55ms

Fetch
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/56818315/1?wmode=7&page-url=https%3A%2F%2Fua.nesrakonk.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3bfl5e3f8ptrmgtp6nxhmpy3%3Afp%3A688%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A1%3Adp%3A0%3Als%3A1257658286586%3Ahid%3A282768033%3Az%3A60%3Ai%3A20231218053350%3Aet%3A1702874031%3Ac%3A1%3Arn%3A627676723%3Arqn%3A1%3Au%3A170287403165226735%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C31%2C418%2C%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1702874029969%3Arqnl%3A1%3Ast%3A1702874031%3At%3A%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D0%B0%20%D0%B5%D0%BD%D1%86%D0%B8%D0%BA%D0%BB%D0%BE%D0%BF%D0%B5%D0%B4%D1%96%D1%8F%20%E2%80%93%20%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D1%96%20%D0%BF%D0%BE%D0%BD%D1%8F%D1%82%D1%82%D1%8F%20%D1%96%20%D1%82%D0%B5%D1%80%D0%BC%D1%96%D0%BD%D0%B8&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

28ebf8d90681ffb0772db5737813b1caf68b7e47a50da0ec9a9b26b9db5d117d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Mon, 18-Dec-2023 04:33:51 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://ua.nesrakonk.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 439
x-xss-protection: 1; mode=block
expires: Mon, 18-Dec-2023 04:33:51 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 18-Dec-2023 04:33:51 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/56818315/1?wmode=7&page-url=https%3A%2F%2Fua.nesrakonk.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3bfl5e3f8ptrmgtp6nxhmpy3%3Afp%3A688%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A1%3Adp%3A0%3Als%3A1257658286586%3Ahid%3A282768033%3Az%3A60%3Ai%3A20231218053350%3Aet%3A1702874031%3Ac%3A1%3Arn%3A627676723%3Arqn%3A1%3Au%3A170287403165226735%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C31%2C418%2C%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1702874029969%3Arqnl%3A1%3Ast%3A1702874031%3At%3A%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D0%B0%20%D0%B5%D0%BD%D1%86%D0%B8%D0%BA%D0%BB%D0%BE%D0%BF%D0%B5%D0%B4%D1%96%D1%8F%20%E2%80%93%20%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D1%96%20%D0%BF%D0%BE%D0%BD%D1%8F%D1%82%D1%82%D1%8F%20%D1%96%20%D1%82%D0%B5%D1%80%D0%BC%D1%96%D0%BD%D0%B8&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29
access-control-allow-origin: https://ua.nesrakonk.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Mon, 18-Dec-2023 04:33:51 GMT

POST
H3 200 8374b09ffb90b764 Show response
ua.nesrakonk.ru/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 56D8 0
556 B 38ms
38ms XHR
text/plain 2606:4700:3030::6815:2e4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ua.nesrakonk.ru/cdn-cgi/challenge-platform/h/g/jsd/r/8374b09ffb90b764
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2e4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j7BFsQvLJ71nTVThHuwhuSxkOWtpufEGTgzhPLDyXbknx3yiFVJKSwunKSaX7Y7asZE0ZN2K%2BA9Fn%2BDoYYaHSWx5wEJfN5muwHmApNU583lsqnZ042zev3CdN0f8YOAoULGLQkYeM0RQNqxAPbg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 8374b0a69fdc229a-CDG
alt-svc: h3=":443"; ma=86400

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 160 KB
55 KB 93ms
93ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e44128a2911dbcc9031a191b00018005dbde321e10a7c330fa6d603b02a07ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56011
x-xss-protection: 0
server: cafe
etag: 9336093937293375424
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 04:33:51 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 02DF 131 KB
44 KB 256ms
256ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=280&adk=4144480424&adf=2571114240&pi=t.aa~a.1665869076~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x280&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1621&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a45285f786056f7bb715a2cfc6f91302b63bfb139739c51b46e62e01ba269121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ua.nesrakonk.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 45450
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 04:33:51 GMT
expires: Mon, 18 Dec 2023 04:33:51 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F8AA 137 KB
45 KB 267ms
267ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=280&adk=3809598800&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x280&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=732&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2172&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=6

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

94b2a9e1600c0916d1bda1b180dfc67a65be596358b1beaa04424f80131bb44e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ua.nesrakonk.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 45662
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 04:33:51 GMT
expires: Mon, 18 Dec 2023 04:33:51 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 956F 48 KB
17 KB 140ms
139ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=90&adk=1002792709&adf=1065720476&pi=t.aa~a.1367413946~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x90&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1911&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=8

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5c42d0ecec63c34fea178667f4065e872a9198895025614d8498d77c6020207

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ua.nesrakonk.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 17485
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 04:33:51 GMT
expires: Mon, 18 Dec 2023 04:33:51 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7F9F 38 KB
16 KB 219ms
219ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=60&adk=3660842011&adf=569783962&pi=t.aa~a.1367413946~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x60&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x90&nras=5&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2102&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

32382e07a755f7dbea4c8b40d1e79d58a9618d02479291dcaa8d3ab33d732ff2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ua.nesrakonk.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 16306
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 04:33:51 GMT
expires: Mon, 18 Dec 2023 04:33:51 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 /
kraken.rambler.ru/cnt/v2/ 43 B
676 B 171ms
68ms Image
image/gif 81.19.89.17
RAMBLER-TELECOM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kraken.rambler.ru/cnt/v2/?event_type=base&event_name=page_view&project_id=7460281&session_id=1525779512_1702874030973&session_number=1&session_event_number=1&version=3.15.1&counter_type=web&experiment=%5B%5B%22exp_ws%22%2C%22no%22%5D%5D&top100_id=t1.7460281.670037776.1702874030972&adtech_uid=fe8cb8bd-a4e1-468c-9377-8b10ca9e251e&adtech_uid_scope=nesrakonk.ru&fingerprint=pA8AAENKs1eyjnBqAQiJUQA%3D&fingerprint_ip=pA8AAENKs1eE2YgrASHrAwA%3D&url=https%3A%2F%2Fua.nesrakonk.ru%2F&request_id=1702874030.972-177689024&event_id=115840312918930&meta=%7B%22title%22%3A%22%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D0%B0%20%D0%B5%D0%BD%D1%86%D0%B8%D0%BA%D0%BB%D0%BE%D0%BF%D0%B5%D0%B4%D1%96%D1%8F%20%E2%80%93%20%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D1%96%20%D0%BF%D0%BE%D0%BD%D1%8F%D1%82%D1%82%D1%8F%20%D1%96%20%D1%82%D0%B5%D1%80%D0%BC%D1%96%D0%BD%D0%B8%22%2C%22referer%22%3A%22%22%2C%22screen_size%22%3A%221600x1200%22%2C%22browser_size%22%3A%221600x1200%22%2C%22color_depth%22%3A%2224-bit%22%2C%22language%22%3A%22en-US%22%2C%22browser%22%3A%22Netscape%22%2C%22platform%22%3A%22Win32%22%2C%22timezone%22%3A%22-60%22%7D&rn=1673116706
Requested by: Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.89.17 , Russian Federation, ASN24638 (RAMBLER-TELECOM-AS, RU),
Reverse DNS: kraken.rambler.ru
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
x-srv: 1kraken-prod0002.ad.rambler.tech
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif, image/gif
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type
content-length: 43
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame CCCE 9 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ua.nesrakonk.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 70733
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 17 Dec 2023 08:54:58 GMT
etag: 5585625838579639069
expires: Sun, 31 Dec 2023 08:54:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 7600 9 KB
4 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ua.nesrakonk.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 70733
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 17 Dec 2023 08:54:58 GMT
etag: 5585625838579639069
expires: Sun, 31 Dec 2023 08:54:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame CCCE 4 KB
767 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 04:13:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 18 Dec 2023 04:33:51 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame CCCE 16 KB
7 KB 36ms
15ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 01:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9548
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6766
x-xss-protection: 0
server: cafe
etag: 14924840246271906451
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 01:54:43 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame CCCE 22 KB
9 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 02:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8216
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9210
x-xss-protection: 0
server: cafe
etag: 13914886398874665762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 02:16:55 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 7600 14 KB
1 KB 15ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 03:50:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 18 Dec 2023 04:33:51 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7600 2 KB
875 B 28ms
13ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 01:54:19 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 7600 23 KB
9 KB 25ms
11ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20014
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Dec 2023 23:00:17 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7600 3 KB
1 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 19:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Dec 2023 19:37:40 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7600 20 KB
8 KB 22ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 01:54:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7600 203 KB
65 KB 95ms
59ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Dec 2023 04:33:51 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame 7600 37 KB
16 KB 30ms
9ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 571028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 10 Mar 2024 13:56:43 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/15188780278864165911/ Frame 7600 17 KB
18 KB 29ms
16ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15188780278864165911/14763004658117789537?w=400&h=209&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f226b49e883555e6ce0f3b0dff52021593d2cd93581bc6ebb79e5cfbee0f24c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 16:11:34 GMT
x-content-type-options: nosniff
age: 476537
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17625
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 15:50:56 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 11 Dec 2024 16:11:34 GMT

GET
DATA 200
OK truncated
/ Frame 7600 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 7600 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame F004 23 KB
9 KB 15ms
12ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20014
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Dec 2023 23:00:17 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame F004 8 KB
750 B 19ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 03:48:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 18 Dec 2023 04:33:51 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/ Frame F004 15 KB
3 KB 51ms
8ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.css

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 03:05:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 523677
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2920
x-xss-protection: 0
last-modified: Mon, 13 Nov 2023 11:34:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 03:05:54 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/ Frame F004 376 KB
131 KB 52ms
9ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28c5732eefa979245ff326045f37b6b7cdfc92385c594caea33e265e4a066c7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 13:38:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 572093
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133672
x-xss-protection: 0
last-modified: Mon, 13 Nov 2023 11:34:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 10 Dec 2024 13:38:58 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame F004 20 KB
8 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 01:54:19 GMT

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame FC6B 2 KB
3 KB 60ms
30ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1kgg2h50mmq1hedjaaagb0tv1qg6tpchm3zxbcr4zpxyyn70fxzt1bpvnt9xkmac3dm7r40xjfyhc5bqj4fh0sqnbkg9wxaetcnd0y8f8hxffjhz5rnavv6mf72j6vv8grdswjnn3kvn9va3z42g1sxcztm9xz5b4xk0k8nr549fprgha3sp69zt8h6sbrnw4qywq8amb3wf59c5v92znkpf1m11g9hjt0r95y3jyz1fnd7j4gq06gnqkrard499tvyxsnjbfagdjsk1ydf34120db7v1sd9t5eh64mympbzjqj4kdxtvz2q9g2s7cq2kpzya67cz9z9jkcwx52kh6n9xzp1y34rcgk3v7zjke5sq8fc67y0w0qds40ymd0w2r513c5eqgcn0x1ryykq1nxgkgze9p5zhq5g3h0q0k3k9dp525cygphptpw44fkxnnt2d0rx&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%26client%3Dca-pub-2661896136775218%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=90&adk=1002792709&adf=1065720476&pi=t.aa~a.1367413946~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x90&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1911&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

640b81f0729f5891b675803a8adcde0966a8c1d44722fc8a87f9566e3f168657

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8374b0a87ff4bbd7-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 04:33:51 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame D8D7 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 19:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Dec 2023 19:37:40 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A63A 1 KB
643 B 8ms
8ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 28437
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 17 Dec 2023 20:39:54 GMT
etag: 48472445140208031
expires: Mon, 18 Dec 2023 20:39:54 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame D8D7 20 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 01:54:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame D8D7 0
0 34ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSVGfsckhjPZw66AjBVVCO97MvSHKTQumo12ivleQFwonlt_sEcsYCt7ybZPs9zCfS3vcNkDaHoU22n3oz-vXdfRHBE2w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=90&adk=1002792709&adf=1065720476&pi=t.aa~a.1367413946~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x90&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1911&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame D8D7 203 KB
64 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Dec 2023 04:33:51 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame 1415 43 B
145 B 7ms
7ms Image
image/gif 18.192.88.240
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=between
Requested by: Host: cache.betweendigital.com
URL: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=fdcb8495-a194-5260-9976-fd8ffc093621&CACHEBUSTER=2466
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.192.88.240 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-88-240.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame D8D7 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 080079792e8a0e88b1960e8fc2c60f96ee330db0417f887a35408b9844825a12

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame A63A 35 B
464 B 84ms
8ms Image
image/gif 2620:116:800d:21:e365:4988:e8a7:3270
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDNpbKVb1MuVJ7jW4ztOV_o&google_cver=1&google_push=AXcoOmRtxpJOyxKV5OHq1oEXPvhmLoJPKh4SljBhyueSalJQZqFhM-j8jBOdWwUC-5iwbnvAnhMaepLOYlGRJHVNP-02QIQPYV8wUPI

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:e365:4988:e8a7:3270 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame A63A 0
104 B 128ms
69ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEBtuBB1S4R5rM-eNYGcB3AA&google_cver=1&google_push=AXcoOmT8AbVvqsTq1ZBuE75RTe5mZC1uLxnwcaJcTANiLJXkdIqTzrTZ666DAiPtO802-nVR1qBCGsMeTHNoUxO80VUQY9qqiJKeHCs
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=90&adk=1002792709&adf=1065720476&pi=t.aa~a.1367413946~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x90&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1911&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame A63A 0
173 B 50ms
16ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEBdHwjS7QWivR4wd2sIbaSY&google_cver=1&google_push=AXcoOmQWrFLFJRlDd2EooaEage8rVPaQmKlAGn1LxmcuNfSS2OwWi5pXXvlID3G27usyhrnuorPl4mnCRGGlLeKACSYtA_fkv9LAIh7k
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=90&adk=1002792709&adf=1065720476&pi=t.aa~a.1367413946~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x90&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1911&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A63A
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIHjTsUefOYPpMU7MfqpAYs&google_cver=1&google_push=AXcoOmTkvNDcexRNDhCJaPAoAAKZdJmMw_aZcEGeT-7DLzJLD4IbgUoptuR8BWxtC1FTcUEl6f1mzKGUYu5S8i...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMzc4ODI3MjM1OTU2OTU1NA%3D%3D&google_push=AXcoOmTkvNDcexRNDhCJaPAoAAKZdJmMw_aZcEGeT-7DLzJLD4IbgUoptuR8BWxtC1FTcUEl6f1mzKGUYu5S8iRPBn...

170 B
232 B

17ms
16ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMzc4ODI3MjM1OTU2OTU1NA%3D%3D&google_push=AXcoOmTkvNDcexRNDhCJaPAoAAKZdJmMw_aZcEGeT-7DLzJLD4IbgUoptuR8BWxtC1FTcUEl6f1mzKGUYu5S8iRPBnwtn-qrcj0dAxIt

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMzc4ODI3MjM1OTU2OTU1NA%3D%3D&google_push=AXcoOmTkvNDcexRNDhCJaPAoAAKZdJmMw_aZcEGeT-7DLzJLD4IbgUoptuR8BWxtC1FTcUEl6f1mzKGUYu5S8iRPBnwtn-qrcj0dAxIt
Date: Mon, 18 Dec 2023 04:33:51 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame A63A 43 B
363 B 64ms
11ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmRy5nBOIRmg1PhAZCtj05A7QIOQlDok-csK2Nhe4SiH2_uQCGlqz9C44t7wtCaE7WdmRzKkFw3nTXR5CreO-avpq9AYakW2Ksym&google_gid=CAESEOvsOx-BduaxrihgjdayJ0Y&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 202370
expires: Mon, 18 Dec 2023 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A63A
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEN8P5Autz9xA3nwVghXVt4c&google_cver=1&google_push=AXcoOmQ4hXxTUoSS61WcGSCLeF1gsjsuJyivW8KA_nBpAiEt4qnkFG4R_vPTfpuk9svo4vw8dryryNdzXMVS...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQ4hXxTUoSS61WcGSCLeF1gsjsuJyivW8KA_nBpAiEt4qnkFG4R_vPTfpuk9svo4vw8dryryNdzXMVS_z7cldS8KhiwLgsD8V5Q

170 B
329 B

16ms
16ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQ4hXxTUoSS61WcGSCLeF1gsjsuJyivW8KA_nBpAiEt4qnkFG4R_vPTfpuk9svo4vw8dryryNdzXMVS_z7cldS8KhiwLgsD8V5Q

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQ4hXxTUoSS61WcGSCLeF1gsjsuJyivW8KA_nBpAiEt4qnkFG4R_vPTfpuk9svo4vw8dryryNdzXMVS_z7cldS8KhiwLgsD8V5Q
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

report
sync.teads.tv/um/ Frame A63A
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEEttOazPiiXw...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRe2tOXVblfLiPJ51txlrzIeZNDoBHdR_xEPSDgtJ9Npjb1Y0GA_upr1KlVBPye3wh1Bi6ETgc6sdANweAFdHS_qIeCMM_jFICc
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

34ms
33ms

Image
image/gif

23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=90&adk=1002792709&adf=1065720476&pi=t.aa~a.1367413946~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x90&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1911&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=8
Protocol: H2
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Mon, 18 Dec 2023 04:33:51 GMT
pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame A63A 0
139 B 44ms
15ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JWd6B0SJtLW_Zpazy7NoTMfRxlWsx_GYIBZaNDEZo77gzdfMyo51umoFsRqpSEfRcNCufzng

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

a4ee9d42-9d5e-11ee-bbb1-002590c82436
an.yandex.ru/mapuid/adsniperis/ Frame 1415
Redirect Chain

https://sync.bumlam.com/?src=aid0
https://sync.bumlam.com/?src=aid0&s_data=CAIQARivl_-rBqIBEKTunUKdXhHuu7EAJZDIJDY*
https://x01.aidata.io/0.gif?pid=ADSNIPER&id=a4ee9d42-9d5e-11ee-bbb1-002590c82436
https://x01.aidata.io/0.gif?pid=ADSNIPER&id=a4ee9d42-9d5e-11ee-bbb1-002590c82436&bounce=1
https://sync.bumlam.com/?src=aid1&uid=nugdOppDtbYbxdW3Wd7vjg&
https://an.yandex.ru/mapuid/adsniperis/a4ee9d42-9d5e-11ee-bbb1-002590c82436

43 B
571 B

179ms
62ms

Image
image/gif

2a02:6b8::90
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/adsniperis/a4ee9d42-9d5e-11ee-bbb1-002590c82436

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Mon, 18 Dec 2023 04:33:51 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Mon, 18 Dec 2023 04:33:51 GMT

Redirect headers

Date: Mon, 18 Dec 2023 04:33:51 GMT
Server: nginx
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://an.yandex.ru/mapuid/adsniperis/a4ee9d42-9d5e-11ee-bbb1-002590c82436
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0

POST
H2 204 csi
csi.gstatic.com/ Frame F004 0
54 B 50ms
12ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lqaf8bx1&c=4330069642368&slotId=2165034821184&qqid=CNGW1o2UmIMDFSTJuwgdITIBNA&fb=outstream-lima&sei=44752538%2C44807615%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F004 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=Cxlhmrst_ZdGHN6SS7_UPoeSEoAP1jcWSb87znZ7_EavQ9P0IEAEggdjuhAFgleKQgqAHoAHIx7XyAsgBBagDAcgDmwSqBPsBT9BS39zfRhjLRfNIlNmSgv0TfrctPZZU-a6w0uRLKvDJTFFU5yoOk_CcX3zcp8xbXjw_xFx_unkdPE5YjSUSKR5NBe_vYBmGU63J3Z7ci_kz2hH89mi_wjEb1nCtSGmbXUbUJD_FhbP01YSBiC9pt-12mzsqYRdjgokFQ0Lkik-3Qwc9wTbETSyY9DR0Gdtr6i-EGI0gRBYU_hatkqxa6nWzmz05Rca61oqb3fMe6WfW8VQcl1ptxPiSIG9VNjZTD1RhlPaOM0yntl11MSdXASo-zaYQ7kWOW1IbVNmbnZzv5DvQ-qLClckpDrmRV4sjaQMoiF5GXqPdSmXABNf-7e2UBOAEA4gF0o37oUOQBgGgBk6AB6C4yo0BqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYmPrVjZSYgwOACgGYCwHICwGADAGiDCAqHgoc5LSxAu61sQK1uLECrLqxAuS0sQLutbECu7uxAqoNAkRFsBPh7vgV0BMA2BMMiBQC2BQB0BUB-BYBgBcB&eventType=clickstring&clientTime=1702874031449&ai=Cxlhmrst_ZdGHN6SS7_UPoeSEoAP1jcWSb87znZ7_EavQ9P0IEAEggdjuhAFgleKQgqAHoAHIx7XyAsgBBagDAcgDmwSqBPsBT9BS39zfRhjLRfNIlNmSgv0TfrctPZZU-a6w0uRLKvDJTFFU5yoOk_CcX3zcp8xbXjw_xFx_unkdPE5YjSUSKR5NBe_vYBmGU63J3Z7ci_kz2hH89mi_wjEb1nCtSGmbXUbUJD_FhbP01YSBiC9pt-12mzsqYRdjgokFQ0Lkik-3Qwc9wTbETSyY9DR0Gdtr6i-EGI0gRBYU_hatkqxa6nWzmz05Rca61oqb3fMe6WfW8VQcl1ptxPiSIG9VNjZTD1RhlPaOM0yntl11MSdXASo-zaYQ7kWOW1IbVNmbnZzv5DvQ-qLClckpDrmRV4sjaQMoiF5GXqPdSmXABNf-7e2UBOAEA4gF0o37oUOQBgGgBk6AB6C4yo0BqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYmPrVjZSYgwOACgGYCwHICwGADAGiDCAqHgoc5LSxAu61sQK1uLECrLqxAuS0sQLutbECu7uxAqoNAkRFsBPh7vgV0BMA2BMMiBQC2BQB0BUB-BYBgBcB

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame F004 0
234 B 44ms
11ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lqaf8bx6&c=4330069642368&slotId=2165034821184&qqid=CNGW1o2UmIMDFSTJuwgdITIBNA&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.fr&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame F004 30 KB
18 KB 103ms
38ms XHR
text/xml 64.233.166.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-A3kgYgHKF3DYXiQiiYIPLwQ3sJssJvgdwaeELXy9miK9-c_-K7nS1QMahyYTE2Z_mbTX_1XyttdLc1lFiknek6G7IFSA&cry=1&dbm_d=AKAmf-AQ4chmdxxZJw20loCLAsbTTUT277-pM_lnItZOwWtvLJrJEe2eSP5da_kgfyahNrECkpJP2OF_br2mp1D-UEcwmnOC4VTSd0Jp-4EGPwpt3h2_97RPMfoHm6m2YrxRtmJUTjADPu9DgC0JMpvNovxg3fm-nkarUR-HzjEaeHce2T3T-BU3JOnAQSUt_bRFvkxyf5sHOycEGY1ASXKKdhy3xGmwPeM_KHxAmu6KiZZLkartpZVy-wrj3o9wXV2wM-TCCqKsoLAk-xEStLuqnIebwr2TJE_v_dphk90px_If6rCeyq4M42kAHrNUGzFB5jiT1PqHrjnk_x4tQjASbFe6D8FB5E0ITVWSO8YMQ3UxG2AoxMLsNq5YFr-a4zf_gawrVo0truLO2XkybyH5tzCXXps_JG111cMxV4HGx5b2d4jq65qIuCO7pUetRObzpLS-DgnPqS1yyuiSj9dPqef135lt6zAyLgvFGdOMS5NbnrjlfP849OIvThHG9m15ipOs3dCeVVhFuYNKnGKdpNpvEH55jZjURD6Rxb3Qhl_CcaBy6H2C3SXZJojwBKgn72FQcpAWRntDpxFWQnxF07YzENeRYbUmli6RGBZiMJPn79SmE3FBO_zxvt0ReJVqxE94BrJ65qaZkRyCTmxlUb621dd-HDNZOP9aETDH5WQ8RZGMQRhyQIpC10HluxTmrbpCd7aCVE-I2mWUjKnXEoEOb9BXEcr-T4jv3HWlk2kCDSmrdPp0wSNaV5ApOKBom6tTcpYv1dymKpyv2bPUtmxj83vkU8jkPQQFIvk6jZAZcO7dsTfe8atgF6tNdLm7ocv_BkAiJmtZ1LOgM8US7-D7v7xXefUzdSnuXX0He8Z5tl-DW5ExQZgHIfg0dSdGMS5_OBi7oqKSAUMjroBW5IZsiXdjnDffrGhrr-2g_2tw-_KsOECtu6piJU5BzWWvBKyo10ZvpxNnK5vI3aSgio-Gc6iL-J9HW3NC7UD4myAbPprA2GXFA7HDvSnzyEPx1rz8Cq2DTGNVvkff4GgfgI8GjijtotRtRanfBzKl5JU5eCsRpb5ELfupui9mPniMafGN54zwJDXXvb--KyrgmMHhx2SzjnNCozwMeri3xyz_ieKKU0XS4Tju0ZIVNGe0ljBEsTypIdfdkSOwb-Bw8eA1luFdPJn869tH_gbmQwZsTId5q2TYJ_wJqiv08J8Vn1933t7m4zxRgpCj7uJJOcM3_KxWsUB9I7RDRuWmeNMCronrPgcCdb4_qThL-TApxrBstEIGuosEIhxMeZj4yQRt9VL-hYjf3QeYYXE3beZYMB9P7Toa8Pwyl5zvWje036tduZkITVWAulWiE79PkD-3YtVaKaOL6w1hHqCNde-fa-ir-iCjUYE5Bu5RRMGNL3siFbRRbavIpxY2On9QddFQP45bOjO1iq0KNvjIN9IhE2gzFr1z1Vph59l5ebBSK-CGFTvVOR4UCbmQ8gMl_JDdpRf18CyGGcSMBPPv1St882bnb6ms3TrQrEV7wcVvviCsGAzkhgZv_GINxsTDyA2WJlUOD1gb5GIiTckMLsu_lBPmWuDQEkRXCM0WiWXp4fK9_eHG-a0KSw3zrS-7N4h-hIw4qF7TyOR74MA7kcrSSzuIi8Z3IYFhc79X-qbvl3egwjmuEiF5mpwU8P7YwtDBv8sv9jm7QA8oe7pI8xNRFPovJfJVIehIlyLtYK167JniK_48u_GUihTOWZK9pjMAtAqBdvXRWNVVEnn60t179-16e4L0QHPSir43xQ62VDkLLP7ZpWeGnobuVs1NvHaVRpPHyrKCuGoQiur3-SHTlPW4nmr-9on6nAg_oTsEHR3ZXEmW91-V6EeR_uaFJGvoQw5aNeneQx5vELaQLu7eMxVwi1LHywtWHXNNPMplvin4jntdg2pC3zI3gUPUpfe57KqQFwPMN6NZ42l6SQ6Nx1E0ZsgyvBNcnWusMK-zx5YP0svTD8XjNalMu1pHsUmfgm8LOKS_MihUS2eqZGz9Weoy8ai7AwpEKSz7Zw22bxxFsg_MD3IHOJ9imV2GfjOgaMufAczTDF6Y3EhcmDewwYabbTdf8aHdT52YfiLwF9oR01FFsjsRybl_TaXrdChRL4Ih5SQXiOJOA7I1FktDm1t8rHkeMnZEVsJiNWlR8fuJg1Uh-VGdUY0oYbZPYNpcwMspsIR79GZy66Bt9IuByYYWa8klEzMxo-t7sBtPffC5Kro1GL2lSLBnuRxt3fevSYz_JEbVeASPEKZvUtdG11SZplVrqJhQuwL0a7p5Ijm_cYiUSYsoKRoCfZ5PBYSyaJVpJ2nF5LCxV4Y4FSUewuZupSWruaDGH5TGnr9pOwQpfImhtK3qSZ5r2RLDKBImk1SIQT3rRqm-cRo-FKsY3MNbn0VGDhLjzkMRebeuSkBv-H0WKiltAGpWuvFgbV-upv-vVVwxu4Yv7Ldq53f_e1WqeUNaavsnu_qIUc2mit-fdeLkr_echhC5A1RT8TrpgacOsNvIJcWzU6GSOxJ0-YCsZm6oI15iIprFHTzvzeekcqPFbjRPscuf4nUD6p_nsUsrIbX3awcuyiYVJImZtN0ubdJUSFO1S8l95v7MCVtb60dD_JFrjXM_leAdMnQesEal9K1ghkPTq6qzpvCWY0JVQoTHWWInO213QKxUfWeH0kai5Hqcgq87VFMnCvrwSCqMu2n8jzU9_4Dvd3QD1SL1utPjQDrNnO4Vcn6gnYAA_5aTWBSrTQnQf2PICtEbUDMEEsU0pkub_lGyXAOZNPuV8Bizdr020QvJ8kAG1jyhYzAX7Fgk_ninft_2zUwUFhZqfESiEVAkTLJk2ix4pv4g44NHLVnGM9OUc1aqH1f0neimq4VUWtbR1Pu5SZkyQGEITSqia_6n90LZeCHz0osvpNDpJ-CHt3puirK_5Jo-nfbdpWM1rZzpGql-bWe1gWp5eUtMWQ3oLtpr4gbr_lktpXBPzciYpNB9FPkzGQHcpNKqMAlmDV-CaV1Dd2UGKVmv5RV9E2ebuFMlLJOBO8f0pBipyPaBnVT_Sayegq7xrkFh8EkA873TYi417kU9xNI3u924w4NnymMhFDRiyLZYEzHDJ5h38KJiQ1QKmygA6FGUExKVDvW3j4CqasyajjSpwxxJLtA3Tktn5gJCPszNscnG-x6HjQlH3JomffCvwkICNtRdeZdgGD35J0z45Uuj_HwuTp-j6AuDskn7mpK69tVoRNyEplry3ShSRYUURP10vUfpESAyaOkgQBllLy5Yt0zOzLacoY7A1avNaI224gFvEHkYD7Grr1kBUbdmOb2gPS247SDnhTlUDSCMkiEFspqGHz4OLcZuix7NjzlktehCnWjfysI_13fFw54NEzjXfISB5n-wEf2nSt-6MoyuTQh1-6LEIcMxIjBG29jcJorxyhovvUcOWsidEsOwGNFZ-swyzN7opNy5ksXQYyLIRqIDl5AwBxvtQxGYa8VReHEUKnfht9h1qLgZS3Cbzmed4s-n53kolwd1aDqxJ0k26xF91d4RJZv9gSlVjxE6QHDKz9W4oGGOcWs4lIiLbmDgkJe7od9jEsVNoYUl-dCCLswCb10JIxhU02O56IJnVRcE9X1YQ7RTE0ZJFnzpIcvZ-1AA8cYknrrwwQnIn51b-xgDT7Sm5FCj4N_wuSZvlGc&cid=CAQSTgAvHhf_o7gyyoEZWCUKlIZ3JBScwXLjApGMffbxWAMOIZA5BWxJ3x7rt4Xxmzx4DuGXTnjji0eLhySgc4vtdeJhzOs-J2MT46-rJJTuGxgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.166.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wm-in-f157.1e100.net

Software

cafe /

Resource Hash

77dfb14e2cd79635803154fbd240536a810b48ec51547ab8e2d8ede3be7154f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17485
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 7600 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 529674f52dcc918de1ae1db738237f5eee7e90c03c63e05dd8a8cb96f785a02c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7F9F 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=60&adk=3660842011&adf=569783962&pi=t.aa~a.1367413946~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x60&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x90&nras=5&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2102&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 19:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Dec 2023 19:37:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7F9F 20 KB
8 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 01:54:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7F9F 203 KB
64 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Dec 2023 04:33:51 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 1BA8 182 KB
56 KB 110ms
75ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZX_LrwADw4IH_Z7qAA8dMr7nqSxCxfHFBAj5Hw&u=%7CupLRa2PRaItMuauxrdp9dymZPZ%2F3UsndZf8ByElNRAY%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZWgJ4RDTbq-Wb6C9K-cesMV_WPikrq5at_ACdAcfQ797WXjMvyWgYJqOQOzabhQ03_y66hfcyx8Jhvcz45gHOOR79ysngZNRwOvBU9G4tKidQa1hjUxoEMfD9oSLhmX6odAopQYyqWcHzPISVkxHVWnJRnAKAXrBlGuBqrJ91l4HXTZZvjZQLXCCYQMxI1hQ-vTesMgYmQ5Le_g3k5TKQILZzpbI-pynv-o82U8FQqQcVMZEmRDKlXcW3poSlpzax-tMbWuWECbiGkWbPVDPDb1d0dI_hq3m4-1h-de9ptfQHYDgj4nS8u__6AcVH1gWlP_seJ5hLNMp3BNyaBHf6srVNYIXSkicujEzNhPMAmqaNf4Q5-WbyF8y5Lu0Q31vOXdILJqmk2kL7oSxjXgXu-4C7HbAvv1FnSWL26mpGxbxwGO3X6uRKTGnQQUHwg8SZhI9zYJC3Nwtc66cydzy_iAPWYooY9iSyOieMzvDanP554MRJrQCVIR3s611cZAP3fwLBpHSHNF_jgnrWvDVELOBJpcXQo0SswtZeQGzXPcbFyB4GqVSCaXpmayZCtrc2E2x9_VI9FpaF8L3bK9E0LV&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCT77ur8t_ZYKHD-q99u8Psrq8-APJntKxXM3x4t2IAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEywFP0OfX_md0WE7ATtUoaYBP5yi7nwUXHQ0CXAAvXBVO8l8sJYpqArfVuDkZv_AO1IMtva3EpMN2dwjx-v0AVSLV2DJcpez2Yyl0E3emEgRsoqyixziWOBh5NspiY6bdWa3Jh8op_d3SFnY2IMad8b2jp9IbTHa8KdHF9dFGydTOQViW4EMc-nByIdSXJQtuvHn_6WBrsRrJssdJEJRDKT1-Zef_GmnopcVfzmuv2IxwKGUgMRmp7B53ZAKG2iaTeMVi0Mu4Tsf_ZYwEW4AG3IqBvYCDxve2AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOljU-eqNlJiDA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0zS8ErGDKZumDKC8EEflTiiEKlrQ%26client%3Dca-pub-2661896136775218%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6168a3bdb323041353a68513bab0262b143d7883d244ce3514aa9490b3d621a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 04:33:50 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=_l30t50Q2VnShducQIgnVBvOKeh7H_6-LhUJq_nbuoHO1Pa3vRGKAbvtbafOhDPc-XVv4gQFiJvtnlPyoBLvvDRxgi6n121MRDkl7D0LMs3Xwjywf70HFgV80G2rSkYr5h2aTODHmdLqt247mtMRGqzO80uqlNfQy3-jQjZyPeznCi86QW4ruiF5Fz082QdrWL3QpwcG3_jhgch998B79vTp_xUjkQT5vMIVkWiiMTNJmuHA5xddbMOi7jt9pnF_t_hedw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 59797618
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EC2B 1 KB
643 B 13ms
8ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 28437
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 17 Dec 2023 20:39:54 GMT
etag: 48472445140208031
expires: Mon, 18 Dec 2023 20:39:54 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame FC6B 115 KB
14 KB 26ms
17ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1kgg2h50mmq1hedjaaagb0tv1qg6tpchm3zxbcr4zpxyyn70fxzt1bpvnt9xkmac3dm7r40xjfyhc5bqj4fh0sqnbkg9wxaetcnd0y8f8hxffjhz5rnavv6mf72j6vv8grdswjnn3kvn9va3z42g1sxcztm9xz5b4xk0k8nr549fprgha3sp69zt8h6sbrnw4qywq8amb3wf59c5v92znkpf1m11g9hjt0r95y3jyz1fnd7j4gq06gnqkrard499tvyxsnjbfagdjsk1ydf34120db7v1sd9t5eh64mympbzjqj4kdxtvz2q9g2s7cq2kpzya67cz9z9jkcwx52kh6n9xzp1y34rcgk3v7zjke5sq8fc67y0w0qds40ymd0w2r513c5eqgcn0x1ryykq1nxgkgze9p5zhq5g3h0q0k3k9dp525cygphptpw44fkxnnt2d0rx&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%26client%3Dca-pub-2661896136775218%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1kgg2h50mmq1hedjaaagb0tv1qg6tpchm3zxbcr4zpxyyn70fxzt1bpvnt9xkmac3dm7r40xjfyhc5bqj4fh0sqnbkg9wxaetcnd0y8f8hxffjhz5rnavv6mf72j6vv8grdswjnn3kvn9va3z42g1sxcztm9xz5b4xk0k8nr549fprgha3sp69zt8h6sbrnw4qywq8amb3wf59c5v92znkpf1m11g9hjt0r95y3jyz1fnd7j4gq06gnqkrard499tvyxsnjbfagdjsk1ydf34120db7v1sd9t5eh64mympbzjqj4kdxtvz2q9g2s7cq2kpzya67cz9z9jkcwx52kh6n9xzp1y34rcgk3v7zjke5sq8fc67y0w0qds40ymd0w2r513c5eqgcn0x1ryykq1nxgkgze9p5zhq5g3h0q0k3k9dp525cygphptpw44fkxnnt2d0rx&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%26client%3Dca-pub-2661896136775218%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 942755
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XyTKujrCCH%2F3herYBAz9W3pJt1%2Bv7z%2FWjwUKPEcsUnHmlbRDwtX26uE1pyW7xmv54RGEg2s3%2FXCizlh9Au6JQGTjArh%2Bvv3tY8qklm19B1ATgjlDMig%2BceZ3LTyo5dSjTKrBfiN46JQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 8374b0a8c828bbd7-FRA
expires: Tue, 19 Dec 2023 04:33:51 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame FC6B 24 KB
10 KB 34ms
19ms Script
application/javascript 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1kgg2h50mmq1hedjaaagb0tv1qg6tpchm3zxbcr4zpxyyn70fxzt1bpvnt9xkmac3dm7r40xjfyhc5bqj4fh0sqnbkg9wxaetcnd0y8f8hxffjhz5rnavv6mf72j6vv8grdswjnn3kvn9va3z42g1sxcztm9xz5b4xk0k8nr549fprgha3sp69zt8h6sbrnw4qywq8amb3wf59c5v92znkpf1m11g9hjt0r95y3jyz1fnd7j4gq06gnqkrard499tvyxsnjbfagdjsk1ydf34120db7v1sd9t5eh64mympbzjqj4kdxtvz2q9g2s7cq2kpzya67cz9z9jkcwx52kh6n9xzp1y34rcgk3v7zjke5sq8fc67y0w0qds40ymd0w2r513c5eqgcn0x1ryykq1nxgkgze9p5zhq5g3h0q0k3k9dp525cygphptpw44fkxnnt2d0rx&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%26client%3Dca-pub-2661896136775218%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e688c863b85a28f75e5c1c7f21092f1f419649e10496f9f1fc36826112bbd348

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 29 Nov 2023 09:14:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 415142
etag: W/"aa3e81d21ff1f0e18f4862e53a794952"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m8%2FMAscahiPnDAULE9xaW834LHmrnW%2Bp%2BZorUSLg%2BB%2F3iBKUKlUQK3kE541bKnAd0n3FQ2xK8u2g%2F9To%2BWv%2BLEdFff8Qvkzy26L4j5%2FAh%2B8Id30HWq%2BeHVG8vC1OZ7TnZddyt9Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 8374b0a8c832bbd7-FRA
alt-svc: h3=":443"; ma=86400
expires: Wed, 13 Dec 2023 09:14:49 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 02DF 4 KB
655 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=280&adk=4144480424&adf=2571114240&pi=t.aa~a.1665869076~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x280&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1621&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 04:13:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 18 Dec 2023 04:33:51 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 02DF 2 KB
822 B 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 01:54:19 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 02DF 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20014
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Dec 2023 23:00:17 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 02DF 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 19:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Dec 2023 19:37:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 02DF 20 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 01:54:19 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 02DF 203 KB
64 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Dec 2023 04:33:51 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame 02DF 37 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 571028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 10 Mar 2024 13:56:43 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame F8AA 14 KB
1 KB 15ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=280&adk=3809598800&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x280&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=732&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2172&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 03:49:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 18 Dec 2023 04:33:51 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame F8AA 2 KB
822 B 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 01:54:19 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame F8AA 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20014
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Dec 2023 23:00:17 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame F8AA 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 19:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Dec 2023 19:37:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame F8AA 20 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 01:54:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame F8AA 0
0 15ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTTbtwkJMKyQBlgoD8JQhY7XEczo6D3R6XWAskTmen5rhW48YRJGoWu1Wv9yDrlPImAAVLe39AIikue7vksH5pn9ybKTw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=280&adk=3809598800&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x280&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=732&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2172&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame F8AA 203 KB
64 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Dec 2023 04:33:51 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame F8AA 37 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 571028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 10 Mar 2024 13:56:43 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 68CC 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 28437
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 17 Dec 2023 20:39:54 GMT
etag: 48472445140208031
expires: Mon, 18 Dec 2023 20:39:54 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/4966122186358586765/ Frame 02DF 43 KB
43 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4966122186358586765/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

238fe55e756da3a3322ca0bd25a42aec20a52a75aaf60288539ea5dc14de8eda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Sat, 14 Dec 2024 23:01:37 GMT
date: Fri, 15 Dec 2023 23:01:37 GMT
x-content-type-options: nosniff
age: 192734
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43947
x-xss-protection: 0
last-modified: Thu, 30 Nov 2023 09:59:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 3147984097541128383
tpc.googlesyndication.com/simgad/ Frame 02DF 4 KB
4 KB 7ms
7ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3147984097541128383?w=100&h=100&tw=1&q=75

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88fc747cb76bd9a97fd8182916c9ef985a89c6e912fbcc9eaaa4b89cebfa37d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Fri, 13 Dec 2024 23:04:26 GMT
date: Thu, 14 Dec 2023 23:04:26 GMT
x-content-type-options: nosniff
age: 278965
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3680
x-xss-protection: 0
last-modified: Fri, 16 Sep 2022 14:07:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E31B 1 KB
643 B 7ms
7ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 28437
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 17 Dec 2023 20:39:54 GMT
etag: 48472445140208031
expires: Mon, 18 Dec 2023 20:39:54 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7F9F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5c626455e3859405178ec3db9cae1e43c06704db4152859d5c3f9d1cbcd8d705

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/9240406603925942781/ Frame F8AA 11 KB
11 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9240406603925942781/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38a62478efd4f8df95c4a06e7ac6b7af9b2999b83c566dbada2bfdd285bcea89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Mon, 16 Dec 2024 23:00:17 GMT
date: Sun, 17 Dec 2023 23:00:17 GMT
x-content-type-options: nosniff
age: 20014
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11249
x-xss-protection: 0
last-modified: Tue, 28 Jun 2022 00:35:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame F8AA 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F8AA 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9fe1e1a729d0d8a1042ea6f19b0ce23f84f2d5f77115ab9bf30fafe424451d27

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 7600 33 KB
33 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 21:01:51 GMT
x-content-type-options: nosniff
age: 372720
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Dec 2024 21:01:51 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjYUvaYr.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 7600 15 KB
15 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjYUvaYr.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5825c88b68a498c8b3d8d34f0090a625f063a366c8f3cbebf51e7657623fb13b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 00:09:00 GMT
x-content-type-options: nosniff
age: 534291
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15352
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:34:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 00:09:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame EC2B 0
103 B 13ms
12ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESENqBxXw7dYLzsa1hHU7DxL4&google_cver=1&google_push=AXcoOmRBn8LiHX_9rbGJV1puKpvhpirTLaTm7eKLYlhtktKSHziRT0nuL5cRuHYrpZYfxWXZ7RWNBAO1Qj9yBJ0emvsa9YfDc8hFF-PV
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=60&adk=3660842011&adf=569783962&pi=t.aa~a.1367413946~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x60&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x90&nras=5&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2102&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=10
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame EC2B 70 B
149 B 100ms
30ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEAoln4JVdciL8VsePM9gbOs&google_cver=1&google_push=AXcoOmSWtn3xlHscRnmXRYFW9p1ev0obof5vgv2xHEY20BzlPDsShDmfKepmL7PAakQln-vZe4ZlPTkwSwIm3imGiLMKborAfer0kwMM
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=60&adk=3660842011&adf=569783962&pi=t.aa~a.1367413946~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x60&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x90&nras=5&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2102&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=10
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EC2B
Redirect Chain

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEAalI8JvgeY5w4YhNF2wjFc&google_cver=1&google_push=AXcoOmRNVby0zMRCG6ClpRIi7MMow8QkeRdZAGq0JUYxHuchrOJScxnpN_40YPiFX2O0YLHiOGUu_HIujkGqrR...
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmRNVby0zMRCG6ClpRIi7MMow8QkeRdZAGq0JUYxHuchrOJScxnpN_40YPiFX2O0YLHiOGUu_HIujkGqrRFseV5X6p9Wjhv2em4&google_hm=hmV_y68hT8CaOC...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmRNVby0zMRCG6ClpRIi7MMow8QkeRdZAGq0JUYxHuchrOJScxnpN_40YPiFX2O0YLHiOGUu_HIujkGqrRFseV5X6p9Wjhv2em4&google_hm=hmV_y68hT8CaOCSbUg&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D657FCBAF214FC09A38249B52BLIS

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmRNVby0zMRCG6ClpRIi7MMow8QkeRdZAGq0JUYxHuchrOJScxnpN_40YPiFX2O0YLHiOGUu_HIujkGqrRFseV5X6p9Wjhv2em4&google_hm=hmV_y68hT8CaOCSbUg&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D657FCBAF214FC09A38249B52BLIS
date: Mon, 18 Dec 2023 04:33:51 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EC2B
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEBCCX625GkcSupCgynqLyJk&google_cver=1&google_push=AXcoOmQ1clvKZ8Bq66gJeJBzKqV2zsazWZ8NcXCHwmIdTntBZ_UYJQEz4nB-c10bUG1O2FXi3Shbp0ty7vH77O...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMzc4ODI3MjM1OTU2OTU1NA%3D%3D&google_push=AXcoOmQ1clvKZ8Bq66gJeJBzKqV2zsazWZ8NcXCHwmIdTntBZ_UYJQEz4nB-c10bUG1O2FXi3Shbp0ty7vH77O57M9...

170 B
188 B

16ms
16ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMzc4ODI3MjM1OTU2OTU1NA%3D%3D&google_push=AXcoOmQ1clvKZ8Bq66gJeJBzKqV2zsazWZ8NcXCHwmIdTntBZ_UYJQEz4nB-c10bUG1O2FXi3Shbp0ty7vH77O57M9A4eID4ECTq75aH

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMzc4ODI3MjM1OTU2OTU1NA%3D%3D&google_push=AXcoOmQ1clvKZ8Bq66gJeJBzKqV2zsazWZ8NcXCHwmIdTntBZ_UYJQEz4nB-c10bUG1O2FXi3Shbp0ty7vH77O57M9A4eID4ECTq75aH
Date: Mon, 18 Dec 2023 04:33:51 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EC2B
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEAtTdEBqr_rKcGNwRsQspDo&google_cver=1&google_push=AXcoOmTmw4b9ir4dYj9MyKdBiz8MbmiyOUbmWXTFdSBobNLQo6PgBta1VgLOBsNTE6bZLxzLxTgZNiDq0JTUcdsoTSW3fvR...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTmw4b9ir4dYj9MyKdBiz8MbmiyOUbmWXTFdSBobNLQo6PgBta1VgLOBsNTE6bZLxzLxTgZNiDq0JTUcdsoTSW3fvRQ-STmSv9X&google_hm=eS1EX1hCTUhCRTJwR0...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTmw4b9ir4dYj9MyKdBiz8MbmiyOUbmWXTFdSBobNLQo6PgBta1VgLOBsNTE6bZLxzLxTgZNiDq0JTUcdsoTSW3fvRQ-STmSv9X&google_hm=eS1EX1hCTUhCRTJwR0NCZDVFeVVQN25qX1hQRHI2SEU0Vn5B

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTmw4b9ir4dYj9MyKdBiz8MbmiyOUbmWXTFdSBobNLQo6PgBta1VgLOBsNTE6bZLxzLxTgZNiDq0JTUcdsoTSW3fvRQ-STmSv9X&google_hm=eS1EX1hCTUhCRTJwR0NCZDVFeVVQN25qX1hQRHI2SEU0Vn5B
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame EC2B 43 B
362 B 14ms
13ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmSXR2XPp-kO4FIipYokqGznO1UgDr0rXx4wtsPa8UoXnv6SBzd810y397-lak_sxUZ6gajvrVHuRqRyVZaMNSPLkj_JZ4qqa4rI&google_gid=CAESELeCFiSw1vW5qAu-rGaIgr8&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:50 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 243153
expires: Mon, 18 Dec 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EC2B
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESENyOJD91wcdihunU4UUnrkQ&google_cver=1&google_push=AXcoOmSOwm8rc2D4FOT5zfdDIVFFDGc5UbF4hq7IroKygu1CYBeqwZApZKE5DWMq9SRksmy2AXaN64YU...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESENyOJD91wcdihunU4UUnrkQ&google_cver=1&google_push=AXcoOmSOwm8rc2D4FOT5zfdDIVFFDGc5UbF4hq7IroKygu1CYBeqwZApZKE5DWMq9SRksmy2AXa...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTMwNTcwMzMwMjA4ODQ2ODI2NA&google_push=AXcoOmSOwm8rc2D4FOT5zfdDIVFFDGc5UbF4hq7IroKygu1CYBeqwZApZKE5DWMq9SRksmy2AXaN64...

170 B
188 B

17ms
16ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTMwNTcwMzMwMjA4ODQ2ODI2NA&google_push=AXcoOmSOwm8rc2D4FOT5zfdDIVFFDGc5UbF4hq7IroKygu1CYBeqwZApZKE5DWMq9SRksmy2AXaN64YUQFRFoCvuilbiaF4Zs4zh-spp

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTMwNTcwMzMwMjA4ODQ2ODI2NA&google_push=AXcoOmSOwm8rc2D4FOT5zfdDIVFFDGc5UbF4hq7IroKygu1CYBeqwZApZKE5DWMq9SRksmy2AXaN64YUQFRFoCvuilbiaF4Zs4zh-spp
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame EC2B 0
12 B 14ms
14ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KGJjKBiFCIGFbla-a2Sme9_hSHtnpDfQb4bIcK6dNCtBydNNNeTqF9fwtxgIW6amTD7m6_

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 204 csi
csi.gstatic.com/ Frame F004 0
54 B 14ms
13ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lqaf8bxc&c=4330069642368&slotId=2165034821184&qqid=CNGW1o2UmIMDFSTJuwgdITIBNA&fb=outstream-lima&vast_v=2.0&vmfc=12&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame F004 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 19:31:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 205324
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Dec 2024 19:31:47 GMT

HEAD
H/1.1

200
OK

file.mp4
r5---sn-4g5e6nze.c.2mdn.net/videoplayback/id/fe798b597ebe020e/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846668050/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame F004
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/fe798b597ebe020e/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846668050/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signat...
https://r5---sn-4g5e6nze.c.2mdn.net/videoplayback/id/fe798b597ebe020e/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846668050/sparams/acao,ctier,expire,id,ip,ipbits,itag...

0
0

97ms
7ms

Fetch
video/mp4

2a00:1450:4001:66::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r5---sn-4g5e6nze.c.2mdn.net/videoplayback/id/fe798b597ebe020e/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846668050/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/17F6696A0BFC375B07DC0387FE86EDF7BD399613.3DA90B8124281174AFDFDB804D97940CC5DC8743/key/cms1/cms_redirect/yes/mh/vK/mip/2a02:6ea0:c71b:0:1011:d03f:cf9e:5f45/mm/42/mn/sn-4g5e6nze/ms/onc/mt/1702873729/mv/m/mvi/5/pl/40/file/file.mp4

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

HTTP/1.1

Server

2a00:1450:4001:66::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Mon, 18 Dec 2023 04:33:51 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 4231505
Last-Modified: Sun, 10 Dec 2023 14:52:53 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Mon, 18 Dec 2023 04:33:51 GMT

Redirect headers

date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 665
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r5---sn-4g5e6nze.c.2mdn.net/videoplayback/id/fe798b597ebe020e/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846668050/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/17F6696A0BFC375B07DC0387FE86EDF7BD399613.3DA90B8124281174AFDFDB804D97940CC5DC8743/key/cms1/cms_redirect/yes/mh/vK/mip/2a02:6ea0:c71b:0:1011:d03f:cf9e:5f45/mm/42/mn/sn-4g5e6nze/ms/onc/mt/1702873729/mv/m/mvi/5/pl/40/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 1BA8 2 KB
1 KB 39ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZX_LrwADw4IH_Z7qAA8dMr7nqSxCxfHFBAj5Hw&u=%7CupLRa2PRaItMuauxrdp9dymZPZ%2F3UsndZf8ByElNRAY%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZWgJ4RDTbq-Wb6C9K-cesMV_WPikrq5at_ACdAcfQ797WXjMvyWgYJqOQOzabhQ03_y66hfcyx8Jhvcz45gHOOR79ysngZNRwOvBU9G4tKidQa1hjUxoEMfD9oSLhmX6odAopQYyqWcHzPISVkxHVWnJRnAKAXrBlGuBqrJ91l4HXTZZvjZQLXCCYQMxI1hQ-vTesMgYmQ5Le_g3k5TKQILZzpbI-pynv-o82U8FQqQcVMZEmRDKlXcW3poSlpzax-tMbWuWECbiGkWbPVDPDb1d0dI_hq3m4-1h-de9ptfQHYDgj4nS8u__6AcVH1gWlP_seJ5hLNMp3BNyaBHf6srVNYIXSkicujEzNhPMAmqaNf4Q5-WbyF8y5Lu0Q31vOXdILJqmk2kL7oSxjXgXu-4C7HbAvv1FnSWL26mpGxbxwGO3X6uRKTGnQQUHwg8SZhI9zYJC3Nwtc66cydzy_iAPWYooY9iSyOieMzvDanP554MRJrQCVIR3s611cZAP3fwLBpHSHNF_jgnrWvDVELOBJpcXQo0SswtZeQGzXPcbFyB4GqVSCaXpmayZCtrc2E2x9_VI9FpaF8L3bK9E0LV&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCT77ur8t_ZYKHD-q99u8Psrq8-APJntKxXM3x4t2IAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEywFP0OfX_md0WE7ATtUoaYBP5yi7nwUXHQ0CXAAvXBVO8l8sJYpqArfVuDkZv_AO1IMtva3EpMN2dwjx-v0AVSLV2DJcpez2Yyl0E3emEgRsoqyixziWOBh5NspiY6bdWa3Jh8op_d3SFnY2IMad8b2jp9IbTHa8KdHF9dFGydTOQViW4EMc-nByIdSXJQtuvHn_6WBrsRrJssdJEJRDKT1-Zef_GmnopcVfzmuv2IxwKGUgMRmp7B53ZAKG2iaTeMVi0Mu4Tsf_ZYwEW4AG3IqBvYCDxve2AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOljU-eqNlJiDA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0zS8ErGDKZumDKC8EEflTiiEKlrQ%26client%3Dca-pub-2661896136775218%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 12 Dec 2024 04:33:51 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 1BA8 2 KB
1 KB 39ms
14ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 12 Dec 2024 04:33:51 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 1BA8 308 B
636 B 12ms
12ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 12 Dec 2024 04:33:51 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 1BA8 293 B
621 B 14ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 12 Dec 2024 04:33:51 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 1BA8 43 B
348 B 53ms
14ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=BY9lHnsnO68UYrYiDu2RaQt1qcxulaXjhzsApJLI3maie4RcH4cA0t8PgU3JFTUa_ASLWENSwdF21Wsyj55-H9lcJmPhv1gRwFbufvxbBm2Q9v-uJN0-2JLtFKCNqRWf_MqGVBaDjHSDa6LAlGCuozxFrcFTX5jUJd3gmX1wImSoM9KEyWE6XX-Hdg_woVCKwTsYvmv6-F0PQ7Y274DCBtM1Ax0lmfVSMw-_bZpTb0Mk_BfRNHwJk1X8TnGgVL0Ju4LsaO00E2iL-JacuK6q5ELoPxhDXVGcTyY_IyBFM7bbR_lXi5peU1yVTmu6lqIOitwQIa6IeBJeVggPnQlZza1PCHrKRtx2X7HHh5P-KqPZx_UiOb0tDkM_5KsV6isVgytGZ8gi3a4bGvm4I2feum5Hcki_q5vkVjwsTarhK5vjd-8fizmA_vUuK3SYLetaFIdQqQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1559875
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 7600
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Cc_zcrst_ZdKHN6SS7_UPoeSEoAO4-KvkdL7z8eSSEqfVjKjqQRABIIHY7oQBYJXikIKgB6ABg6yNqirIAQmpAg6oy9JgR7I-qAMByAPLBKoE5AFP0IBqEuzwT4UPVW99T5qZQekj_bY81un...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217783567135294417192%22,%22debug_reporting%22:true,%22destination%22:%22https://novapost.com%22,%22event_report_window%22:...

0
0

56ms
41ms

Fetch
text/css

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217783567135294417192%22,%22debug_reporting%22:true,%22destination%22:%22https://novapost.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211362588163%22],%2222%22:[%22true%22],%224%22:[%2212-18%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216066241592267021889%22}&andc=true

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"17783567135294417192","debug_reporting":true,"destination":"https://novapost.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11362588163"],"22":["true"],"4":["12-18"],"6":["true"]},"priority":"500","source_event_id":"16066241592267021889"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 18 Dec 2023 04:33:51 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"17783567135294417192","debug_reporting":true,"destination":"https://novapost.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11362588163"],"22":["true"],"4":["12-18"],"6":["true"]},"priority":"500","source_event_id":"16066241592267021889"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame FC6B 350 B
907 B 56ms
22ms Image
image/png 2606:4700:20::681a:61b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:61b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d41dc07aed30cb54de661289691254b1288a52bcf4d121cec3acb89d4aa872a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2391278
alt-svc: h3=":443"; ma=86400
content-length: 350
last-modified: Mon, 20 Nov 2023 11:04:04 GMT
server: cloudflare
etag: "e7fc49b61cae983db8c3a1dccf923b93"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n61fK4OXV0BG9%2BLqMliobpZXC%2BhrkYbYBSbyzOz3z9awvmCqnhC8rTsCo60yEJ6t2CLMxnZ7H67KhHHGAWG0LhVGo85UB9uITdOSzfSmLrbGCpJwDrZx0Muz39bVZj3O20utdVAqomzDwvmuuq5L2iV8"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8374b0a9e8a53608-FRA
expires: Tue, 19 Nov 2024 11:23:05 GMT

GET
DATA 200
OK truncated
/ Frame 02DF 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 53c0f486ecfd5e927e139af4e713721e463ed0a1c702437053766beb361bd1d5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 1BA8 12 KB
5 KB 28ms
12ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3106841
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wD1Xxyqd%2FGybv5LNbY0OB0hLRkzHW0VriFBevwPZ5DHyKm1GFuSqCaWVKuz0hNNygD4fG%2BRtfs9Uy%2B7HIxh7o41iS7xHbQoLazGzBBsfO0bIVe2BVHmB8VKPTACqoBhxlitx1Qjn3w5MfDqrS8DoarMM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8374b0a9da373722-FRA
expires: Sat, 07 Dec 2024 04:33:51 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 68CC 0
103 B 13ms
12ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEJ99uV6OC_19Y6PGZfQoKXM&google_cver=1&google_push=AXcoOmSQTqem6l4kaEAmxbNcf_yxUgsBemXT2pQWUkLpCULnbDHxhuWdR2kGc7FgeDkBm0KA_frnlpmPfnxV8J-4ag2M6IS6T9K9Q7I
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=280&adk=4144480424&adf=2571114240&pi=t.aa~a.1665869076~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x280&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1621&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 68CC
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOKo19xABN8c124e2Yte1To&google_cver=1&google_push=AXcoOmQqSz2EJo5-Ew-wNxJT76ck1hkH_JknKuCzU2lTzv2o1UAS-2cUiQSSdhEUbDlIp8vvlf0suLmvgem...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQqSz2EJo5-Ew-wNxJT76ck1hkH_JknKuCzU2lTzv2o1UAS-2cUiQSSdhEUbDlIp8vvlf0suLmvgemHozUxGp37qTWQlm_D19E&google_hm=dYnb1zjOSUKFP4BQF...

170 B
188 B

19ms
18ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQqSz2EJo5-Ew-wNxJT76ck1hkH_JknKuCzU2lTzv2o1UAS-2cUiQSSdhEUbDlIp8vvlf0suLmvgemHozUxGp37qTWQlm_D19E&google_hm=dYnb1zjOSUKFP4BQF30oLYY

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQqSz2EJo5-Ew-wNxJT76ck1hkH_JknKuCzU2lTzv2o1UAS-2cUiQSSdhEUbDlIp8vvlf0suLmvgemHozUxGp37qTWQlm_D19E&google_hm=dYnb1zjOSUKFP4BQF30oLYY
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 68CC
Redirect Chain

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEOtIBSykRGqSbRW6EH7mnxE&google_cver=1&google_push=AXcoOmSYQSjX6SPk0fd_jfCx7GwJAuBNUpjYOdPSCOABYqKoCh954eghFqjIuesfuHBwR_3puZhxO0S4-kIeub...
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmSYQSjX6SPk0fd_jfCx7GwJAuBNUpjYOdPSCOABYqKoCh954eghFqjIuesfuHBwR_3puZhxO0S4-kIeublALZ_xwM509v3Lt3gd&google_hm=hmV_y68hT8CaO...

170 B
188 B

16ms
16ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmSYQSjX6SPk0fd_jfCx7GwJAuBNUpjYOdPSCOABYqKoCh954eghFqjIuesfuHBwR_3puZhxO0S4-kIeublALZ_xwM509v3Lt3gd&google_hm=hmV_y68hT8CaOCSbUg&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D657FCBAF214FC09A38249B52BLIS

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmSYQSjX6SPk0fd_jfCx7GwJAuBNUpjYOdPSCOABYqKoCh954eghFqjIuesfuHBwR_3puZhxO0S4-kIeublALZ_xwM509v3Lt3gd&google_hm=hmV_y68hT8CaOCSbUg&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D657FCBAF214FC09A38249B52BLIS
date: Mon, 18 Dec 2023 04:33:51 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 68CC
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEMxOtUGwTRk9KWbkWSW8r3Q&google_cver=1&google_push=AXcoOmQSO1MT6mO9L32oWgFMQpLICuIRGqwAWiPbELAYdU3FL9sDm8G2icwRJPc1CN7500tet4cv3PNKBNIR-5...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMzc4ODI3MjM1OTU2OTU1NA%3D%3D&google_push=AXcoOmQSO1MT6mO9L32oWgFMQpLICuIRGqwAWiPbELAYdU3FL9sDm8G2icwRJPc1CN7500tet4cv3PNKBNIR-5ei9w...

170 B
188 B

15ms
15ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMzc4ODI3MjM1OTU2OTU1NA%3D%3D&google_push=AXcoOmQSO1MT6mO9L32oWgFMQpLICuIRGqwAWiPbELAYdU3FL9sDm8G2icwRJPc1CN7500tet4cv3PNKBNIR-5ei9wzShxl4Z4PKK3fw

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMzc4ODI3MjM1OTU2OTU1NA%3D%3D&google_push=AXcoOmQSO1MT6mO9L32oWgFMQpLICuIRGqwAWiPbELAYdU3FL9sDm8G2icwRJPc1CN7500tet4cv3PNKBNIR-5ei9wzShxl4Z4PKK3fw
Date: Mon, 18 Dec 2023 04:33:51 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 68CC 42 B
204 B 47ms
15ms Image
image/gif 34.160.236.64
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEATULPkFoy0c47WvLzajlVE&google_push=AXcoOmSZb2ONqfhSzqMy_HUId-XCVjAz9aGzk4gw1Cl-g_pwRO0JNr5eWuPrqlrlrCY6ZbZJgFekLN5Ghncd4FgEMGz8XqxQU17feZPk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=280&adk=4144480424&adf=2571114240&pi=t.aa~a.1665869076~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x280&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1621&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.236.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 64.236.160.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
via: 1.1 google
last-modified: Thu, 19 Oct 2023 06:07:48 GMT
server: nginx
etag: "6530c7b4-2a"
content-type: image/gif
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 68CC
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEOjzMaj8K6dqZj1Xoi0TPPk&google_cver=1&google_push=AXcoOmTp3Wb_7baoWuoRwn3ktYzluhwHTRYRE6szA8SsSNKbL8Bi0f998kP79z0uCeI9j8E-m3nThwbN...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEOjzMaj8K6dqZj1Xoi0TPPk&google_cver=1&google_push=AXcoOmTp3Wb_7baoWuoRwn3ktYzluhwHTRYRE6szA8SsSNKbL8Bi0f998kP79z0uCeI9j8E-m3n...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjU3Nzc1MDc5NjkzODQ2MDkwNA&google_push=AXcoOmTp3Wb_7baoWuoRwn3ktYzluhwHTRYRE6szA8SsSNKbL8Bi0f998kP79z0uCeI9j8E-m3nThw...

170 B
188 B

20ms
19ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjU3Nzc1MDc5NjkzODQ2MDkwNA&google_push=AXcoOmTp3Wb_7baoWuoRwn3ktYzluhwHTRYRE6szA8SsSNKbL8Bi0f998kP79z0uCeI9j8E-m3nThwbNHJqFvhDn-s8NlBo7xEBsTH-b

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjU3Nzc1MDc5NjkzODQ2MDkwNA&google_push=AXcoOmTp3Wb_7baoWuoRwn3ktYzluhwHTRYRE6szA8SsSNKbL8Bi0f998kP79z0uCeI9j8E-m3nThwbNHJqFvhDn-s8NlBo7xEBsTH-b
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 trk
ag.innovid.com/ Frame 68CC 43 B
297 B 278ms
21ms Image
image/gif 2a05:d01c:1d8:8101:ecdd:a035:7b09:ae7f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEIabfwF0iOGSPSpHGU1d2iI&google_cver=1&google_push=AXcoOmTYFYyPJ7Tu0OlfytobVQ9NIZNXPGK1RgskH56rIMhVSlYqpLJFtdlvACxeCBiowv0WcRUsejSZVwEg3HDJfGQEefJoosqEjm7P
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=280&adk=4144480424&adf=2571114240&pi=t.aa~a.1665869076~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x280&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1621&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8101:ecdd:a035:7b09:ae7f London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
cache-control: no-cache
content-length: 43
request-time: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 68CC 0
12 B 14ms
14ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IAnCyiu708JH8gvLotJYqnIokrZ4dbP3LKVbcSukseduqHY3SwAdjJaos8sr8tSG0gPi-b

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js Show response
pagead2.googlesyndication.com/bg/ Frame DD82 51 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e61a5274401d098ca96cd8b36e4030f75bcb644047b18cf0deb1f916c863f126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:34:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 557986
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19933
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Dec 2024 17:34:05 GMT

GET
DATA 200
OK truncated
/ Frame F8AA 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c664b020f3f5e65c7746bb4f6b44ca49dfd128a4f48dcdc9f991cde71093dd4c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame E31B 70 B
148 B 33ms
31ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESECDLJJxvjMLwhMhSJF01YTQ&google_cver=1&google_push=AXcoOmTLQFTgrMqK9-tBpNw-PHSIEVf6T0uzeFhYhvpSNe7yMgSjcuZ31Etwawx3QlKZw2F6LVoKY25FVuMcPEEuPDCrVAmIyNI9AA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=280&adk=3809598800&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x280&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=732&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2172&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E31B
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEA1AXAaKJzug9h4C5pkHZAU&google_cver=1&google_push=AXcoOmQTpbyqXm8WGw_0A9yuzttl412NK8USDt6QjAE7u4WtOB57V9xWYkigo0p6Be-e1zwwzen4vt70aGA...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQTpbyqXm8WGw_0A9yuzttl412NK8USDt6QjAE7u4WtOB57V9xWYkigo0p6Be-e1zwwzen4vt70aGAIabVvHLn32ezCoy2EOMs&google_hm=orFEQYN-RCuUXHHm9...

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQTpbyqXm8WGw_0A9yuzttl412NK8USDt6QjAE7u4WtOB57V9xWYkigo0p6Be-e1zwwzen4vt70aGAIabVvHLn32ezCoy2EOMs&google_hm=orFEQYN-RCuUXHHm9LY9wYY

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQTpbyqXm8WGw_0A9yuzttl412NK8USDt6QjAE7u4WtOB57V9xWYkigo0p6Be-e1zwwzen4vt70aGAIabVvHLn32ezCoy2EOMs&google_hm=orFEQYN-RCuUXHHm9LY9wYY
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E31B
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEFk18eKwqElMZeZbN4ULAlk&google_cver=1&google_push=AXcoOmQSKzIE58cUSN-DVp4kEsjwUMcC_wFczmOR_6WKzcMImbFH2JTLB0Kd2ZM_LPsPKUHK-VEvJY3Os9NB_4Pz...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Q_L9GoXyQPw4dnfRf0-9lA&google_push=AXcoOmQSKzIE58cUSN-DVp4kEsjwUMcC_wFczmOR_6WKzcMImbFH2JTLB0Kd2ZM_LPsPKUHK-VEvJY3Os9NB_4Pz2-prlQOPHgkx6WM

170 B
188 B

17ms
16ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Q_L9GoXyQPw4dnfRf0-9lA&google_push=AXcoOmQSKzIE58cUSN-DVp4kEsjwUMcC_wFczmOR_6WKzcMImbFH2JTLB0Kd2ZM_LPsPKUHK-VEvJY3Os9NB_4Pz2-prlQOPHgkx6WM

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 18 Dec 2023 04:33:51 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Q_L9GoXyQPw4dnfRf0-9lA&google_push=AXcoOmQSKzIE58cUSN-DVp4kEsjwUMcC_wFczmOR_6WKzcMImbFH2JTLB0Kd2ZM_LPsPKUHK-VEvJY3Os9NB_4Pz2-prlQOPHgkx6WM
x-host: tde-deliveryengine-production-6b95976987-jg92c
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame E31B 43 B
145 B 8ms
7ms Image
image/gif 18.192.88.240
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEBPLp2qpWqRRB5iN57A2eZQ&google_cver=1&google_push=AXcoOmSBCosOncP1JbiwQAduXsiDZmfZW4ydvSVRE2MiIOPgwkitJnay19l_SVNjNLYU9DGYD3he4URGi1pWdZszMqNte2CpCTlrIVg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=280&adk=3809598800&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x280&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=732&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2172&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.192.88.240 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-88-240.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E31B
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEN15ynuR8FAKRwax1_6swjo&google_cver=1&google_push=AXcoOmQMoR-0rVNtDBrtNrC8IVaNBzk3hgG_LgG4YHPTUgugPQUOjEZQWZ_C-GP5-uDNzPTFmcYH83s83WQegSlrnq1s8vv...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQMoR-0rVNtDBrtNrC8IVaNBzk3hgG_LgG4YHPTUgugPQUOjEZQWZ_C-GP5-uDNzPTFmcYH83s83WQegSlrnq1s8vvwaQ_nFU4&google_hm=eS1EX1hCTUhCRTJwR0N...

170 B
188 B

17ms
16ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQMoR-0rVNtDBrtNrC8IVaNBzk3hgG_LgG4YHPTUgugPQUOjEZQWZ_C-GP5-uDNzPTFmcYH83s83WQegSlrnq1s8vvwaQ_nFU4&google_hm=eS1EX1hCTUhCRTJwR0NCZDVFeVVQN25qX1hQRHI2SEU0Vn5B

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQMoR-0rVNtDBrtNrC8IVaNBzk3hgG_LgG4YHPTUgugPQUOjEZQWZ_C-GP5-uDNzPTFmcYH83s83WQegSlrnq1s8vvwaQ_nFU4&google_hm=eS1EX1hCTUhCRTJwR0NCZDVFeVVQN25qX1hQRHI2SEU0Vn5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E31B
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEJahRQk07wPyT3plWq35zlE&google_cver=1&google_push=AXcoOmTeXI8LzMWXJ5a6CWkpwaA40KCkhGK-tD3RaGC8vcydz2Qnmn-tUqgqp-FGv0bNTgA-0vYgzusz7iEmbPzafEKvrhV...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEJahRQk07wPyT3plWq35zlE&google_cver=1&google_push=AXcoOmTeXI8LzMWXJ5a6CWkpwaA40KCkhGK-tD3RaGC8vcydz2Qnmn-tUqgqp-FGv0bNTgA-0vYgzusz7iEmbPzafEKvr...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTeXI8LzMWXJ5a6CWkpwaA40KCkhGK-tD3RaGC8vcydz2Qnmn-tUqgqp-FGv0bNTgA-0vYgzusz7iEmbPzafEKvrhVaIv4KMlE

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTeXI8LzMWXJ5a6CWkpwaA40KCkhGK-tD3RaGC8vcydz2Qnmn-tUqgqp-FGv0bNTgA-0vYgzusz7iEmbPzafEKvrhVaIv4KMlE

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTeXI8LzMWXJ5a6CWkpwaA40KCkhGK-tD3RaGC8vcydz2Qnmn-tUqgqp-FGv0bNTgA-0vYgzusz7iEmbPzafEKvrhVaIv4KMlE
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E31B
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELZnOYU04A4CNDvwDwGWh4w&google_cver=1&google_push=AXcoOmShKT7UTnGiiMUstDBxsvyLTZfMcQzDHW_7ucOKojsZNBl8lV5kWnTD7zmRncpc6d8ojtb5ldrJ...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTYyNzg0MDcxMjYzODU0NTc5&google_push=AXcoOmShKT7UTnGiiMUstDBxsvyLTZfMcQzDHW_7ucOKojsZNBl8lV5kWnTD7zmRncpc6d8ojtb5ldrJ...

170 B
188 B

17ms
16ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTYyNzg0MDcxMjYzODU0NTc5&google_push=AXcoOmShKT7UTnGiiMUstDBxsvyLTZfMcQzDHW_7ucOKojsZNBl8lV5kWnTD7zmRncpc6d8ojtb5ldrJV0ABw1Pa74peacc9loHe8iE

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTYyNzg0MDcxMjYzODU0NTc5&google_push=AXcoOmShKT7UTnGiiMUstDBxsvyLTZfMcQzDHW_7ucOKojsZNBl8lV5kWnTD7zmRncpc6d8ojtb5ldrJV0ABw1Pa74peacc9loHe8iE
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E31B 0
12 B 14ms
14ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LJ1JXH-THAiJKm4fBeRKOTPXhW-4wE_zDHF3mTKHyGgNeIjJgV5_b-YgUBtqN48QgYvyQQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 cookie-frame.html Show response
ad4m.at/ Frame F0B8 2 KB
2 KB 28ms
28ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/cookie-frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0db16c25165bfd35ea9114187f3e97d7084a33135cb56fe276f6cdd2ab675647

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1689344
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=86400, stale-if-error=86400
cf-cache-status: HIT
cf-ray: 8374b0a9eff8364b-FRA
content-encoding: br
content-language: en
content-type: text/html
date: Mon, 18 Dec 2023 04:33:51 GMT
expires: Tue, 28 Nov 2023 16:18:07 GMT
last-modified: Tue, 28 Nov 2023 11:49:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O4JeqS0IsymbrHEFDMUXYsMuCcZ6yrb5uJ%2Fpv%2BU48cSHraFv5dQRSyprlDF5bGfNCN8p6v9vtvmPU9BWmjhVdm5R2biM6xDahpZUXRw3HiemULqDf0SCPdj1%2FPpq9erpvfrdpTQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 0d5410bc9c3e437daf6999836d04f18f_ubuntu-medium.woff
static.criteo.net/design/dt/ Frame 1BA8 38 KB
38 KB 48ms
19ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/0d5410bc9c3e437daf6999836d04f18f_ubuntu-medium.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ce8b0ce00b853304b4500a3e0273c2ee8123ec998d9ea4bc1a2b3e97c573b61f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 02 Oct 2018 14:57:25 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5bb38755-97a8"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 12 Dec 2024 04:33:51 GMT

GET
H2 200 ec51d215a5904df99ebfe8eacf21246e_ubuntu-light.woff
static.criteo.net/design/dt/ Frame 1BA8 46 KB
46 KB 57ms
28ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/ec51d215a5904df99ebfe8eacf21246e_ubuntu-light.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8d6af87f2e8ab6ba751d5bda81faf18aed637f3c43f3f5c25acfcdb8dc674a92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 02 Oct 2018 14:57:25 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5bb38755-b778"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 12 Dec 2024 04:33:51 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 1BA8 12 KB
6 KB 14ms
14ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 12 Dec 2024 04:33:51 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 4 KB
4 KB 82ms
49ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=116&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F1344%2F230413%2Fc53e5f9a71444a36ae4d74a664fc7269_logo_n_horizontal_4.png&v=3&w=196&rid=4&s=RSl9ZoQTQeF0norkfSaWPnv4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

59d8b805b12d336d283666c0148287dfd4238f893d5ed7364ac9b542eb160853

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 3824
expires: Wed, 13 Nov 2024 04:47:34 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 138 KB
138 KB 62ms
29ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=1200&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F3018%2F5158039%2F0604ffd883514a35a94beb16ec109f18_img_horizontal_1.jpg&v=3&w=1200&rid=4&s=i1GH1yiaesxeZrAcbLVkd_KO

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

93072caab1dd36d1907bfaaf234b313b8a04fabc7261dcf76583fa8ec74e82d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 141240
expires: Sun, 08 Dec 2024 15:17:57 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 6 KB
6 KB 75ms
42ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1700125545%2F23133674-dzktScOM.jpg&v=3&w=400&rid=4&s=pav30M0ienHTcjmtu6NhaYCI&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

d345068057c87c440eb6b8b6ddfd3fb9f41e63022fb378559157a77098154388

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 5690
expires: Fri, 22 Dec 2023 14:10:17 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 305 B
518 B 85ms
53ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fbonprix%2Fstarrating%2Fstar_5.png&v=3&w=400&rid=4&s=RtrExZbSuLQDRVJn_oA1pGM7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e9b75cd6ed8e19ac702fa5b7a5299179f82d9dfe25eced5cd9f70936309229a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 305
expires: Thu, 07 Nov 2024 18:17:28 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 11 KB
11 KB 78ms
46ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1573741036%2F19323627-zj9w6Xm0.jpg&v=3&w=400&rid=4&s=nyEf7DZMimelhiljgscXqBS-&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

644247134f74a5b0727d7a470cba029ce40da8c20dc8138f76329f94f6b63f99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 11294
expires: Tue, 19 Dec 2023 10:51:04 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 18 KB
19 KB 56ms
23ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1603787673%2F18371178-l2UVPdX5.jpg&v=3&w=400&rid=4&s=F1JlrjmM0pmXLht2XVrKL1jy&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7e4e6108e41edf622aa4a03b1468b664c8db5aa1f0d29e9fec3206900de9e022

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 18908
expires: Tue, 19 Dec 2023 15:42:33 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 354 B
567 B 48ms
47ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

cfb9ab1e326d1a30bb341a4d74db9b750c6c4aebb6304ad1264b1761c6b280d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 354
expires: Thu, 07 Nov 2024 18:17:28 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 19 KB
20 KB 49ms
48ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1699452782%2F23203734-IMqmWUz3.jpg&v=3&w=400&rid=4&s=faA6DkUMRpNnxDIq250uCiHv&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f266002a82bd1dee76b8df26d1ae1e0d331c6acd0a6c8a9eb4217f7912531e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 19944
expires: Fri, 22 Dec 2023 08:44:51 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 11 KB
11 KB 52ms
52ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1564579467%2F19153903-p3PVbWG3.jpg&v=3&w=400&rid=4&s=bjKywbz4azRLQ1Qh96zpGVPv&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e4fb740e51aca1cf24b84600b12c18e6b95ed45300a643b8dfbc4266318a0c70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 10874
expires: Fri, 22 Dec 2023 13:14:37 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 117 B
330 B 50ms
49ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2Fstarrating%2Fstars_empty.png&v=3&w=400&rid=4&s=pwKdqrXJZuMFGhT4AO95MAQn

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

40af400e8c91f02188ba45f50e2fcfe9e0551221d23bf002f8ad1ee7c8cae18f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 117
expires: Thu, 07 Nov 2024 18:17:30 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 7 KB
8 KB 50ms
50ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1594817384%2F20152764-AItSOfT9.jpg&v=3&w=400&rid=4&s=-X0_T0xM0lsx9U1GeS1V-tS_&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

1ab426e3bca625e7fa871bd5501674186a083182b0231943594c5ea96828f2c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 7480
expires: Tue, 19 Dec 2023 07:03:08 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 25 KB
25 KB 55ms
54ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1695016198%2F23162497-l6JAzBcZ.jpg&v=3&w=400&rid=4&s=70pRzTw5rlXMl8H43XTB-w0x&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7391010b1ea7ea1de4acfdf41204af9191023ff870d522b400b1a988ab4ac608

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 25596
expires: Fri, 22 Dec 2023 07:39:46 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 17 KB
17 KB 51ms
51ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1663169224%2F22183061-q2lDQoa0.jpg&v=3&w=400&rid=4&s=KZ1xXfAO99tMyNZwylxNM4da&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

8f58e7bc9dce560031f0d0e3ba133d91245d338238db0932a5799c7613613276

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 17186
expires: Fri, 22 Dec 2023 19:05:25 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 11 KB
12 KB 56ms
56ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1681310434%2F23064263-Lv44XSc9.jpg&v=3&w=400&rid=4&s=uLWRUHaYCLfw9I4xsnH7G-u3&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4bd421492707bff562aa2957b824a92bc9252b9a0c096620b03d749c904c88d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 11756
expires: Sat, 23 Dec 2023 22:02:03 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 8 KB
8 KB 53ms
53ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1654064002%2F22090320-1RfWjVgN.jpg&v=3&w=400&rid=4&s=r0kPQHTPJ0xQZYU52wKiLIrD&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

5bd064bb7274a5f321cf0ff99f04c5d8894fd4f20ed5a6328c77cd830bda0eb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 8156
expires: Sat, 23 Dec 2023 10:37:04 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1BA8 15 KB
15 KB 52ms
52ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1691678251%2F23142038-MlN97z58.jpg&v=3&w=400&rid=4&s=7q5CYerQujU7tv96NQI6kLcS&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0a108e4122264b7acf938d5fb5c5ed0e87497444c3ad1a4d59e929b9d1ed6c33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 15652
expires: Fri, 22 Dec 2023 10:35:03 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 1BA8 0
128 B 39ms
11ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=_l30t50Q2VnShducQIgnVBvOKeh7H_6-LhUJq_nbuoHO1Pa3vRGKAbvtbafOhDPc-XVv4gQFiJvtnlPyoBLvvDRxgi6n121MRDkl7D0LMs3Xwjywf70HFgV80G2rSkYr5h2aTODHmdLqt247mtMRGqzO80uqlNfQy3-jQjZyPeznCi86QW4ruiF5Fz082QdrWL3QpwcG3_jhgch998B79vTp_xUjkQT5vMIVkWiiMTNJmuHA5xddbMOi7jt9pnF_t_hedw&sds=2&rev=89791&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 18 Dec 2023 04:33:50 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 1BA8 2 KB
1 KB 17ms
12ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 12 Dec 2024 04:33:51 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 1BA8 2 KB
1 KB 18ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 12 Dec 2024 04:33:51 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 5375 23 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 511049
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 06:36:22 GMT
expires: Wed, 11 Dec 2024 06:36:22 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 02DF 16 KB
16 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:38:05 GMT
x-content-type-options: nosniff
age: 557746
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 10 Dec 2024 17:38:05 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 02DF 15 KB
15 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:54:09 GMT
x-content-type-options: nosniff
age: 502782
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 08:54:09 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 70ms
42ms Preflight
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 18 Dec 2023 04:33:51 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame F8AA 33 KB
33 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 21:01:51 GMT
x-content-type-options: nosniff
age: 372720
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Dec 2024 21:01:51 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 02DF
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CFUMKr8t_ZZbBDqaS9u8PrLqmuAjo2JaydIKnu6GwEsCNtwEQASCB2O6EAWCV4pCCoAegAcX2pp0DyAEJqQIOqMvSYEeyPqgDAcgDywSqBN0BT9Cj38xb1QRO2qVUufMh8fxzpgXYYYNIy0a...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227267277231695809185%22,%22debug_reporting%22:true,%22destination%22:%22https://rmv.de%22,%22event_report_window%22:%222592...

0
0

43ms
43ms

Fetch
text/css

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227267277231695809185%22,%22debug_reporting%22:true,%22destination%22:%22https://rmv.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22866761541%22],%2222%22:[%22true%22],%224%22:[%2212-18%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212674969833289438305%22}&andc=true

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"7267277231695809185","debug_reporting":true,"destination":"https://rmv.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["866761541"],"22":["true"],"4":["12-18"],"6":["true"]},"priority":"500","source_event_id":"12674969833289438305"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 18 Dec 2023 04:33:51 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"7267277231695809185","debug_reporting":true,"destination":"https://rmv.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["866761541"],"22":["true"],"4":["12-18"],"6":["true"]},"priority":"500","source_event_id":"12674969833289438305"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D8D7 0
19 B 51ms
51ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CYY4Ur8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoExwFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy54fVzKfSvPlBQ8Q9wZ6eg0UlH8sK40m8CLSm9-kcrbF23BEf6r3kgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMDgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTI2NjE4OTYxMzY3NzUyMTgYAA&sigh=3zIEu55dWBk&uach_m=%5BUACH%5D&cid=CAQSPAAvHhf_Z6sdtQU-w5X-olKp6Hh7HpFXWj9B5qFDrPBWMsnC-FB1AANKAdnx4g61DtYYBs8maSCJt62S4RgB&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=90&adk=1002792709&adf=1065720476&pi=t.aa~a.1367413946~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x90&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1911&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame D8D7 0
103 B 42ms
16ms Image
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1g7s604dxxgnjhky03k62wkv0de9b92sh2w3fdt01jy9y2hc5w2k0c5n2r764z4n7ykxfm3qd3jacejd17d0hg6ef4wyyhdyw8n0pvj3f4rm2xnb98htchvwnqewj220m0f458xp6dvtkye104awfqwnnt694h6y9vqhj0rfae85dy8e8qx1wqmcwthr5zkbpp9606mc7c9x46s2v9n2dcmdy1dgnzshx9npynt2vnxadedk2wcpy9j35tndh29968aekz0t4bz2hny9h573k6dezpnphr1pq4z3g2evs3rmgf2gerekgw4ns23mewhex7n1y1epyj1211rq5jg55h3kh2qj9j9tzr09hkxs1ejf135kxbefmmr4ky9jgnzzr5my0ewjp3fkhn0&b=ZX_LrwADufUH_ZCbAAJv7wqt-Yk0nHCe6jcqVA&cbvp=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=90&adk=1002792709&adf=1065720476&pi=t.aa~a.1367413946~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x90&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1911&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 18 Dec 2023 04:33:51 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame F8AA
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CQzOAr8t_ZbjgDviU9u8P-Z2EkA6QtMDrdOb4_tL1EeXy7OuuPxABIIHY7oQBYJXikIKgB6ABwJuglgPIAQmpAg6oy9JgR7I-qAMByAPLBKoEywFP0EGxEejPjkbMDSOKs4_eKnnot33xn1u...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213141025618308191397%22,%22debug_reporting%22:true,%22destination%22:%22https://aircall.io%22,%22event_report_window%22:%2...

0
0

45ms
45ms

Fetch
text/css

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213141025618308191397%22,%22debug_reporting%22:true,%22destination%22:%22https://aircall.io%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22851971520%22],%2222%22:[%22true%22],%224%22:[%2212-18%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228405181589480742017%22}&andc=true

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"13141025618308191397","debug_reporting":true,"destination":"https://aircall.io","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["851971520"],"22":["true"],"4":["12-18"],"6":["true"]},"priority":"500","source_event_id":"8405181589480742017"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 18 Dec 2023 04:33:51 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"13141025618308191397","debug_reporting":true,"destination":"https://aircall.io","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["851971520"],"22":["true"],"4":["12-18"],"6":["true"]},"priority":"500","source_event_id":"8405181589480742017"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js Show response
pagead2.googlesyndication.com/bg/ Frame C5F9 51 KB
19 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e61a5274401d098ca96cd8b36e4030f75bcb644047b18cf0deb1f916c863f126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:34:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 557986
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19933
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Dec 2024 17:34:05 GMT

GET
H3 200 5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js Show response
pagead2.googlesyndication.com/bg/ Frame 544A 51 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e61a5274401d098ca96cd8b36e4030f75bcb644047b18cf0deb1f916c863f126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:34:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 557986
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19933
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Dec 2024 17:34:05 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 42ms
42ms Preflight
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 18 Dec 2023 04:33:51 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7F9F 0
19 B 50ms
50ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Coi13r8t_ZYKHD-q99u8Psrq8-APJntKxXM3x4t2IAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEyAFP0OfX_md0WE7ATtUoaYBP5yi7nwUXHQ0CXAAvXBVO8l8sJYpqArfVuDkZv_AO1IMtva3EpMN2dwjx-v0AVSLV2DJcpez2Yyl0E3emEgRsoqyixziWOBh5NspiY6bdWa3Jh8op_d3SFnY2IMad8b2jp9IbTHa8KdHF9dFGydTOQViW4EMc-nByIdSXJQtuvHn_6WBrsRrJssdJEJRDKT1-Zee9GEh6JVaP881__1b8CIyEPz6jWhRZfIAyEhs1inp8_NMghFPfjIAG3IqBvYCDxve2AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOljU-eqNlJiDA4AKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi0yNjYxODk2MTM2Nzc1MjE4GAA&sigh=fX0TRj9vI3M&uach_m=%5BUACH%5D&cid=CAQSPAAvHhf__aMVsxk58YLK4XlNz2UzRoB3UVbTT9WHbgkaKjMhnzK1_rKlMfRyhcMTtDoRJsqxpC1dSreBJxgB&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=60&adk=3660842011&adf=569783962&pi=t.aa~a.1367413946~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x60&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x90&nras=5&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2102&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 7F9F 0
126 B 39ms
12ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kqW_EMz6RLAJPJ2DYgICAAAA0WHhKulTEjkr5a-cEK_Lf2UQ8HvnugQSGYrOAAASAAAKCkFRVUJBUUVCQVE&wp=ZX_LrwADw4IH_Z7qAA8dMr7nqSxCxfHFBAj5Hw&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 180950
server: Kestrel
content-length: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 5375 39 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 08:14:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73147
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 16 Dec 2024 08:14:44 GMT

GET
H3 206 file.mp4
r5---sn-4g5e6nze.c.2mdn.net/videoplayback/id/fe798b597ebe020e/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846668050/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame F004 1 MB
0 15ms
6ms Media
video/mp4 2a00:1450:4001:66::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: ua.nesrakonk.ru
URL: https://ua.nesrakonk.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:66::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Range: bytes=0-

Response headers

expires: Mon, 18 Dec 2023 04:33:51 GMT
date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-4231504/4231505
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 4231505
last-modified: Sun, 10 Dec 2023 14:52:53 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

OPTIONS
H3 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 41ms
41ms Preflight
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 18 Dec 2023 04:33:51 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 57ms
56ms XHR
application/json 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231207&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e6aa957c3f654e043b7f2379eec6208e1441507f209da3583749a07823d916df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12135
x-xss-protection: 0

GET
H2 200 tracker
top-fwz1.mail.ru/ 43 B
876 B 50ms
50ms Image
image/gif 95.163.52.67
VK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://top-fwz1.mail.ru/tracker?_=0.5496390938672919;id=3230435;u=https%3A//ua.nesrakonk.ru/;st=1702874031023;title=%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D0%B0%20%D0%B5%D0%BD%D1%86%D0%B8%D0%BA%D0%BB%D0%BE%D0%BF%D0%B5%D0%B4%D1%96%D1%8F%20%E2%80%93%20%D0%A4%D1%96%D0%BD%D0%B0%D0%BD%D1%81%D0%BE%D0%B2%D1%96%20%D0%BF%D0%BE%D0%BD%D1%8F%D1%82%D1%82%D1%8F%20%D1%96%20%D1%82%D0%B5%D1%80%D0%BC%D1%96%D0%BD%D0%B8;s=1600*1200;vp=1600*1200;touch=0;hds=1;sid=3cd1a4cb1067b838;ver=60.3.0;tz=-60%2FEurope%2FBerlin;nt=0/0/1702874029969/////0/68/68/68/99/80/99/518/1006/520/1054/1058/1063/1885/1885/1885;ct=1006/1014/1014/1016;gl=u;ni=10//4g/0/0/;lvid=1702874030983%3A1702874031855%3A2%3Af8a52387c317805a22171a5b78a4f42c;opts=jst-ym;visible=true;js=13;e=RT/load;et=1702874031854

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

95.163.52.67 , Russian Federation, ASN47764 (VK-AS, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length: 43
pragma: no-cache
amp-access-control-allow-source-origin: *
server: nginx
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: image/gif
access-control-allow-origin: *
accept-ch-lifetime: 86400
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: private, no-cache, no-store, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: *

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 39ms
29ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8374b0ab4ec71905-FRA
content-length: 24
content-type: text/plain
date: Mon, 18 Dec 2023 04:33:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S93lTJwLhRVprM3KBvLU4pDtF1Mp3Dem5da5kmb9lE70KOFOCyfL5hy38JQy7m6r8RYA97e886KqPXw3IM4FkGhIwCBegeEC%2Frr2WdIuVcQBSGnpupA85YmGWR1Zx5HEtmBpF%2FI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-zfd2

POST
H3 200 rs Show response
ad4m.at/ Frame FC6B 1 KB
2 KB 31ms
30ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51e84d7e13c06df4d9b0c27e378f827ed90e7e5b55fa5f21a3e5a2ba3089799a

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4oGIpyF%2Fooofrr%2Bpf70j2QJvUjSS5VC1a5jiK49XfzOkgly900lj2IyeyCJ8025Gg2vi%2BYkpm9MfwovBYQdvV7lzsqSlCS8Lh3CvGEU7x%2FepnHRC1YJIkAvlIwGdwic5Y2AE9ws%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 8374b0ab7eea1905-FRA
x-backend-server: aa-reachservice-group-europe-west1-zfd2
alt-svc: h3=":443"; ma=86400

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 274A
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=btwnex&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu

281 B
555 B

39ms
8ms

Document
text/html

95.101.149.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Requested by: Host: cache.betweendigital.com
URL: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=fdcb8495-a194-5260-9976-fd8ffc093621&CACHEBUSTER=2466
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.149.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-149-233.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://cache.betweendigital.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Dec 2023 04:33:51 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 18 Dec 2023 04:33:51 GMT
location: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
server: AkamaiGHost

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 18 Dec 2023 04:33:51 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5375 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BpvCTr8t_ZbTLIJ7DmLAPl7eX-AoAAAAAOAHgBAI&bg=!KyilKGfNAAY3kmNgF5I7ADQBe5WfOOE016985sF7ge8fzfZBN146rggm8xz4pybEchwSdBP35gg6SJAsKzHHWRJWCXh8AgAAADtSAAAAAmgBB5kDRRewfsltAseWxBJurt5WQfGpewRLywxv9DUjPJaBlvE_O-0fnAfmJ-pPVyRPCtSNdLzSwKgbz7lsHK4Q-CJv4iNAKrnBVrCtGON87ZtVTLEWZSM8JAPzY5ol3H9nh3ZhxMzX6GRRup5CfslGaHCXLV4M0ysuuW1MmKO7JarRMd8sZEIsgsoreg64zdrqgZ9Q_ExPM8I_el2lU5sXK2Kr2GpRDXj9vOvk-0awZQ6u_lR0MCK0qHv6rXCFxkZkoC53PGzDTlYefuB78THQsX8M8JbNIIfvkA7ElQStl-XOMXbdfFDHkrGfRC38dd8dKOVRK-2cMN1DByPqY-MeYePBcg7BVwov-tEnk-VE-EXorwy0lBNhw8IwzOVnRdCZ5tZxrefjf2WT-dUqhkSV--qlb5-Wo0e6p6TWUEidzDlPxTA1jiHyH-iWLhJSEgABLpZcml3aNxFaAVtm69AM3oT0ezIsXG6ugMrmQNZ7jaMP7bUGviVGHFvgxSjm9zTMMkQtGfKKq-Ks9pbcGAE7xUQzdNvszT7GJLIZBrMI_ABK7N9CuNxB77429c_uGrx-indOUYlUSpLC_VLpgNxeGFYJldCRMksk0xbPdAzoxddtBA0DJE34Gp1WLxVe3j92hrxRfT1AKWcVPEcldsQxTxHbgTJatjTotEDwdjlSx9vguo98gF-n1j57vYJUuLyDPANCcUDTYS1aua2R4NI9TiFx9gqWWY4W4jjWMtkPeWs6p3Hn_isXJ-x5DoXxiq66eU_xacEsT6g-V_LYoYLSemSGkhNkLQmJtUTDfnbGj92X7QToQ5etkuntMsKdK0W4Y3WamEoOxTUxZBiK6ndToX4oj6K0n53WUZuaF6-xVN7Y_R6o_gAb3Nr2oWX1-qpCyy7ylODLmnXEE8nFVu429lhFFPCdUCfsnvqnCwNwvDjYlHd60-DrDZ9KbLEC6nNjpuMfOxDO0KcBfqDgmuAPK9SY5QU93DgZNvb_YomtgJ6YMTI1r8fuN88nkNJsEHtNjhYxkfwsC8RLnpRC5bQpa9GJV2F9SaB5Z5zZwqg_swTJjGya2bDxlBDs_ZxfxldhddoLxp-WYvjlInQb1lN5-at829p-HflYtA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 137A 9 KB
4 KB 32ms
32ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=34719%2C19769%2C117569&b=KXRURfZfk7dT5HMHktPteG4S7SAT88qcp25b%2Cjk8aEfGfP4JCYHEH2t6tRMDTZSzT11bTdrg7%2CJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=kkDa5f3fBKMa4HwHetmCw5WuZSjTmmAa91Ye%2CxmDFQfAf3RbSPHdHztDCRzpT7S6TKKps17xd%2CG1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=728&d=90&e=&g=9c0d01fb432861ad19332f35825019b4%2F1307532906771011093&i=26474%2C21630%2C29981&j=41%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1702874031926&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jq1nmaq05s7zx1qfjaty1pcacjgqbtpjs0a4ws5zz0b2gqg0s9a96yknx5e9c0j3n1papnk6y5q3nghsnrv3tndsr04hehp454xfwsr3zgztr6rcfd6c09nf3b7ajn4dz3vzaa2yp9xep3scarney8fapvrg8shr3twnfbx65ya5m5gnsa28xc6bmkvhhys5qfresjxavmysemzqk4c1df654jkq712nhskp04jttgqgkzvarqz6r1tay2dcjrya4g8rj243z72rv5dwf5aga8x%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%2526client%253Dca-pub-2661896136775218%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e491a7d4658afac843b83b6450c591304487d8c64d51148bd0fa5c3bdf6e6261

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1kgg2h50mmq1hedjaaagb0tv1qg6tpchm3zxbcr4zpxyyn70fxzt1bpvnt9xkmac3dm7r40xjfyhc5bqj4fh0sqnbkg9wxaetcnd0y8f8hxffjhz5rnavv6mf72j6vv8grdswjnn3kvn9va3z42g1sxcztm9xz5b4xk0k8nr549fprgha3sp69zt8h6sbrnw4qywq8amb3wf59c5v92znkpf1m11g9hjt0r95y3jyz1fnd7j4gq06gnqkrard499tvyxsnjbfagdjsk1ydf34120db7v1sd9t5eh64mympbzjqj4kdxtvz2q9g2s7cq2kpzya67cz9z9jkcwx52kh6n9xzp1y34rcgk3v7zjke5sq8fc67y0w0qds40ymd0w2r513c5eqgcn0x1ryykq1nxgkgze9p5zhq5g3h0q0k3k9dp525cygphptpw44fkxnnt2d0rx&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%26client%3Dca-pub-2661896136775218%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8374b0aba914364b-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 04:33:51 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B74E 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ua.nesrakonk.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 32170
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 17 Dec 2023 19:37:41 GMT
expires: Mon, 16 Dec 2024 19:37:41 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D380 829 B
560 B 17ms
16ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

254b0a1baf268afdad37e7843fc028ad85277b0673e3c5ef6758df71b1a49522

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fEg7iVWaoZtjHZWPI3XiAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ua.nesrakonk.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-fEg7iVWaoZtjHZWPI3XiAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 04:33:51 GMT
expires: Mon, 18 Dec 2023 04:33:51 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame B74E 39 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 08:14:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73147
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 16 Dec 2024 08:14:44 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 274A 45 KB
13 KB 7ms
7ms Script
text/html 95.101.149.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.149.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-149-233.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 8dbebb5e69365011af8dfa280770e60fdaad8fac67981277bd11192ae4331339

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Mon, 18 Dec 2023 04:33:51 GMT
Content-Encoding: gzip
Last-Modified: Mon, 18 Dec 2023 02:28:08 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=78855
Connection: keep-alive
Content-Length: 13202
Expires: Tue, 19 Dec 2023 02:28:06 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D380 0
0 41ms
41ms Image
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231207&jk=1515043550714251&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame 137A 115 KB
14 KB 18ms
18ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=34719%2C19769%2C117569&b=KXRURfZfk7dT5HMHktPteG4S7SAT88qcp25b%2Cjk8aEfGfP4JCYHEH2t6tRMDTZSzT11bTdrg7%2CJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=kkDa5f3fBKMa4HwHetmCw5WuZSjTmmAa91Ye%2CxmDFQfAf3RbSPHdHztDCRzpT7S6TKKps17xd%2CG1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=728&d=90&e=&g=9c0d01fb432861ad19332f35825019b4%2F1307532906771011093&i=26474%2C21630%2C29981&j=41%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1702874031926&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jq1nmaq05s7zx1qfjaty1pcacjgqbtpjs0a4ws5zz0b2gqg0s9a96yknx5e9c0j3n1papnk6y5q3nghsnrv3tndsr04hehp454xfwsr3zgztr6rcfd6c09nf3b7ajn4dz3vzaa2yp9xep3scarney8fapvrg8shr3twnfbx65ya5m5gnsa28xc6bmkvhhys5qfresjxavmysemzqk4c1df654jkq712nhskp04jttgqgkzvarqz6r1tay2dcjrya4g8rj243z72rv5dwf5aga8x%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%2526client%253Dca-pub-2661896136775218%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=34719%2C19769%2C117569&b=KXRURfZfk7dT5HMHktPteG4S7SAT88qcp25b%2Cjk8aEfGfP4JCYHEH2t6tRMDTZSzT11bTdrg7%2CJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=kkDa5f3fBKMa4HwHetmCw5WuZSjTmmAa91Ye%2CxmDFQfAf3RbSPHdHztDCRzpT7S6TKKps17xd%2CG1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=728&d=90&e=&g=9c0d01fb432861ad19332f35825019b4%2F1307532906771011093&i=26474%2C21630%2C29981&j=41%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1702874031926&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jq1nmaq05s7zx1qfjaty1pcacjgqbtpjs0a4ws5zz0b2gqg0s9a96yknx5e9c0j3n1papnk6y5q3nghsnrv3tndsr04hehp454xfwsr3zgztr6rcfd6c09nf3b7ajn4dz3vzaa2yp9xep3scarney8fapvrg8shr3twnfbx65ya5m5gnsa28xc6bmkvhhys5qfresjxavmysemzqk4c1df654jkq712nhskp04jttgqgkzvarqz6r1tay2dcjrya4g8rj243z72rv5dwf5aga8x%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%2526client%253Dca-pub-2661896136775218%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 679649
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=krJ5O%2B8v2mL6w%2F8GXZqNoai4cPCWDNsNtAMlQv5wpiWxlOvQJ6%2Fs%2BXhbM%2FezleHL9H%2BO74fDyrxzDBZuEsE4NNVPxK1%2FBnrpmVC0gdlVIBcfFgs63NNFhs04%2B5AI4PhftmN7Akz3nRU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 8374b0abe939364b-FRA
expires: Tue, 19 Dec 2023 04:33:51 GMT

GET
H2 200 E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
assets.ad4m.at/logo/ Frame 137A 9 KB
9 KB 35ms
19ms Image
image/jpeg 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=34719%2C19769%2C117569&b=KXRURfZfk7dT5HMHktPteG4S7SAT88qcp25b%2Cjk8aEfGfP4JCYHEH2t6tRMDTZSzT11bTdrg7%2CJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=kkDa5f3fBKMa4HwHetmCw5WuZSjTmmAa91Ye%2CxmDFQfAf3RbSPHdHztDCRzpT7S6TKKps17xd%2CG1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=728&d=90&e=&g=9c0d01fb432861ad19332f35825019b4%2F1307532906771011093&i=26474%2C21630%2C29981&j=41%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1702874031926&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jq1nmaq05s7zx1qfjaty1pcacjgqbtpjs0a4ws5zz0b2gqg0s9a96yknx5e9c0j3n1papnk6y5q3nghsnrv3tndsr04hehp454xfwsr3zgztr6rcfd6c09nf3b7ajn4dz3vzaa2yp9xep3scarney8fapvrg8shr3twnfbx65ya5m5gnsa28xc6bmkvhhys5qfresjxavmysemzqk4c1df654jkq712nhskp04jttgqgkzvarqz6r1tay2dcjrya4g8rj243z72rv5dwf5aga8x%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%2526client%253Dca-pub-2661896136775218%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a58de8d9c7b24b39cfd318f36cf8ac8e2eb491829df30979155028a448fa254

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1472427
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 8772
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:13:38 GMT
server: cloudflare
etag: "15b1f39d668aa86c2ba2ba17d94cc733"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2BnLLL0iB0iYeUbXTPd4dwDyXd73RUUzhbklNhVaNuvcL1kE6Zd7wIVng7pO5uMrxcLaCp8aouYupLDkoq35JgCMSL3rV0bHOCA3%2Fq%2BRLOWc5h6JbgpHt5c5gceThEN3feX14rrTe3E6t08D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8374b0ac0a5ebbd7-FRA

GET
H2 200 2A409C956034279942BB00C734EEBA96A30BFA66974E50A0A1FCCC37F0E29F63CDE4339A721079F3863F9D3A2D1FC91B69CE99DD1EDFB0C05A709324F55DF63A
assets.ad4m.at/ Frame 137A 32 KB
33 KB 35ms
19ms Image
image/jpeg 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/2A409C956034279942BB00C734EEBA96A30BFA66974E50A0A1FCCC37F0E29F63CDE4339A721079F3863F9D3A2D1FC91B69CE99DD1EDFB0C05A709324F55DF63A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=34719%2C19769%2C117569&b=KXRURfZfk7dT5HMHktPteG4S7SAT88qcp25b%2Cjk8aEfGfP4JCYHEH2t6tRMDTZSzT11bTdrg7%2CJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=kkDa5f3fBKMa4HwHetmCw5WuZSjTmmAa91Ye%2CxmDFQfAf3RbSPHdHztDCRzpT7S6TKKps17xd%2CG1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=728&d=90&e=&g=9c0d01fb432861ad19332f35825019b4%2F1307532906771011093&i=26474%2C21630%2C29981&j=41%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1702874031926&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jq1nmaq05s7zx1qfjaty1pcacjgqbtpjs0a4ws5zz0b2gqg0s9a96yknx5e9c0j3n1papnk6y5q3nghsnrv3tndsr04hehp454xfwsr3zgztr6rcfd6c09nf3b7ajn4dz3vzaa2yp9xep3scarney8fapvrg8shr3twnfbx65ya5m5gnsa28xc6bmkvhhys5qfresjxavmysemzqk4c1df654jkq712nhskp04jttgqgkzvarqz6r1tay2dcjrya4g8rj243z72rv5dwf5aga8x%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%2526client%253Dca-pub-2661896136775218%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e23b6f4539643a37f0d615a630a76fc48571ebb8b0a9219ad38b4827a60ee18c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3106553
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 33043
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:07:19 GMT
server: cloudflare
etag: "4248eb804269666620fb86952a326d7e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S3TOUkQvtTZRGARvlYMBuv8qwUmpN%2FZjgwTCMfEht5bi9GXsnuiuVT4cQEyZjb2D1oMAFFSt3fH4hbgD0cYXLUN7D6hs9mMXpZS9lv1phiKjVcY4fzcUCv1hNjQWF1eR%2Ff8tv1AXvJt6JXgD"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8374b0ac0a5fbbd7-FRA

GET
H2 200 2aed39855b5f46b7651ba591340f258c
pv.medialead.de/trck/epv/ Frame 137A 0
327 B 56ms
15ms Image
application/javascript 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pv.medialead.de/trck/epv/2aed39855b5f46b7651ba591340f258c?t=htlp&subid=wkzMotivBoneidKXRURfZfk7dT5HMHktPteG4S7SAT88qcp25boneid__suite_Netmix_Reach121_BESTPERFORMER&gdpr_consent=&gdpr=0&gdpr_pd=0
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=34719%2C19769%2C117569&b=KXRURfZfk7dT5HMHktPteG4S7SAT88qcp25b%2Cjk8aEfGfP4JCYHEH2t6tRMDTZSzT11bTdrg7%2CJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=kkDa5f3fBKMa4HwHetmCw5WuZSjTmmAa91Ye%2CxmDFQfAf3RbSPHdHztDCRzpT7S6TKKps17xd%2CG1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=728&d=90&e=&g=9c0d01fb432861ad19332f35825019b4%2F1307532906771011093&i=26474%2C21630%2C29981&j=41%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1702874031926&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jq1nmaq05s7zx1qfjaty1pcacjgqbtpjs0a4ws5zz0b2gqg0s9a96yknx5e9c0j3n1papnk6y5q3nghsnrv3tndsr04hehp454xfwsr3zgztr6rcfd6c09nf3b7ajn4dz3vzaa2yp9xep3scarney8fapvrg8shr3twnfbx65ya5m5gnsa28xc6bmkvhhys5qfresjxavmysemzqk4c1df654jkq712nhskp04jttgqgkzvarqz6r1tay2dcjrya4g8rj243z72rv5dwf5aga8x%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%2526client%253Dca-pub-2661896136775218%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:52 GMT
attribution-reporting-register-source: {"source_event_id":"17200573720103333","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx
host: pv.medialead.de
vary: Origin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 0
proxy-host: pv.medialead.de

GET
H2 200 90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
assets.ad4m.at/logo/ Frame 137A 4 KB
5 KB 39ms
25ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=34719%2C19769%2C117569&b=KXRURfZfk7dT5HMHktPteG4S7SAT88qcp25b%2Cjk8aEfGfP4JCYHEH2t6tRMDTZSzT11bTdrg7%2CJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=kkDa5f3fBKMa4HwHetmCw5WuZSjTmmAa91Ye%2CxmDFQfAf3RbSPHdHztDCRzpT7S6TKKps17xd%2CG1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=728&d=90&e=&g=9c0d01fb432861ad19332f35825019b4%2F1307532906771011093&i=26474%2C21630%2C29981&j=41%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1702874031926&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jq1nmaq05s7zx1qfjaty1pcacjgqbtpjs0a4ws5zz0b2gqg0s9a96yknx5e9c0j3n1papnk6y5q3nghsnrv3tndsr04hehp454xfwsr3zgztr6rcfd6c09nf3b7ajn4dz3vzaa2yp9xep3scarney8fapvrg8shr3twnfbx65ya5m5gnsa28xc6bmkvhhys5qfresjxavmysemzqk4c1df654jkq712nhskp04jttgqgkzvarqz6r1tay2dcjrya4g8rj243z72rv5dwf5aga8x%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%2526client%253Dca-pub-2661896136775218%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7df956c080a1bb3ed36decdc5b978505ddf07aa8d4b1b69e6ded3a9773464a2b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 297978
cf-polished: qual=85, origFmt=jpeg, origSize=7258
alt-svc: h3=":443"; ma=86400
content-length: 4294
cf-bgj: imgq:85,h2pri
last-modified: Wed, 01 Nov 2023 09:56:16 GMT
server: cloudflare
etag: "679602b08629bcaaabfcfad4e68fe53a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BmTvNMJh2cko%2FLXXQJuKUJCzZZzYQUgZkyQLyNa4MHsyHP%2BaqafYFj%2B9DKX%2F%2Fe5WJdsgrIFxtuJFzSl0UX31rK4Q8xLywxoq9fvp4yMDjwO%2Bi%2BoUO%2BXFCfHg%2FJf2gyavn9%2ByxRO6kn%2BlnNzf"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8374b0ac0a5dbbd7-FRA

GET
H2 200 287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
assets.ad4m.at/ Frame 137A 15 KB
16 KB 39ms
26ms Image
image/jpeg 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=34719%2C19769%2C117569&b=KXRURfZfk7dT5HMHktPteG4S7SAT88qcp25b%2Cjk8aEfGfP4JCYHEH2t6tRMDTZSzT11bTdrg7%2CJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=kkDa5f3fBKMa4HwHetmCw5WuZSjTmmAa91Ye%2CxmDFQfAf3RbSPHdHztDCRzpT7S6TKKps17xd%2CG1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=728&d=90&e=&g=9c0d01fb432861ad19332f35825019b4%2F1307532906771011093&i=26474%2C21630%2C29981&j=41%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1702874031926&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jq1nmaq05s7zx1qfjaty1pcacjgqbtpjs0a4ws5zz0b2gqg0s9a96yknx5e9c0j3n1papnk6y5q3nghsnrv3tndsr04hehp454xfwsr3zgztr6rcfd6c09nf3b7ajn4dz3vzaa2yp9xep3scarney8fapvrg8shr3twnfbx65ya5m5gnsa28xc6bmkvhhys5qfresjxavmysemzqk4c1df654jkq712nhskp04jttgqgkzvarqz6r1tay2dcjrya4g8rj243z72rv5dwf5aga8x%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%2526client%253Dca-pub-2661896136775218%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c8aaf3a0a4a9840eef8109904bf9d8ca3cf0933567fc63c82f239b7bd344ce3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3206393
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 15521
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:09:52 GMT
server: cloudflare
etag: "269bd58060bc660c3aec98b388bae571"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GGu4tC2Jj3e0fQ53ybDUS5lGrgboj2OXuWzorviVOH0wpeBmIlZuVY2zS3ijGthUDpywh%2FtQ%2Bl5ZxMPnOm6giDKS7%2FIjgE1EiNYEHZA68V8Oca%2FloPc2qmeHeq7BWOeGCsF6gosgUKg00DfA"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8374b0ac0a60bbd7-FRA

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 137A 43 B
705 B 88ms
47ms Image
image/gif 23.199.221.167
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2531885&v=14702&q=365825&r=412871&pv=1&pref3=oneidjk8aEfGfP4JCYHEH2t6tRMDTZSzT11bTdrg7oneid__suite_Netmix_Reach121_BESTPERFORMER&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=34719%2C19769%2C117569&b=KXRURfZfk7dT5HMHktPteG4S7SAT88qcp25b%2Cjk8aEfGfP4JCYHEH2t6tRMDTZSzT11bTdrg7%2CJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=kkDa5f3fBKMa4HwHetmCw5WuZSjTmmAa91Ye%2CxmDFQfAf3RbSPHdHztDCRzpT7S6TKKps17xd%2CG1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=728&d=90&e=&g=9c0d01fb432861ad19332f35825019b4%2F1307532906771011093&i=26474%2C21630%2C29981&j=41%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1702874031926&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jq1nmaq05s7zx1qfjaty1pcacjgqbtpjs0a4ws5zz0b2gqg0s9a96yknx5e9c0j3n1papnk6y5q3nghsnrv3tndsr04hehp454xfwsr3zgztr6rcfd6c09nf3b7ajn4dz3vzaa2yp9xep3scarney8fapvrg8shr3twnfbx65ya5m5gnsa28xc6bmkvhhys5qfresjxavmysemzqk4c1df654jkq712nhskp04jttgqgkzvarqz6r1tay2dcjrya4g8rj243z72rv5dwf5aga8x%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%2526client%253Dca-pub-2661896136775218%2526adurl%253D&y=1&s=&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.199.221.167 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-199-221-167.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Dec 2023 04:33:52 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2 200 A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
assets.ad4m.at/logo/ Frame 137A 2 KB
2 KB 40ms
27ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=34719%2C19769%2C117569&b=KXRURfZfk7dT5HMHktPteG4S7SAT88qcp25b%2Cjk8aEfGfP4JCYHEH2t6tRMDTZSzT11bTdrg7%2CJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=kkDa5f3fBKMa4HwHetmCw5WuZSjTmmAa91Ye%2CxmDFQfAf3RbSPHdHztDCRzpT7S6TKKps17xd%2CG1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=728&d=90&e=&g=9c0d01fb432861ad19332f35825019b4%2F1307532906771011093&i=26474%2C21630%2C29981&j=41%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1702874031926&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jq1nmaq05s7zx1qfjaty1pcacjgqbtpjs0a4ws5zz0b2gqg0s9a96yknx5e9c0j3n1papnk6y5q3nghsnrv3tndsr04hehp454xfwsr3zgztr6rcfd6c09nf3b7ajn4dz3vzaa2yp9xep3scarney8fapvrg8shr3twnfbx65ya5m5gnsa28xc6bmkvhhys5qfresjxavmysemzqk4c1df654jkq712nhskp04jttgqgkzvarqz6r1tay2dcjrya4g8rj243z72rv5dwf5aga8x%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%2526client%253Dca-pub-2661896136775218%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfe58c3e4f67928f320950cb05524dc012abf7ab1096958560101be80f83d447

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 301132
cf-polished: origFmt=png, origSize=2170
alt-svc: h3=":443"; ma=86400
content-length: 1662
cf-bgj: imgq:85,h2pri
last-modified: Mon, 13 Nov 2023 08:38:25 GMT
server: cloudflare
etag: "4721aa7c2d5fa652c8092463f9a485bd"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O9KMoyfeuOJB%2Fy8W1iD3oEZIRF7HsK8mgv20deqpi6CZxirLItEBOeTeMkd5%2BH8Hcr%2FUygzE6c6kqacVdAAC64tzxYahVNafM3dFFyFc%2FPQKmcrNTVE67jhXxwm44TvsedxQ%2Fh6okoj%2BdKlm"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8374b0ac0a5cbbd7-FRA

GET
H2 200 B4A4D4AE24A1FC5067FA06DB00E21DA5A143F663CF3153C1D2812B519806D793E1E07140C733352966C6C7C037FF39882FAEB141999BF28A93837E2C21DB35B1
assets.ad4m.at/ Frame 137A 23 KB
23 KB 33ms
20ms Image
image/jpeg 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/B4A4D4AE24A1FC5067FA06DB00E21DA5A143F663CF3153C1D2812B519806D793E1E07140C733352966C6C7C037FF39882FAEB141999BF28A93837E2C21DB35B1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=34719%2C19769%2C117569&b=KXRURfZfk7dT5HMHktPteG4S7SAT88qcp25b%2Cjk8aEfGfP4JCYHEH2t6tRMDTZSzT11bTdrg7%2CJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=kkDa5f3fBKMa4HwHetmCw5WuZSjTmmAa91Ye%2CxmDFQfAf3RbSPHdHztDCRzpT7S6TKKps17xd%2CG1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=728&d=90&e=&g=9c0d01fb432861ad19332f35825019b4%2F1307532906771011093&i=26474%2C21630%2C29981&j=41%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1702874031926&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jq1nmaq05s7zx1qfjaty1pcacjgqbtpjs0a4ws5zz0b2gqg0s9a96yknx5e9c0j3n1papnk6y5q3nghsnrv3tndsr04hehp454xfwsr3zgztr6rcfd6c09nf3b7ajn4dz3vzaa2yp9xep3scarney8fapvrg8shr3twnfbx65ya5m5gnsa28xc6bmkvhhys5qfresjxavmysemzqk4c1df654jkq712nhskp04jttgqgkzvarqz6r1tay2dcjrya4g8rj243z72rv5dwf5aga8x%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCwCvgr8t_ZfXzDpuh9u8P79-JmAuQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yNjYxODk2MTM2Nzc1MjE4yAEJqQIOqMvSYEeyPqgDAcgDAqoEygFP0OokuoJuxXH8pPBGK79jBrhG--_yQgapiEvcbeeNGGZC8cR7CBDWWFq696GOIwll753FFvRdpJ9qS9otU28gew_gJ6fTxTRfH30TcaiC_tm_ebGZSfPYJ-83GYbacAeu5hTyTHd_EydxaxsyQCUhV-cTwtMeImXl2t2aPhXPfPmpEbFordfhchvmXmcAnJnGRpfHc7Bz69uKH0ANC5Hy58XX7TUFRX4Bi0N1V0TXEbccC8Gn6Wek1TRkvnvkOa9axMTDdf0s995GgAa56rLB19OOur4BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPPr6o2UmIMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3RuZuJyAMjAG4Z3jtGse8-ybK5GQ%2526client%253Dca-pub-2661896136775218%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 873e5c46cc8ce0b17fbe1f11dd95e9f15dbfa715e3e407d97f31611b5a460d8d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3100498
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 23392
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:08:23 GMT
server: cloudflare
etag: "faa9f958d13ef03f911b71f117846705"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=42Z9GLcUbnpzTX1n%2BNM32vFNpD0Nfecl2zh5prAk82Rsd%2BrQzjvTwNvUgc%2FbVuyA%2F69KERmTcFWr06F137a2UHmuclbybG3GuoF%2BBZiEew4RjmfPudfujNQdg4s5dj%2B8IvF9FVxKMeuyofD5"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8374b0ac0a61bbd7-FRA

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 137A 43 B
705 B 89ms
48ms Image
image/gif 23.199.221.167
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2904924&v=20044&q=415363&r=412871&pv=1&pref3=oneidJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eYoneid__suite_Netmix_Reach121_BESTPERFORMER&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.199.221.167 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-199-221-167.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Dec 2023 04:33:52 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 274A 7 B
380 B 34ms
9ms XHR
application/json 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Expires: 0

GET
H2

200

2466
www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/ Frame 1415
Redirect Chain

https://www.tns-counter.ru/V13a****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/2466
https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/2466

43 B
296 B

40ms
40ms

Image
image/gif

2001:6d0:4001::226
ADFACT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/2466
Protocol: H2
Server: 2001:6d0:4001::226 , Russian Federation, ASN52016 (ADFACT, RU),
Reverse DNS
Software: ms-counter-4.0.4/1.22.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:52 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: ms-counter-4.0.4/1.22.1
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
timing-allow-origin: *
content-length: 43
expires: Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:52 GMT
strict-transport-security: max-age=2678400
server: ms-counter-4.0.4/1.22.1
content-type: image/gif
location: https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/2466
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
timing-allow-origin: *
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B74E 0
11 B 6ms
6ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?YMrheg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:52 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 1415 43 B
145 B 7ms
7ms Image
image/gif 18.192.88.240
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=429&user_id=fdcb8495-a194-5260-9976-fd8ffc093621&expires=60
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.192.88.240 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-88-240.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 04:33:52 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2 204 /
onetag-sys.com/usync/ Frame 6F19 0
0 7ms
7ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=5d1628750185ace

Requested by

Host: cache.betweendigital.com
URL: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=fdcb8495-a194-5260-9976-fd8ffc093621&CACHEBUSTER=2466

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://cache.betweendigital.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-store
strict-transport-security: max-age=15552000

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 55ms
51ms Image
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231207&jk=1515043550714251&bg=!iYqlisXNAAY3kmNgF5I7ADQBe5WfOOTvbWkZodSiaUR2Zu3NsC0yI4YCR3Gya0RF-fmHMSCja2f_dRg9WLL01UWsDoNkAgAAADFSAAAAAWgBB5kC9Mth_pUx3BDE6Sqy-sF3waOdr_Ypxgp6i-PXrDdgIKzFBYJPKWIPG2YaNT2y-kW7TOn0kPCPJW3pHcdVgvObB956fm3lbjbee7niDLk_Ct58dokJi7LJicPKZ7E6Wi1sWWLCrsSB89osiWPZFoDF2Pb-pXdlDEnxEy2Kd-FnMVD27DbqtqjdKUtVnGRxXor2g-GDpOQqZklZWnrFe2wnI1d3f4Gd9Dhq3XH7-JJe26oudX4YcSVfEJFY7gxk-GVX8d-ZR7xnMkHAFjFbdIZ0qmwYdnyS8YUMMhWqr430o4aCw_VYEClI5b5zaMhzw9Uj6azj5h2kpVrRMhE2ws7C75R5ZIlbB1vyojnsR82yO5zT7D5jWcv5NjBw968HK3OgKq7aaqRr5SvHHbaWzMcr61oyiA-HBvOp5UteuBr6tSqGMz96-A41mL9vJDbvPUG6pqWTOqxagfk1nJaErmWnDD4oPYttfk3V2qNJCCpydt4gFYV6g-HC3N-QM1U6m3k5hCDnBKCima0dxOc3_3EJff1U3gbayTlOgbJOD0yUJVkq0APcUjl62fesreioVhZulnupaAZFyxW6Uyr1fTIGoSfjcyFhchYIGueCHhGx3pZhyRGQfNdCv0WtZQxI0vAThhm2l9TM85IOKRx34_lrbk0u5zZrqbw7hHmCV13D4eu2jFQMuhQbKeD_Y7f24J1-ZPS40p5LScVRhnmjmxCHiJ1lKwK0-i9kE10uqn74lkFV7MtpCU1J6o2DLCUfTrJiB523TvO8zZjULcnYQTnJZA_4Hxk-JQfPGJq8RL_8Gzi2-TUfpmqZNyz9guSBxo0InZL4C7TIHa_Z4xjPXTVQu_XUIunC8wg7WroAESphKi5PGk3wHYKONbNZBXvAYEnprwYkdsgfv2I0HKqBP2isfomA7inCGnvwJ-VPTCZB7dWAC1qGFQlK0BwiHsdKmP73xZDfy-O1z-iI8syaGy4tcL0MbwmjZhWY0pBJ7a1TYrmRJMizsw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

POST
H3 204 csi
csi.gstatic.com/ Frame F004 0
17 B 14ms
14ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lqaf8c10&c=4330069642368&slotId=2165034821184&qqid=CNGW1o2UmIMDFSTJuwgdITIBNA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2061&mt=video%2Fmp4&vs=1280x720&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=22&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.jj~vil.rt&ua_e=1&ape=1&ple=0&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:52 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7600 42 B
64 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvsnb6swlV_ZiydbXjoBHCuq2sQ9CZR-RjuwuNMZvac-YY4VIT8ToEJmOV99PXoBX6EgTfQsGTbhrBeVYOSzKCXc4kUUA2sKB--kBjsT6BVs9HOK29yFqDtm6EId5yqoY-DSntdcgtGwO9tbK6ZCP2GLr4kK6mGwyIyAQ18MVEtUq16gmjmUE8j3qei8Qakt1x3lb7OHkIkKlyV8Z9tgciwTjKeMSMz3Q6aal8-t6VAOr3rn1uwyrGa6aOtLfT27gjN4kGO7uukAmLN8WSc5pPPlttFTOP5QqfmGMPnrpCPe6cJt_of_bgzW07lozlqgWnaALKB7H4PjcOha_fHoXw98KptFTBGYg7yK8TJYq0unDfTHoT5Qqsz4DyIUB8v5ljwr-OumUeZXPvRGL-lrvnft_DMNmI41uYWGNgL0cWOGu9tU2bKpwX20cBjXsaR3R7Ef6FsXdo0ziDrg1sUf0Q-XxPRlZwfXJwg_uIU2bfPtUbQjZRGmKay2pYM-W8nKgn00GjMIjb8kXhvJv_86Uu8z56BaJPt7m9WmNv0Np--iBW8bEBjjVl7FllEFFSVdGLg-v4PKEQc5e0TGJzGDOBfsG3bgvwvCC2RfiJEJtVOguYZ8zXdCPkbkK3k_xOIlZJ43lXwD1LgueD5otmeDxWdob2JYW5WKOZtkqBPjG01o6rsxHAMx2JX0CCbKuvQTzZCSK05EiDQKANN-ia7WOZy5nhY22RrNIJcwnWVpZ0NvG7ZCwd0JtTbIZwr74W-Xu24mlN05kHNM1JbY8RB32DschK2zQqm-zTTPV-YrfPhQqltjptk9y6iiuR1jRui4Wrr82nD3KPOdaunyYRbMWGsYCyRxk_KwW3gj9uHErqmblfiLLrd-DqKZxu3ly3awGhNlAmyjAEQ_qgZH5TuAVZeswUSsrZt47ZfMjQmU0dXViHscL8wQEaemNxVT8AINFR9Qo0Qjnb9T4KQLDOdYuoX9r1vOsDUOaD3U2ebJs4Q6pz9FdsdAxn9TeWqIYqfkH-jNxg6rjSy8RfnMFi27CcYZgfogoMHeAQcX_tS7xTkkic4njYtrgh3lUXU0J_JO8fvnlslDSh2nH50aJkU4dAr441MQXMGIA04hEd1FsJG5HHblOmtSvVif0e9yHb95_viO4RxOc-2im6Qmoj-LNwVZEyq-GfwQGtlTmAazIybR9bA6xe2sZfifXIcMhkzjIoyAggYHA&sai=AMfl-YSoIvLS1Bt963MjMrl6Af2ZrdUJe6CVxyAIep0llMQatq-eXaE89cZmcHJ6Z1f1FextGsygLNySYVThJLKIwCyuhjubIhzWZquAqFzp1-uK6_XeYYuVcbsogElukaSq8iGgScaFpcsu5m1tCKU0U8HUtlur0igXaG6C_A&sig=Cg0ArKJSzGar1nkr2WLNEAE&cid=CAQSTgAvHhf_o7gyyoEZWCUKlIZ3JBScwXLjApGMffbxWAMOIZA5BWxJ3x7rt4Xxmzx4DuGXTnjji0eLhySgc4vtdeJhzOs-J2MT46-rJJTuGxgB&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=124,807,1000,1128,1128&tos=124,683,193,128,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702874031331&rpt=282&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 match Show response
ads.betweendigital.com/ Frame 5679 68 B
598 B 15ms
14ms Document
image/png 188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/match?bidder_id=261&external_user_id=6f36ee19082ae311fe188bedefaa0549
Requested by: Host: vid.vidoomy.com
URL: https://vid.vidoomy.com/sync?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fads.betweendigital.com%2Fmatch%3Fbidder_id%3D261%26external_user_id%3D{{VID}}
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Referer: https://vid.vidoomy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

GET
H2 200 /
kraken.rambler.ru/cnt/v2/ 43 B
576 B 57ms
57ms Image
image/gif 81.19.89.17
RAMBLER-TELECOM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kraken.rambler.ru/cnt/v2/?event_type=tech&event_name=ping&project_id=7460281&session_id=1525779512_1702874030973&session_number=1&session_event_number=2&version=3.15.1&counter_type=web&experiment=%5B%5B%22exp_ws%22%2C%22no%22%5D%5D&top100_id=t1.7460281.670037776.1702874030972&adtech_uid=fe8cb8bd-a4e1-468c-9377-8b10ca9e251e&adtech_uid_scope=nesrakonk.ru&fingerprint=pA8AAENKs1eyjnBqAQiJUQA%3D&fingerprint_ip=pA8AAENKs1eE2YgrASHrAwA%3D&url=https%3A%2F%2Fua.nesrakonk.ru%2F&request_id=1702874030.972-177689024&event_id=942640359755450&meta=%7B%22activity%22%3A%7B%7D%2C%22scroll%22%3A%7B%22min%22%3A0%2C%22max%22%3A1200%2C%22current%22%3A0%7D%2C%22doscroll%22%3A%7B%22min%22%3A0%2C%22max%22%3A47%2C%22current%22%3A0%7D%2C%22num%22%3A1%2C%22duration%22%3A5%7D&rn=1573261098
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.89.17 , Russian Federation, ASN24638 (RAMBLER-TELECOM-AS, RU),
Reverse DNS: kraken.rambler.ru
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ua.nesrakonk.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 04:33:56 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-srv: 1kraken-prod0002.ad.rambler.tech
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif, image/gif
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type
content-length: 43
expires: Thu, 01 Jan 1970 00:00:01 GMT

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

62 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ad4m.at/cookie-frame.html	1970-01-20 17:44:26	Name: userId Value: mXY7SRkdzzfNqtzikT1ADTXkFtZ6hhkq
.betweendigital.com/	1970-01-21 01:46:50	Name: dc Value: lux1
.betweendigital.com/	1970-01-21 01:46:50	Name: tuuid Value: fdcb8495-a194-5260-9976-fd8ffc093621
.betweendigital.com/	1970-01-21 01:46:50	Name: ss Value: 1
.yandex.ru/	1970-01-21 01:46:50	Name: yashr Value: 8745275701702874030
ads.adlook.me/	1970-01-21 01:46:22	Name: adlm_userId Value: 8ee1bdafebf54e8f9714e9cc1b839876
ads.adlook.me/	1970-01-21 02:37:14	Name: adlk_cmatch Value: btw%3Afdcb8495-a194-5260-9976-fd8ffc093621
.yandex.ru/	1970-01-21 02:37:14	Name: i Value: Ps6vui7GAnG/0ibxb+laV5+3K+uDvqwpD4DTWeffstCup0Cd/RkL3YRkxaOgMS2vuTICLpOsNvzk7tpY6+E3zUWtStA=
.yandex.ru/	1970-01-21 02:37:14	Name: yandexuid Value: 799064511702874030
.nesrakonk.ru/	1970-01-21 01:46:50	Name: _ym_uid Value: 170287403165226735
.nesrakonk.ru/	1970-01-21 01:46:50	Name: _ym_d Value: 1702874031
.bidswitch.net/	1970-01-21 01:46:50	Name: tuuid Value: 34169302-541b-4de4-a44e-03746331a36d
.bidswitch.net/	1970-01-21 01:46:50	Name: c Value: 1702874030
.bidswitch.net/	1970-01-21 01:46:50	Name: tuuid_lu Value: 1702874030
.mc.yandex.com/	1970-01-20 17:01:14	Name: sync_cookie_csrf Value: 595900920fake
.nesrakonk.ru/	1970-01-21 01:46:50	Name: adtech_uid Value: fe8cb8bd-a4e1-468c-9377-8b10ca9e251e%3Anesrakonk.ru
.mc.yandex.ru/	1970-01-20 17:01:14	Name: sync_cookie_csrf Value: 19181142fake
.nesrakonk.ru/	1970-01-21 01:46:50	Name: top100_id Value: t1.7460281.670037776.1702874030972
.nesrakonk.ru/	1970-01-21 02:37:14	Name: last_visit Value: 1702870430974%3A%3A1702874030974
.nesrakonk.ru/	1970-01-21 01:00:45	Name: tmr_lvid Value: f8a52387c317805a22171a5b78a4f42c
.nesrakonk.ru/	1970-01-21 01:00:45	Name: tmr_lvidTS Value: 1702874030983
.yandex.com/	1970-01-21 01:46:50	Name: yuidss Value: 799064511702874030
.mc.yandex.com/	1970-01-20 17:02:40	Name: sync_cookie_ok Value: synced
.yahoo.com/	1970-01-21 01:47:11	Name: A3 Value: d=AQABBK_Lf2UCEE75kQdYbWcpXIjVGm-INGYFEgEBAQEdgWWJZQAAAAAA_eMAAA&S=AQAAAuOASe5qApLrATeJ2P9n1fs
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 2297032901702874031
.yandex.com/	1970-01-21 01:46:50	Name: ymex Value: 1734410031.yrts.1702874031
.yandex.com/	1970-01-21 01:46:50	Name: bh Value: KgI/MA==
.yandex.com/	1970-01-21 02:37:14	Name: i Value: xw2EuL0dApWIq9EnBdhjjLk+denCBcM8At1GYRsfzeYF4jEfoNa4r9NqyAulnH6F0EJGn1hTO0kuDwiho8JL+52frN0=
.yandex.com/	1970-01-21 02:37:14	Name: yandexuid Value: 4374650121702874031
.nesrakonk.ru/	1970-01-20 17:02:26	Name: _ym_isad Value: 2
.nesrakonk.ru/	1970-01-21 01:46:50	Name: cf_clearance Value: nZ_2cbPqHS3j2MQuB4p3V7PHFwPVIQ.O8ZMLjFOCeqI-1702874031-0-1-c1af343a.ddc3b98d.d575092-0.2.1702874031
.ua.nesrakonk.ru/	1970-01-21 01:46:50	Name: t3_sid_7460281 Value: s1.1525779512.1702874030973.1702874031292.1.2
.nesrakonk.ru/	1970-01-21 02:22:50	Name: __gads Value: ID=1aa58ca2d227a2b0:T=1702874030:RT=1702874030:S=ALNI_Mb-ntT8VlagVJCFzmqdSF3QiCRiag
.nesrakonk.ru/	1970-01-21 02:22:50	Name: __gpi Value: UID=00000d1e39c1d5d9:T=1702874030:RT=1702874030:S=ALNI_MZR_88A2S_ucZoZcBI8w5OiXZ_dJg
.rambler.ru/	1970-01-21 02:37:14	Name: ruid Value: 1CIAAK/Lf2XgfeGBAWq3OwB=
.bumlam.com/	1970-01-21 02:37:14	Name: suuid3 Value: IiRhNGVlOWQ0Mi05ZDVlLTExZWUtYmJiMS0wMDI1OTBjODI0MzY*
.blismedia.com/	1970-01-21 01:46:54	Name: b Value: 657FCBAF214FC09A38249B52BLIS
.adfarm1.adition.com/	1970-01-20 19:10:50	Name: UserID1 Value: 7313788272359569554
.doubleclick.net/	1970-01-21 02:22:50	Name: IDE Value: AHWqTUk2a9vk6VF99AOFqy-20brp3VEToJjPS0u0EhyZrMr-ML7aQ1Ta3gS5BEOc6fU
.quantserve.com/	1970-01-20 19:10:50	Name: d Value: EGoBCQHYKoEA
.quantserve.com/	1970-01-21 02:31:28	Name: mc Value: 657fcbaf-7d083-8e406-5a116
.doubleclick.net/	1970-01-20 21:20:26	Name: APC Value: AfxxVi6eNtwlVNddVdHeKZHpATMS-3B4Zq1sA3jeU5K3rqG8IkNJ6A
.aidata.io/	1970-01-21 02:37:14	Name: __upin Value: nugdOppDtbYbxdW3Wd7vjg
.aidata.io/	1970-01-21 02:37:14	Name: __upints Value: 1702874031
.adform.net/	1970-01-20 17:45:52	Name: C Value: 1
.ctnsnet.com/	1970-01-21 01:46:50	Name: gid_CAESEOKo19xABN8c124e2Yte1To Value: 1
.ctnsnet.com/	1970-01-21 01:46:50	Name: cid_7589dbd738ce4942853f8050177d282d Value: 1
.ctnsnet.com/	1970-01-21 01:46:50	Name: cid_a2b14441837e442b945c71e6f4b63dc1 Value: 1
.ctnsnet.com/	1970-01-21 01:46:50	Name: gid_CAESEA1AXAaKJzug9h4C5pkHZAU Value: 1
.adform.net/	1970-01-20 18:27:38	Name: uid Value: 2577750796938460904
.travelaudience.com/	1970-01-21 02:32:54	Name: _tracker Value: %7B%22UUID%22%3A%2243F2FD1A-85F2-40FC-3876-77D17F4FBD94%22%7D
.de17a.com/	1970-01-21 01:39:38	Name: guid Value: 1.8044214538678891667
.googleadservices.com/	1970-01-20 19:10:50	Name: ar_debug Value: 1
.yandex.ru/	1970-01-21 02:37:14	Name: yuidss Value: 799064511702874030
.mail.ru/	1970-01-21 01:48:16	Name: VID Value: 0XM1x020IGYL0000182GbC2L:::0-0-0-a9a246f-0:CAASEABLKuU3STEDF73ES1GK0fYaYHcegMlm-JDqL2VCH9KdeKVL7FMhE1cRvOmiWbt6MvV8z7REttRDCoI3xb12usCVXIZDP18ezFD1p5XHuY8_4H0qFSYR5PAFfg0B9u-ZGhIQ5gXwmpvQPuYiRN7h9gwQ7w
.innovid.com/	1970-01-20 19:10:50	Name: uuid Value: fc96f4a3-254b-4d4f-90fa-1880cda44533-20231217 23:33:51
.awin1.com/	1970-01-20 17:04:06	Name: awpv14702 Value: 412871\|1702874032\|a548ea90-9d5e-11ee-b1a8-22396ad6a5ca
.awin1.com/	1970-01-20 17:04:06	Name: awpv20044 Value: 412871\|1702874032\|a5495fc0-9d5e-11ee-8661-22610dd0df18
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 415363:2904924
.tns-counter.ru/	1970-01-21 01:46:50	Name: guid Value: 5C897A0B657FCBB0X1702874032
.betweendigital.com/	1970-01-21 01:46:50	Name: ut Value: ZX_LsAAOY5jOGjqK5iGoxoEbo5TWhgatSLKzEQ==
ua.nesrakonk.ru/	1970-01-20 17:02:40	Name: tmr_detect Value: 0%7C1702874033417

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://ua.nesrakonk.ru/wp-includes/css/dist/block-library/style.min.css?ver=5.7.4 Message: Failed to load resource: the server responded with a status of 403 ()
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2661896136775218&output=html&h=60&adk=3660842011&adf=569783962&pi=t.aa~a.1367413946~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1702874031&rafmt=1&to=qs&pwprc=8448074556&format=1200x60&url=https%3A%2F%2Fua.nesrakonk.ru%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702874031221&bpp=1&bdt=731&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x90&nras=5&correlator=8318130936125&frm=20&pv=1&ga_vid=707301258.1702874031&ga_sid=1702874031&ga_hid=1519416587&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2102&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C44807405%2C95320884&oid=2&pvsid=1515043550714251&tmod=1205902126&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=10 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad4m.at
ads.adlook.me
ads.betweendigital.com
ads.eu.criteo.com
ads.pubmatic.com
ads.travelaudience.com
ag.innovid.com
an.yandex.ru
as.ad4m.at
assets.ad4m.at
bid.g.doubleclick.net
c1.adform.net
cache.betweendigital.com
cat.nl3.eu.criteo.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
cmp.optad360.io
cms.quantserve.com
csi.gstatic.com
csm.eu.criteo.net
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
gcm.ctnsnet.com
get.optad360.io
googleads.g.doubleclick.net
image6.pubmatic.com
imageproxy.eu.criteo.net
imasdk.googleapis.com
kraken.rambler.ru
match.adsrvr.org
mc.yandex.com
mc.yandex.ru
odr.mookie1.com
onetag-sys.com
pagead2.googlesyndication.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prod-rtb.ad4mat.net
pv.medialead.de
r5---sn-4g5e6nze.c.2mdn.net
rtb.nl3.eu.criteo.com
secure-assets.rubiconproject.com
st.top100.ru
static-de.ad4mat.net
static.criteo.net
sync.bumlam.com
sync.teads.tv
token.rubiconproject.com
top-fwz1.mail.ru
tpc.googlesyndication.com
tr.blismedia.com
ua.nesrakonk.ru
ups.analytics.yahoo.com
vid.vidoomy.com
vpaid.vidoomy.com
www.awin1.com
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
www.tns-counter.ru
x.bidswitch.net
x01.aidata.io
yandex.ru
yastatic.net
142.250.184.226
142.250.186.34
151.236.118.146
176.122.21.226
178.250.1.6
178.250.1.9
18.192.88.240
188.42.191.196
198.47.127.19
2001:4860:4802:32::3
2001:6d0:4001::226
213.155.156.185
23.199.221.167
23.32.184.192
23.32.185.35
23.60.204.187
2600:1901:0:76b9::
2600:9000:2156:ea00:6:b871:4f00:93a1
2600:9000:225e:ce00:11:a4de:2580:93a1
2606:4700:20::681a:61b
2606:4700:20::681a:ad1
2606:4700:20::ac43:4a81
2606:4700:3030::6815:2e4c
2606:4700::6811:190e
2620:116:800d:21:e365:4988:e8a7:3270
2a00:1450:4001:66::a
2a00:1450:4001:800::2003
2a00:1450:4001:802::200e
2a00:1450:4001:806::2002
2a00:1450:4001:809::2002
2a00:1450:4001:80b::200a
2a00:1450:4001:813::2004
2a00:1450:4001:81c::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a02:2638:3::10
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:3::9
2a02:6b8:20::215
2a02:6b8::1:119
2a02:6b8::90
2a02:6b8:a::a
2a02:6ea0:c700::10
2a02:6ea0:c700::18
2a02:fa8:8806:13::1370
2a05:d018:d29:3605:24c3:ec91:3ba9:b85a
2a05:d01c:1d8:8101:ecdd:a035:7b09:ae7f
3.75.62.37
31.172.81.158
34.160.236.64
34.96.105.8
35.186.193.173
35.190.0.66
35.71.131.137
37.157.5.132
51.75.86.98
64.233.166.157
69.173.144.139
81.19.89.17
81.19.89.18
85.114.159.93
89.108.120.68
91.121.248.44
95.101.149.233
95.163.52.67
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
0771c19c407aac665a7b2c8eecf0709b0990dfd62358a4dc9f373fbf56404878
080079792e8a0e88b1960e8fc2c60f96ee330db0417f887a35408b9844825a12
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a108e4122264b7acf938d5fb5c5ed0e87497444c3ad1a4d59e929b9d1ed6c33
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
0d0833439c6f3bb996b79245fadefb40401d206b6bcc70a57150fb1348d1691e
0db16c25165bfd35ea9114187f3e97d7084a33135cb56fe276f6cdd2ab675647
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
1ab426e3bca625e7fa871bd5501674186a083182b0231943594c5ea96828f2c5
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
238fe55e756da3a3322ca0bd25a42aec20a52a75aaf60288539ea5dc14de8eda
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
254b0a1baf268afdad37e7843fc028ad85277b0673e3c5ef6758df71b1a49522
28c5732eefa979245ff326045f37b6b7cdfc92385c594caea33e265e4a066c7b
28ebf8d90681ffb0772db5737813b1caf68b7e47a50da0ec9a9b26b9db5d117d
29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e44128a2911dbcc9031a191b00018005dbde321e10a7c330fa6d603b02a07ec
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32382e07a755f7dbea4c8b40d1e79d58a9618d02479291dcaa8d3ab33d732ff2
32786d444e9857efb3f20c41c2b06bb1c814b0ccf3de31d83bec30c8b3fa96d3
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55
38a62478efd4f8df95c4a06e7ac6b7af9b2999b83c566dbada2bfdd285bcea89
3a58de8d9c7b24b39cfd318f36cf8ac8e2eb491829df30979155028a448fa254
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40af400e8c91f02188ba45f50e2fcfe9e0551221d23bf002f8ad1ee7c8cae18f
41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
459f57f8684b82b40fa355c994b814070aca457eca4c0f57de23b3e4ae561d3e
489b36c66d89d768b386541c192b3e8e00f5f562236f2e89834fe8269a6e2797
48e6339feb0998f1c1959c3c03d7f4599ed2ee4289918743110fc14b3ac84aba
4b32f9abc380fdde9a12ec52a80249e09fa6cb380f81d7982ce882549dac1f93
4bd421492707bff562aa2957b824a92bc9252b9a0c096620b03d749c904c88d2
4cd9d7fe6bef9e82616b20d2c4a7a9842652ed469b704922e4c682f209754768
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
51e84d7e13c06df4d9b0c27e378f827ed90e7e5b55fa5f21a3e5a2ba3089799a
529674f52dcc918de1ae1db738237f5eee7e90c03c63e05dd8a8cb96f785a02c
529d0a7b3944929222155bca3272ba1a87acc2faa09b2ed26a713872b7ff8794
53c0f486ecfd5e927e139af4e713721e463ed0a1c702437053766beb361bd1d5
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
5825c88b68a498c8b3d8d34f0090a625f063a366c8f3cbebf51e7657623fb13b
59d8b805b12d336d283666c0148287dfd4238f893d5ed7364ac9b542eb160853
5b1396003e2821c437960323ef4c4716ef2df0e2c6c4ed73272458db8304091d
5bd064bb7274a5f321cf0ff99f04c5d8894fd4f20ed5a6328c77cd830bda0eb0
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c626455e3859405178ec3db9cae1e43c06704db4152859d5c3f9d1cbcd8d705
5c8aaf3a0a4a9840eef8109904bf9d8ca3cf0933567fc63c82f239b7bd344ce3
5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
6168a3bdb323041353a68513bab0262b143d7883d244ce3514aa9490b3d621a0
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
640b81f0729f5891b675803a8adcde0966a8c1d44722fc8a87f9566e3f168657
644247134f74a5b0727d7a470cba029ce40da8c20dc8138f76329f94f6b63f99
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
6c76cae4aabc1d4236da2fecf8fcae818a2cf95406446774ccf9db5ca14d4b59
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9
722bca0f91daf3eaed212ada19ad6809a179bd9d576051ada272c6098ae1c37d
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
7391010b1ea7ea1de4acfdf41204af9191023ff870d522b400b1a988ab4ac608
747c70819088486e70b5bb2b2aba8d67e1cb8176755133dd60d5213a60ba4b33
77dfb14e2cd79635803154fbd240536a810b48ec51547ab8e2d8ede3be7154f7
797d36c5083f2539d2db1a563ebfa9e7a0a81f33fbb5216a64b4ad0bb6b60fd9
7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa
7de48a1559f0ab973cee3ee26a794d5931aa9d7d7887290bfe13436cf7f3f5af
7df956c080a1bb3ed36decdc5b978505ddf07aa8d4b1b69e6ded3a9773464a2b
7e4e6108e41edf622aa4a03b1468b664c8db5aa1f0d29e9fec3206900de9e022
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
873e5c46cc8ce0b17fbe1f11dd95e9f15dbfa715e3e407d97f31611b5a460d8d
88fc747cb76bd9a97fd8182916c9ef985a89c6e912fbcc9eaaa4b89cebfa37d5
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
8d6af87f2e8ab6ba751d5bda81faf18aed637f3c43f3f5c25acfcdb8dc674a92
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dbebb5e69365011af8dfa280770e60fdaad8fac67981277bd11192ae4331339
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f58e7bc9dce560031f0d0e3ba133d91245d338238db0932a5799c7613613276
90c8fd0a3a257ad6caff905820723d243ede8cd3d6d5fcacd94ba9ad504f3226
92ca60a1917b9ebb08ee7ddf0860b217985b8468acf0de9ed41d90c3f5dda926
93072caab1dd36d1907bfaaf234b313b8a04fabc7261dcf76583fa8ec74e82d0
94b2a9e1600c0916d1bda1b180dfc67a65be596358b1beaa04424f80131bb44e
9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b2c36195d8149926940ce2d9ed3b6c4e4390464224b8f4733cf096cc4494e74
9fe1e1a729d0d8a1042ea6f19b0ce23f84f2d5f77115ab9bf30fafe424451d27
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a45285f786056f7bb715a2cfc6f91302b63bfb139739c51b46e62e01ba269121
a46fcae966b995c77b103434a77440a3deb3d41a688f549e04a41fcc64e05c3c
a5515c53111bb4a4f45aff63d06df893ae9033dc85e82cc2ef27fc099a4d7609
a5c42d0ecec63c34fea178667f4065e872a9198895025614d8498d77c6020207
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a827fb352bc7067faa4ea7cd9530d0ffd7eb1a97cd28f5008054f5da07135800
a97189914589a4acbf25bab8eefeb250b03e736c61108dde73c1bbfddf010e15
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
aecd415b61d0a3a5185ec7b1cc96669a2b78d1b387028c5dd2f5f74f36b644c6
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b05155416aa1689236072fb1338ceaefc9809a849bda6588965f5979e8a01aa8
b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61
b63a60040f349e0cef67c793f9c50d548a23a9c64e796aa81427652568990c7e
bfe58c3e4f67928f320950cb05524dc012abf7ab1096958560101be80f83d447
c506a206318a086c6d24975293e94fb9a3adff3055c99327eebacbc8224d6209
c664b020f3f5e65c7746bb4f6b44ca49dfd128a4f48dcdc9f991cde71093dd4c
caeaf02fa4a8a45438c270767c4e50fc7f3ed5f94a4c90984eaacb87c2e8a693
ce8b0ce00b853304b4500a3e0273c2ee8123ec998d9ea4bc1a2b3e97c573b61f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfb9ab1e326d1a30bb341a4d74db9b750c6c4aebb6304ad1264b1761c6b280d1
d2de3fe95801bb0c9073e98273a4d26bff3791de90f5c31207f2e3154afc8287
d345068057c87c440eb6b8b6ddfd3fb9f41e63022fb378559157a77098154388
d41dc07aed30cb54de661289691254b1288a52bcf4d121cec3acb89d4aa872a8
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e23b6f4539643a37f0d615a630a76fc48571ebb8b0a9219ad38b4827a60ee18c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e491a7d4658afac843b83b6450c591304487d8c64d51148bd0fa5c3bdf6e6261
e4fb740e51aca1cf24b84600b12c18e6b95ed45300a643b8dfbc4266318a0c70
e61a5274401d098ca96cd8b36e4030f75bcb644047b18cf0deb1f916c863f126
e688c863b85a28f75e5c1c7f21092f1f419649e10496f9f1fc36826112bbd348
e6aa957c3f654e043b7f2379eec6208e1441507f209da3583749a07823d916df
e9b75cd6ed8e19ac702fa5b7a5299179f82d9dfe25eced5cd9f70936309229a0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1400c92345dcd9dbf746acab2c60e8580aa959473e9e56c8772cadcf7734b76
f226b49e883555e6ce0f3b0dff52021593d2cd93581bc6ebb79e5cfbee0f24c1
f266002a82bd1dee76b8df26d1ae1e0d331c6acd0a6c8a9eb4217f7912531e49
f5a7c611179a596beb5fa96104328c345f332080d431810c0e8ab9464dc31046
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

ua.nesrakonk.ru Open in urlscan Pro 2606:4700:3030::6815:2e4c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

239 Requests

88 %HTTPS

53 %IPv6

46 Domains

71 Subdomains

58 IPs

10 Countries

2937 kBTransfer

8295 kBSize

62 Cookies

5 Outgoing links

Redirected requests

239 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

ua.nesrakonk.ru Open in urlscan Pro
2606:4700:3030::6815:2e4c Public Scan

Screenshot
Live screenshot

Full Image

239
Requests

88 %
HTTPS

53 %
IPv6

46
Domains

71
Subdomains

58
IPs

10
Countries

2937 kB
Transfer

8295 kB
Size

62
Cookies

239 HTTP transactions
9 data transactions