zdorovieledy.ru Open in urlscan Pro
82.202.165.233 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://zdorovieledy.ru/
Effective URL:
https://zdorovieledy.ru/
Submission: On November 03 via api (November 3rd 2023, 9:00:34 pm UTC) from US — Scanned from DE

Summary HTTP 229 Redirects Behaviour Indicators

Summary

This website contacted 51 IPs in 10 countries across 50 domains to perform 229 HTTP transactions. The main IP is 82.202.165.233, located in Russian Federation and belongs to RU-JSCIOT, RU. The main domain is zdorovieledy.ru.
TLS certificate: Issued by R3 on October 14th 2023. Valid for: 3 months.

This is the only time zdorovieledy.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 18	82.202.165.233 82.202.165.233	29182 (RU-JSCIOT) (RU-JSCIOT)
3	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:218... 2600:9000:218c:c400:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
1	116.202.32.31 116.202.32.31	24940 (HETZNER-AS) (HETZNER-AS)
2	2a02:6b8:a::a 2a02:6b8:a::a	208722 (GLOBAL_DC) (GLOBAL_DC)
32	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	91.220.120.249 91.220.120.249	202173 (MAXIMATEL...) (MAXIMATELECOM)
2	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
3 11	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
7	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	91.220.120.21 91.220.120.21	202173 (MAXIMATEL...) (MAXIMATELECOM)
9	2a02:6b8:20::215 2a02:6b8:20::215	208722 (GLOBAL_DC) (GLOBAL_DC)
7	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1 2	80.239.201.54 80.239.201.54	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
3	88.218.242.3 88.218.242.3	56630 (MELBICOM-...) (MELBICOM-EU-AS Melbikomas UAB)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:2250:f000:a:e047:753:a221	16509 (AMAZON-02) (AMAZON-02)
1	18.155.129.34 18.155.129.34	16509 (AMAZON-02) (AMAZON-02)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:6b8::16b 2a02:6b8::16b	208722 (GLOBAL_DC) (GLOBAL_DC)
1 2	34.120.135.53 34.120.135.53	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 3	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	141.95.33.111 141.95.33.111	16276 (OVH) (OVH)
1	34.249.63.196 34.249.63.196	16509 (AMAZON-02) (AMAZON-02)
21	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
1 6	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	195.209.108.51 195.209.108.51	52007 (ADRIVER) (ADRIVER)
2 2	18.196.149.165 18.196.149.165	16509 (AMAZON-02) (AMAZON-02)
10 33	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2 2	37.157.4.29 37.157.4.29	198622 (ADFORM) (ADFORM)
4 4	50.31.142.127 50.31.142.127	23352 (SERVERCEN...) (SERVERCENTRAL)
2 3	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
1	54.76.77.157 54.76.77.157	16509 (AMAZON-02) (AMAZON-02)
3 3	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1	185.86.139.101 185.86.139.101	201081 (SMARTADSE...) (SMARTADSERVER)
4 10	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 7	185.89.210.244 185.89.210.244	29990 (ASN-APPNEX) (ASN-APPNEX)
6	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	141.101.90.98 141.101.90.98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	64.227.64.62 64.227.64.62	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:4c00:85ae:82c6:552b	16509 (AMAZON-02) (AMAZON-02)
3	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1 1	54.165.78.186 54.165.78.186	14618 (AMAZON-AES) (AMAZON-AES)
1	3.67.250.230 3.67.250.230	16509 (AMAZON-02) (AMAZON-02)
1 1	20.127.253.7 20.127.253.7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	213.155.156.180 213.155.156.180	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
1	2600:9000:236... 2600:9000:2362:8800:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	104.119.108.27 104.119.108.27	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	172.105.221.240 172.105.221.240	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1 1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	18.180.200.17 18.180.200.17	16509 (AMAZON-02) (AMAZON-02)
1 1	52.45.175.185 52.45.175.185	14618 (AMAZON-AES) (AMAZON-AES)
1	3.124.69.248 3.124.69.248	16509 (AMAZON-02) (AMAZON-02)
229	51

18 82.202.165.233 (Russian Federation) 1 redirects

ASN29182 (RU-JSCIOT, RU)
PTR: bualvl25017.example.com

zdorovieledy.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:218c:c400:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 116.202.32.31 (Tönisvorst, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.31.32.202.116.clients.your-server.de

push.24olimp.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:6b8:a::a (Russian Federation)

ASN208722 (GLOBAL_DC, FI)

yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.220.120.249 (Russian Federation)

ASN202173 (MAXIMATELECOM, RU)

s3.wi-fi.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:6b8::1:119 (Ulyanovsk, Russian Federation) 3 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.220.120.21 (Russian Federation)

ASN202173 (MAXIMATELECOM, RU)

ipgeo.service.qvant.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:6b8:20::215 (Russian Federation)

ASN208722 (GLOBAL_DC, FI)

yastatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 80.239.201.54 (Sweden) 1 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

mc.webvisor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.218.242.3 (Moscow, Russian Federation)

ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT)

content.adriver.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:f000:a:e047:753:a221 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.155.129.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-129-34.cdg52.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8::16b (Ulyanovsk, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

matchid.adfox.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.95.33.111 (Germany)

ASN16276 (OVH, FR)
PTR: ns3203177.ip-141-95-33.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.63.196 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-63-196.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.209.108.51 (Russian Federation)

ASN52007 (ADRIVER, RU)

ad.adriver.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.149.165 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-149-165.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 142.250.184.194 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.29 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 50.31.142.127 (Hickory Hills, United States) 4 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.75.86.98 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.77.157 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-77-157.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.248.245.213 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.101 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.18.36.155 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.89.210.244 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.101.90.98 (United States)

ASN13335 (CLOUDFLARENET, US)

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.227.64.62 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:4c00:85ae:82c6:552b (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.47.127.19 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.165.78.186 (United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-165-78-186.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.67.250.230 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-67-250-230.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.127.253.7 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.180 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2362:8800:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.119.108.27 (Düsseldorf, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-119-108-27.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.105.221.240 (Tokyo, Japan) 1 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1875-240.members.linode.com

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.180.200.17 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-180-200-17.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.175.185 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-175-185.compute-1.amazonaws.com

im.bluevoox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.124.69.248 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-69-248.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
58	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 149	556 KB
53	doubleclick.net 10 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439	377 KB
25	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	684 KB
18	zdorovieledy.ru 1 redirects zdorovieledy.ru	923 KB
14	yandex.ru 3 redirects yandex.ru — Cisco Umbrella Rank: 2158 mc.yandex.ru — Cisco Umbrella Rank: 4034 matchid.adfox.yandex.ru — Cisco Umbrella Rank: 29170	127 KB
10	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	7 KB
9	yastatic.net yastatic.net — Cisco Umbrella Rank: 6894	221 KB
7	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	5 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	102 KB
6	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
4	zemanta.com 4 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 580	2 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	238 KB
4	criteo.com 2 redirects gum.criteo.com — Cisco Umbrella Rank: 454 mug.criteo.com — Cisco Umbrella Rank: 2926 dis.criteo.com — Cisco Umbrella Rank: 597	8 KB
4	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1656 google-bidout-d.openx.net — Cisco Umbrella Rank: 1665 rtb.openx.net — Cisco Umbrella Rank: 695	917 B
4	adriver.ru content.adriver.ru — Cisco Umbrella Rank: 35937 ad.adriver.ru — Cisco Umbrella Rank: 20696	283 KB
3	pubmatic.com image6.pubmatic.com — Cisco Umbrella Rank: 823	248 B
3	3lift.com 3 redirects eb2.3lift.com — Cisco Umbrella Rank: 417	1 KB
3	onetag-sys.com 2 redirects onetag-sys.com — Cisco Umbrella Rank: 746	973 B
3	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 863 id5-sync.com — Cisco Umbrella Rank: 440	32 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	3 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4905	647 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 599	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 912	2 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 976 bcp.crwdcntrl.net — Cisco Umbrella Rank: 887	12 KB
2	webvisor.org 1 redirects mc.webvisor.org — Cisco Umbrella Rank: 21671	888 B
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 335	87 KB
2	wi-fi.ru s3.wi-fi.ru — Cisco Umbrella Rank: 205866	39 KB
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 351	146 B
1	bluevoox.com 1 redirects im.bluevoox.com — Cisco Umbrella Rank: 13528	520 B
1	adingo.jp cc.adingo.jp — Cisco Umbrella Rank: 7108	44 B
1	appier.net 1 redirects a.c.appier.net — Cisco Umbrella Rank: 15453	601 B
1	media.net 1 redirects cs.media.net — Cisco Umbrella Rank: 1513	878 B
1	smaato.net s.ad.smaato.net — Cisco Umbrella Rank: 716	237 B
1	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 377	772 B
1	inmobi.com 1 redirects sync.inmobi.com — Cisco Umbrella Rank: 1562	712 B
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 559	35 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 689	1 KB
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492	713 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2242	549 B
1	o2online.de portal.o2online.de — Cisco Umbrella Rank: 146086	607 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 774	45 B
1	360yield.com match.360yield.com — Cisco Umbrella Rank: 2249	199 B
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2139	1 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2491	3 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 668	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1762	8 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1181	607 B
1	qvant.ru ipgeo.service.qvant.ru	125 B
1	24olimp.ru push.24olimp.ru	4 KB
1	optad360.io get.optad360.io — Cisco Umbrella Rank: 36330	62 KB
229	50

	Domain	Requested by
33	cm.g.doubleclick.net	10 redirects eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com googleads.g.doubleclick.net
32	pagead2.googlesyndication.com	zdorovieledy.ru pagead2.googlesyndication.com tpc.googlesyndication.com eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com s0.2mdn.net www.googletagservices.com
25	s0.2mdn.net	zdorovieledy.ru s0.2mdn.net eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
21	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com zdorovieledy.ru eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com s0.2mdn.net
18	zdorovieledy.ru	1 redirects zdorovieledy.ru
11	mc.yandex.ru	3 redirects zdorovieledy.ru cdn.jsdelivr.net
10	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
9	yastatic.net	yandex.ru
7	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
7	securepubads.g.doubleclick.net	get.optad360.io securepubads.g.doubleclick.net
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com zdorovieledy.ru
6	googleads4.g.doubleclick.net	zdorovieledy.ru
6	www.google.com	1 redirects tpc.googlesyndication.com eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com zdorovieledy.ru
5	eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	b1sync.zemanta.com	4 redirects
4	www.googletagservices.com	eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com zdorovieledy.ru
4	fonts.gstatic.com	fonts.googleapis.com
3	www.gstatic.com	zdorovieledy.ru eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
3	image6.pubmatic.com	eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
3	eb2.3lift.com	3 redirects
3	onetag-sys.com	2 redirects eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
3	content.adriver.ru	s3.wi-fi.ru content.adriver.ru
3	fonts.googleapis.com	zdorovieledy.ru eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
2	d5p.de17a.com	2 redirects
2	c1.adform.net	2 redirects
2	pm.w55c.net	2 redirects
2	id5-sync.com	cdn.id5-sync.com
2	gum.criteo.com	1 redirects static.criteo.net
2	oajs.openx.net	1 redirects
2	mc.webvisor.org	1 redirects zdorovieledy.ru
2	cdn.jsdelivr.net	zdorovieledy.ru securepubads.g.doubleclick.net
2	s3.wi-fi.ru	zdorovieledy.ru s3.wi-fi.ru
2	yandex.ru	zdorovieledy.ru s3.wi-fi.ru
1	x.bidswitch.net	eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
1	im.bluevoox.com	1 redirects
1	cc.adingo.jp	eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
1	dis.criteo.com	1 redirects
1	a.c.appier.net	1 redirects
1	cs.media.net	1 redirects
1	s.ad.smaato.net	eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
1	rtb.openx.net	eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
1	px.ads.linkedin.com	1 redirects
1	sync.inmobi.com	1 redirects
1	match.sharethrough.com	eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
1	sync.srv.stackadapt.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	match.adsby.bidtheatre.com	1 redirects
1	portal.o2online.de
1	ssbsync.smartadserver.com	eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
1	match.360yield.com	eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
1	ad.adriver.ru	content.adriver.ru
1	google-bidout-d.openx.net	oa.openxcdn.net
1	mug.criteo.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	matchid.adfox.yandex.ru	yandex.ru
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	ipgeo.service.qvant.ru	s3.wi-fi.ru
1	push.24olimp.ru	zdorovieledy.ru
1	get.optad360.io	zdorovieledy.ru
229	65

This site contains no links.

Subject Issuer	Validity	Valid
zdorovieledy.ru R3	`2023-10-14` - `2024-01-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.optad360.io Amazon RSA 2048 M02	`2023-09-17` - `2024-10-15`	a year	crt.sh
sylfpaskl.ru R3	`2023-10-19` - `2024-01-17`	3 months	crt.sh
*.xn--d1acpjx3f.xn--p1ai GlobalSign ECC OV SSL CA 2018	`2023-06-21` - `2023-12-19`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.wi-fi.ru GlobalSign RSA OV SSL CA 2018	`2023-10-04` - `2024-11-04`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-08-14` - `2024-01-24`	5 months	crt.sh
*.service.qvant.ru AlphaSSL CA - SHA256 - G4	`2023-08-31` - `2024-10-01`	a year	crt.sh
*.yastatic-net.ru GlobalSign ECC OV SSL CA 2018	`2023-07-10` - `2024-01-07`	6 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.adriver.ru GlobalSign GCC R3 DV TLS CA 2020	`2023-03-07` - `2024-04-07`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-09-25` - `2023-12-24`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-09` - `2024-01-06`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-11-02` - `2024-01-31`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-10-24` - `2024-01-22`	3 months	crt.sh
matchid.adfox.yandex.ru GlobalSign RSA OV SSL CA 2018	`2023-06-01` - `2023-11-24`	6 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
*.id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.360yield.com Amazon RSA 2048 M01	`2023-05-29` - `2024-06-26`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
portal.o2online.de E1	`2023-10-01` - `2023-12-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh
s.ad.smaato.net Amazon RSA 2048 M03	`2023-09-04` - `2024-10-02`	a year	crt.sh
*.adingo.jp Amazon RSA 2048 M03	`2023-09-13` - `2024-10-12`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh

This page contains 28 frames:

Primary Page: https://zdorovieledy.ru/
Frame ID: 877FF19FBE8137756018E25848CC29B2
Requests: 81 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20190131/zrt_lookup.html
Frame ID: 51EFD1004658367070A41C889933712D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2169694473459397&output=html&adk=1812271804&adf=1573534164&lmt=1650440532&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C188x945_r&format=0x0&url=https%3A%2F%2Fzdorovieledy.ru%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699045225500&bpp=4&bdt=390&idt=265&shv=r20231101&mjsv=m202310310101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4149270551015&frm=20&pv=2&ga_vid=1842509259.1699045226&ga_sid=1699045226&ga_hid=1451533323&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079307%2C31079345%2C44795922%2C44807048%2C44807334%2C44807455%2C44807461%2C31078301&oid=2&pvsid=2726199759630939&tmod=1169782769&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=301
Frame ID: 17EB945AA41B8301274C4A5887DF30F6
Requests: 1 HTTP requests in this frame

Frame: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 3AD8DE017D0A64253FE8EADE3B469174
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=zdorovieledy.ru
Frame ID: A0716E38F94DCC0654FAC62254F82B4E
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CDDAAF06F74AA2D7B4F4789EEDFF6716
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 08C06846BAE68F59C9FE4267F609C925
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: BB355A3BA909987F20A0E70B0DE48C76
Requests: 1 HTTP requests in this frame

Frame: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 8CA7F29769740D9057ECEAEA469C1DEF
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARijvLb3ATAB&v=APEucNW4Blb-liDnXeDDjyO8-v66le28aH10yJudfn8xIUoJah802jHZmR0db9KytPQ-GvHcSJ55azjXcAVShZm6hNr_UVGm-qsaeIOp8bVoMnM_rHnV-BHWgdC5N_iuBGILg_L9tL65xhi4W7YevwU6N3xZfrf0GosZVspzJ-MUIa5B3vwu3owyj77kNGyB0hC7CKRql6PjLlndQpKNyi9E23vK2HkcUg
Frame ID: EBE1DC85DD560181DFF0DA6B9458DB92
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E7B752DA7E9D8CF6C15624825C6D7069
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 71BC6D8F5D64A026FE838BE9A1D86E43
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=cqCg5eYezf&t=1&renderingType=2&ev=01_250
Frame ID: 64CA3C62E080A300F54EF53D62357787
Requests: 12 HTTP requests in this frame

Frame: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B9AA7B6CB155E3259177207BAB1B65AD
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGK3o7vgBMAE&v=APEucNX3ukjAIz8uMPUjmqvEyAbmpx6ahqnLSUo7OKdDMsF97gI3VkULkjVAlZm-ysl5_NX1utTz2zhxzYGU0kPBWEZwjWixkOzInoBHyM4gbkepM6ppWVNxoviyXKbhzzaMqHdfvftqt0OpPdrPVNCSyfiq3LttoZ2foNxHjlZp2ykOLZnu4xDxkbH__4Qh7glBOpVyVml5wBQEoqNv6BRjpcBjUNZlXQ
Frame ID: B5689582D3E1ADC27B5CCB718BBC7C87
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 625FE394A33483828489B02A6FE9C49E
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: F47B68236C68472D25CD368A314634A3
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js
Frame ID: 2ED6B9372B6D7D06AB1973B0C4368734
Requests: 1 HTTP requests in this frame

Frame: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: BD02AA57BCAD06871B3DD195F6D5DFAE
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: E94B5E9E2FB6F2F6F426D8096EAD659B
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: C838AA40653B406D74B803CB6A3D54D0
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F2C958031FF55BD042AF601B8812FD4B
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dq7XSZMeOny_zs0cDs__BulTyuvw0_s4UMxrCFcwjBQ.js
Frame ID: 7B628B52FB754B91D799646193170658
Requests: 1 HTTP requests in this frame

Frame: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2F3E146059E650B373F7DCEA2AED2F48
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYxNPDmAEwAQ&v=APEucNU7EURQecXIqEMaRj7DWgi5DBHpE8mNlTqR_CJTmN3oA9MEOiCBZHyTOZHMFasF08LAMv5oU2YHmGF_JpQLTmL1MW8m94d2k2FgfStNq3FH1Z7FuhHSD5t11aSVp5s-0ecKGmvLw99c07FFeDFOG-x4E6VM1eLR-Xky1AaCjJDDyq-poYJxfrtep_x0hgi9KrH1VlF11un4RUhF6MWQBP3iDUxm0A
Frame ID: 7A2665312B09CBE5D3F2A36052AF6AA7
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8A03EB49C75F026F180D17AD458B1368
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 36DBC3BB1E0C2AA25CA6C2210566A3A1
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250
Frame ID: 1380E2E9F108E6031FECE40CBA7816A7
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Простыми словами о самом интересном

Page URL History Show full URLs

http://zdorovieledy.ru/ HTTP 301
https://zdorovieledy.ru/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AdRiver (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:adriver\.core\.\d\.js|https?://(?:content|ad|masterh\d)\.adriver\.ru/)

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Swiper Slider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swiper(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

229
Requests

85 %
HTTPS

39 %
IPv6

50
Domains

65
Subdomains

51
IPs

10
Countries

3794 kB
Transfer

8877 kB
Size

53
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://zdorovieledy.ru/ HTTP 301
https://zdorovieledy.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Afp%3A991%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1150%3Acn%3A2%3Adp%3A0%3Als%3A948240174337%3Ahid%3A292576548%3Az%3A60%3Ai%3A20231103220025%3Aet%3A1699045225%3Ac%3A1%3Arn%3A2022967%3Arqn%3A1%3Au%3A1699045225467725521%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C104%2C175%2C50%2C445%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1699045224374%3Ast%3A1699045225&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(1) HTTP 302
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Afp%3A991%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1150%3Acn%3A2%3Adp%3A0%3Als%3A948240174337%3Ahid%3A292576548%3Az%3A60%3Ai%3A20231103220025%3Aet%3A1699045225%3Ac%3A1%3Arn%3A2022967%3Arqn%3A1%3Au%3A1699045225467725521%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C104%2C175%2C50%2C445%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1699045224374%3Ast%3A1699045225&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29&redirnss=1

Request Chain 23

https://mc.yandex.ru/watch/82692964?wmode=7&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Afp%3A991%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1150%3Acn%3A1%3Adp%3A0%3Als%3A1475501242492%3Ahid%3A292576548%3Az%3A60%3Ai%3A20231103220025%3Aet%3A1699045225%3Ac%3A1%3Arn%3A145074013%3Arqn%3A1%3Au%3A1699045225467725521%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C104%2C175%2C50%2C445%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1699045224374%3Arqnl%3A1%3Ast%3A1699045225%3At%3A%D0%9F%D1%80%D0%BE%D1%81%D1%82%D1%8B%D0%BC%D0%B8%20%D1%81%D0%BB%D0%BE%D0%B2%D0%B0%D0%BC%D0%B8%20%D0%BE%20%D1%81%D0%B0%D0%BC%D0%BE%D0%BC%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%B5%D1%81%D0%BD%D0%BE%D0%BC&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(1) HTTP 302
https://mc.yandex.ru/watch/82692964/1?wmode=7&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Afp%3A991%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1150%3Acn%3A1%3Adp%3A0%3Als%3A1475501242492%3Ahid%3A292576548%3Az%3A60%3Ai%3A20231103220025%3Aet%3A1699045225%3Ac%3A1%3Arn%3A145074013%3Arqn%3A1%3Au%3A1699045225467725521%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C104%2C175%2C50%2C445%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1699045224374%3Arqnl%3A1%3Ast%3A1699045225%3At%3A%D0%9F%D1%80%D0%BE%D1%81%D1%82%D1%8B%D0%BC%D0%B8%20%D1%81%D0%BB%D0%BE%D0%B2%D0%B0%D0%BC%D0%B8%20%D0%BE%20%D1%81%D0%B0%D0%BC%D0%BE%D0%BC%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%B5%D1%81%D0%BD%D0%BE%D0%BC&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29

Request Chain 43

https://mc.webvisor.org/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=10172._hdP2f91KVe5WeP6IRHitDfyISlbkMJwL9X9NwtwyI9JF4tSp9q2jrZeUrdSAMLI.RzE3U7KDTk87nbUIXVn4CIMItMI%2C HTTP 302
https://mc.webvisor.org/sync_cookie_image_decide?token=10172.-tOSVU17YBORyFJGn_56j5VPan3u37dBOQ8IyMvKMea_JjgsxCLYJwc0ib7noodLhS49kIFU5ofUCx0QiiWyzfznufWEIq2x56R-Cppl5YWVEZPY4fdAEVktivxX0zkJe1hZSMBUP9t_Z_EgYaBItpXAsG4oftj7MEl19f3VSqKceYMgdv2VyQzyH-CrV4vBrA9DDt2D3al8B1mteY3aIYCiol4_yvOTJ2b4eguXO9w%2C.lgS0z28SHY7xWfBH3IIviL0vjSk%2C

Request Chain 64

https://oajs.openx.net/esp?url=https%3A%2F%2Fzdorovieledy.ru%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fzdorovieledy.ru%2F&rid=esp&cc=1

Request Chain 70

https://gum.criteo.com/sid/json?origin=publishertagids&domain=zdorovieledy.ru&sn=ChromeSyncframe&so=0&topUrl=zdorovieledy.ru&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=nUcda3xKays0NWlYczNjQVVJN0hyS2RsNENKQUdUY0g2c2h5d0YvV3dTS01IcWh5QlF1dW9RS1duSWJ1ci9GQUFuRUd2enBDMS9NaUJwaS9MakZEZnN0c2hPeWR2czd4UHZBOUZjNERja0ZnaGVwRDNkSzBtNVY4UldHZU0zTmZLZ25SSytIYTM1blRweHZWT1RBSEs2N2dsK0xCdnk4Rm1HK0YwUGhXOWpRMnVXYlF3YmM2RW5BYjNxL1V5ZTg4UE5Xa2pyUjdhWDdFTjhYZUZnWXYrWHdqV0RLL3lEU21XWUt4Z0dFc2hScHBTaDViRVBlbW1YT05OeUVoZHNMbXRuVXBnUHRxWmpJZEdJdlJaamNhcEZxcmgwREhjZU9FR25rTGt0KzQrR0NtemFtQT18&cppv=2

Request Chain 95

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHiu-A1qJhwz3G8p8mfQT_I&google_cver=1&google_push=AXcoOmSrRny5sVsejGim0ymX837n2MTmqxO7QKtsJsRBM6-98ukdSseCAkRoRgtqg6JMQJNO9e7L7iGXqReB76xxOsnHG4-_h7QLhg HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHiu-A1qJhwz3G8p8mfQT_I&google_cver=1&google_push=AXcoOmSrRny5sVsejGim0ymX837n2MTmqxO7QKtsJsRBM6-98ukdSseCAkRoRgtqg6JMQJNO9e7L7iGXqReB76xxOsnHG4-_h7QLhg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dDZoT01DcmIxUVoxaGc1&google_gid=CAESEHiu-A1qJhwz3G8p8mfQT_I&google_cver=1&google_push=AXcoOmSrRny5sVsejGim0ymX837n2MTmqxO7QKtsJsRBM6-98ukdSseCAkRoRgtqg6JMQJNO9e7L7iGXqReB76xxOsnHG4-_h7QLhg

Request Chain 96

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEBvmPTvXnzbLNK1VxjZG1zI&google_cver=1&google_push=AXcoOmQrmAjVZXeT7hi5qPwxx0Dnlg1pSy0GJ2ZDQs8M8lvj5nuasiMoaO5GOoWkUSvyWQGXBdXu4gN0DKN5klJJPpxOVzw-HR0z HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEBvmPTvXnzbLNK1VxjZG1zI&google_cver=1&google_push=AXcoOmQrmAjVZXeT7hi5qPwxx0Dnlg1pSy0GJ2ZDQs8M8lvj5nuasiMoaO5GOoWkUSvyWQGXBdXu4gN0DKN5klJJPpxOVzw-HR0z HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODgyMzIxMTQ1OTkxODcwMDM5MA&google_push=AXcoOmQrmAjVZXeT7hi5qPwxx0Dnlg1pSy0GJ2ZDQs8M8lvj5nuasiMoaO5GOoWkUSvyWQGXBdXu4gN0DKN5klJJPpxOVzw-HR0z

Request Chain 97

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEK8l-RjRH0RK9QLn2REX0cg&google_cver=1&google_push=AXcoOmRnQ4B2N6zbyxN4rNJxFkBQMmCAI_SF3CNIMRxk3190X_HkUAdt3JKEAVPTxkm1JwLesHVnjlkyNxN3mag8_-NyM6AmOzXA HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEK8l-RjRH0RK9QLn2REX0cg&google_push=AXcoOmRnQ4B2N6zbyxN4rNJxFkBQMmCAI_SF3CNIMRxk3190X_HkUAdt3JKEAVPTxkm1JwLesHVnjlkyNxN3mag8_-NyM6AmOzXA&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmRnQ4B2N6zbyxN4rNJxFkBQMmCAI_SF3CNIMRxk3190X_HkUAdt3JKEAVPTxkm1JwLesHVnjlkyNxN3mag8_-NyM6AmOzXA&google_hm=QUk4Rkx4eFlZdE5VVjNUNUFXVEc=

Request Chain 98

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELzGx917xCy6ZJJ9Jlw4I2c&google_cver=1&google_push=AXcoOmQNe1IzCd0cYtspMpyRwdX_bQMn6XRk86B_dxNXStKxUF_nt2PaHA0zZWCYQIkaJx2Qz3JqeKuSYjFqyAbk-bnI5qhHBYQlTg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQNe1IzCd0cYtspMpyRwdX_bQMn6XRk86B_dxNXStKxUF_nt2PaHA0zZWCYQIkaJx2Qz3JqeKuSYjFqyAbk-bnI5qhHBYQlTg

Request Chain 100

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEGy9M12o05EqKhok92L7Lv0&google_cver=1&google_push=AXcoOmT---nswfpfNaeT2adoBPVVHngYJoXHGBcFqKZUK7OjXTTxefQ9wTDf1er23c6YU-Aw1R5LRBYyYDS4iKUG2K8pBGEogd0wNA HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmT---nswfpfNaeT2adoBPVVHngYJoXHGBcFqKZUK7OjXTTxefQ9wTDf1er23c6YU-Aw1R5LRBYyYDS4iKUG2K8pBGEogd0wNA&google_gid=CAESEGy9M12o05EqKhok92L7Lv0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzE1OTg3MjkzNTAxNTgzNDc5Njk3Mw%3D%3D&google_push=AXcoOmT---nswfpfNaeT2adoBPVVHngYJoXHGBcFqKZUK7OjXTTxefQ9wTDf1er23c6YU-Aw1R5LRBYyYDS4iKUG2K8pBGEogd0wNA

Request Chain 104

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKXtB6yjqKs9YtH3dMAIuIs&google_cver=1

Request Chain 105

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUVfapsOLFUhjbf9MXldzAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKXtB6yjqKs9YtH3dMAIuIs&google_cver=1

Request Chain 106

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENN-Uzw60ICzngo0WTLkcwY&google_cver=1

Request Chain 107

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE2MTIwNTc2OTgxNTczMDI0

Request Chain 138

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESELYTODDSI2qmXmaGWQ2ZEP8&google_cver=1&google_push=AXcoOmSaPtmFbIoBpUrHKid-QA5LZfKuk0t6jbHtW0V69nWIpxAX4piU14R98UlPd8UiOU4kZirP_b18Tt_zjQbgA-noIVVmo0s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AXcoOmSaPtmFbIoBpUrHKid-QA5LZfKuk0t6jbHtW0V69nWIpxAX4piU14R98UlPd8UiOU4kZirP_b18Tt_zjQbgA-noIVVmo0s

Request Chain 139

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEG_SPj6LdQHDTCldfK5I2to&google_cver=1&google_push=AXcoOmT180r5U4xRN_Fn5d7bLQbQHjD6epZTyQFPnSEcvtov_lYwCTfhtA7bWEj3uqRSEkHhr6in1_ocrR89XrWYd5oAjS8h8zuv HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmT180r5U4xRN_Fn5d7bLQbQHjD6epZTyQFPnSEcvtov_lYwCTfhtA7bWEj3uqRSEkHhr6in1_ocrR89XrWYd5oAjS8h8zuv&google_hm=eS1pQVRxMnF0RTJwRW5ZNi5kWlB5UHNwaE5aUEtrN0h6Q35B

Request Chain 140

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEMgLR3AT_iwBG6MVrPzwn0Q&google_cver=1&google_push=AXcoOmRZO-db_5r8QzjmvHXI5MnDTBkj1iQmWrU2YBI2C0fHZzxLz6MFvJn3mJID_zYtF50lbOouXtMrcTayJqLGzWdbllqro0E HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEMgLR3AT_iwBG6MVrPzwn0Q&google_push=AXcoOmRZO-db_5r8QzjmvHXI5MnDTBkj1iQmWrU2YBI2C0fHZzxLz6MFvJn3mJID_zYtF50lbOouXtMrcTayJqLGzWdbllqro0E&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmRZO-db_5r8QzjmvHXI5MnDTBkj1iQmWrU2YBI2C0fHZzxLz6MFvJn3mJID_zYtF50lbOouXtMrcTayJqLGzWdbllqro0E&google_hm=Q0llMnQ2c0FiWlpnQUdYYkxsVVE=

Request Chain 142

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEDgWi76M025qi92bZFeEWEQ&google_cver=1&google_push=AXcoOmTEEcx9xN_19abLEHP-mKukOYLvCXb1l8T5bfXxA_W5ri9b0xLZ-eo5VjSOkEbt23zhEPlK1qbpBZ8R3A8rogyO4A4z9YPT HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=FysCS4SuWPVTeMQfErfbAy2NmEo&google_push=AXcoOmTEEcx9xN_19abLEHP-mKukOYLvCXb1l8T5bfXxA_W5ri9b0xLZ-eo5VjSOkEbt23zhEPlK1qbpBZ8R3A8rogyO4A4z9YPT

Request Chain 144

https://sync.inmobi.com/gob?google_gid=CAESEDh9jYRxPk1_yq_7bVFu5xY&google_cver=1&google_push=AXcoOmSfSNRoQfuTJUoq5Hzgz1hohcOSMntpeyJJnOEnSJMjuuGVTMMM46JWehqBzZHLyK-bGMwV5Nf_Kh4_okYA9JE6UZDuv7nO9Q HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSfSNRoQfuTJUoq5Hzgz1hohcOSMntpeyJJnOEnSJMjuuGVTMMM46JWehqBzZHLyK-bGMwV5Nf_Kh4_okYA9JE6UZDuv7nO9Q

Request Chain 148

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOXO_n-3iNrHHMEUKbr7lo4&google_cver=1

Request Chain 149

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUVfapsOLFUhjbf9MXldzAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOXO_n-3iNrHHMEUKbr7lo4&google_cver=1

Request Chain 150

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECuPaTM2lRIrucffNih-85s&google_cver=1

Request Chain 151

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE2MTIwNTc2OTgxNTczMDI0

Request Chain 172

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEH53Jt1fUeYtVvZqYFwXNvY&google_cver=1&google_push=AXcoOmQ8TWa8mUvj0Dhse5Qr2xqD762WIGdecPMmGRGiNzaw2szHZsmK_xiKnURX-fxfuAgmNMeu8UQ0WJDx3euCQWr-30CN5nx2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmQ8TWa8mUvj0Dhse5Qr2xqD762WIGdecPMmGRGiNzaw2szHZsmK_xiKnURX-fxfuAgmNMeu8UQ0WJDx3euCQWr-30CN5nx2

Request Chain 173

https://d5p.de17a.com/cookies/google?google_gid=CAESEMY37bfrg6_HJQ_fXNepsA0&google_cver=1&google_push=AXcoOmQzZJUod9_wYizAxJs31J96ewMrr_cFwf7_MoAA_x3lEs-Zkq2rRrUnYgh8MbXh78WRv2OW-u_YuYWWJygCgAriW3-DWoVO HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEMY37bfrg6_HJQ_fXNepsA0&google_cver=1&google_push=AXcoOmQzZJUod9_wYizAxJs31J96ewMrr_cFwf7_MoAA_x3lEs-Zkq2rRrUnYgh8MbXh78WRv2OW-u_YuYWWJygCgAriW3-DWoVO HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQzZJUod9_wYizAxJs31J96ewMrr_cFwf7_MoAA_x3lEs-Zkq2rRrUnYgh8MbXh78WRv2OW-u_YuYWWJygCgAriW3-DWoVO

Request Chain 177

https://cs.media.net/cksync?type=g&google_gid=CAESENuLkTYXlekJdA0JOOVX6jg&google_cver=1&google_push=AXcoOmQc3jNQ6mRMdvBFmsvKAO5pQC30FCnlR9-IbiQxtcyP8_96LiBRm0kvT_dZmBtG3FC_9Zm6ymb9V_shDMAd-XBPzhokG-mH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzQyMDQ2ODI4NTQyODIyNzAwMFYxMA%3d%3d&mn_hm=MzQyMDQ2ODI4NTQyODIyNzAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmQc3jNQ6mRMdvBFmsvKAO5pQC30FCnlR9-IbiQxtcyP8_96LiBRm0kvT_dZmBtG3FC_9Zm6ymb9V_shDMAd-XBPzhokG-mH&gdpr=&gdpr_consent=

Request Chain 178

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEAPo0qSkwisujfUp-HJOv3s&google_cver=1&google_push=AXcoOmRcnuakJnTaZHv4zsqvCEHt0kimClz2H-KhL2xgWFtwQNibQxnx28V_tt6-taQ7t1lLuocWbjpGdoDWkBomPu1mdBUM6j5X5w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmRcnuakJnTaZHv4zsqvCEHt0kimClz2H-KhL2xgWFtwQNibQxnx28V_tt6-taQ7t1lLuocWbjpGdoDWkBomPu1mdBUM6j5X5w HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 180

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 199

https://a.c.appier.net/gcm?google_gid=CAESEE6ZP_y16Ep1n-P_56I5kB8&google_cver=1&google_push=AXcoOmTZpTGWGuICaPIdwkgkQh7jDDpG4_dlYBRaUsTpxH8cJq_EZWhHFVCVL9V4oCxvVoZylOwMdJU98zZqg71mqrEmyQVNa4x87A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=MjNabmtHcmtCZE9pdk5OX2JGOUZaUQ%3D%3D&google_push=AXcoOmTZpTGWGuICaPIdwkgkQh7jDDpG4_dlYBRaUsTpxH8cJq_EZWhHFVCVL9V4oCxvVoZylOwMdJU98zZqg71mqrEmyQVNa4x87A

Request Chain 200

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmRYm24UYmyKGODov4aJigqfitsmFLg3qxP7DszTnh-7Ut9NSlra1091EHaV_v98tBeMgm87jIojV17OBR-XGrHCpuz064gMAw&google_gid=CAESEMxpl94Rw1IiC5_LY1KefKI&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-EdrCmwMYIX0kyZMV4vbVJsHAcDo_MnJJaHWlrQ&google_push=AXcoOmRYm24UYmyKGODov4aJigqfitsmFLg3qxP7DszTnh-7Ut9NSlra1091EHaV_v98tBeMgm87jIojV17OBR-XGrHCpuz064gMAw

Request Chain 202

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOqJ3rqlQTMv4qvo5CL_euc&google_cver=1&google_push=AXcoOmRsZ2Zsl8iFrND6ZXD_Vd3bVr9S6v4uCSbEudFXUejJDw6504W-6YvK6fe2zoPgsNRzQy7WifJG1hNKClnxsGS2kMXeXm3H0w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzE1OTg3MjkzNTAxNTgzNDc5Njk3Mw%3D%3D&google_push=AXcoOmRsZ2Zsl8iFrND6ZXD_Vd3bVr9S6v4uCSbEudFXUejJDw6504W-6YvK6fe2zoPgsNRzQy7WifJG1hNKClnxsGS2kMXeXm3H0w

Request Chain 204

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEC-dMiigZZkQE_jeqva1Dlo&google_cver=1&google_push=AXcoOmS-HF7TurfaHZLmH5u_6Y4zFjItjmeymK5Qodr-W_LRCFweJoSRztXJy1GUNa3rXjevfHN3ILVfIJ_LIbiIcmGUdegVx--F4ik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS-HF7TurfaHZLmH5u_6Y4zFjItjmeymK5Qodr-W_LRCFweJoSRztXJy1GUNa3rXjevfHN3ILVfIJ_LIbiIcmGUdegVx--F4ik&google_hm=QlMuODEzNS05MjFhLTRmYjEtYmFlYw==

Request Chain 208

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjyEH3VewhH3yzwc4_No7k&google_cver=1

Request Chain 209

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUVfapsOLFUhjbf9MXldzAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjyEH3VewhH3yzwc4_No7k&google_cver=1

Request Chain 210

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMCh2Ni7_KeF-I_hITsqtZc&google_cver=1

Request Chain 211

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE2MTIwNTc2OTgxNTczMDI0

229 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
zdorovieledy.ru/
Redirect Chain

http://zdorovieledy.ru/
https://zdorovieledy.ru/

171 KB
28 KB

281ms
175ms

Document
text/html

82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to

Full URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: 236fd6b0385c46e3bc1fc318ee68d7eeb6beaf2037d6626224d06771b39c1b7c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 03 Nov 2023 21:00:24 GMT
last-modified: Wed, 20 Apr 2022 07:42:12 GMT
server: Apache
vary: Accept-Encoding

Redirect headers

Connection: Upgrade, Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Fri, 03 Nov 2023 21:00:24 GMT
Keep-Alive: timeout=5, max=100
Location: https://zdorovieledy.ru/
Server: Apache
Upgrade: h2,h2c
X-Redirect-By: WordPress

GET
H2 200 css
fonts.googleapis.com/ 12 KB
1 KB 46ms
19ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Exo+2%3A400%2C400i%2C700%7CRoboto%3A400%2C400i%2C700&subset=cyrillic&display=swap

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

056184e342b1bede64bada8c779b3b08c3a51aa6c7270a79d1f151cd7f0bf45c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 21:00:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 03 Nov 2023 21:00:25 GMT

GET
H2 200 style.min.css
zdorovieledy.ru/wp-content/themes/zdorovieledy/assets/css/ 215 KB
40 KB 80ms
78ms Stylesheet
text/css 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to

Full URL: https://zdorovieledy.ru/wp-content/themes/zdorovieledy/assets/css/style.min.css
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: e4ef3c595ac266ec231f79cb3beaef7bf618c2aa87afb678e738ba906dcb74ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: gzip
last-modified: Thu, 26 Aug 2021 14:20:09 GMT
server: Apache
etag: "35a69-5ca77106c3840-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 40821

GET
H2 200 jquery.min.js Show response
zdorovieledy.ru/wp-includes/js/jquery/ 85 KB
30 KB 54ms
53ms Script
text/javascript 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to

Full URL: https://zdorovieledy.ru/wp-includes/js/jquery/jquery.min.js
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: 5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: gzip
last-modified: Wed, 09 Aug 2023 03:48:45 GMT
server: Apache
etag: "155ba-602755b3c9a3b-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 30343

GET
H2 200 plugin.min.js Show response
get.optad360.io/sf/7ba93d70-1db8-4f18-8cd6-f42f176728ba/ 288 KB
62 KB 136ms
38ms Script
application/javascript 2600:9000:218c:c400:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/7ba93d70-1db8-4f18-8cd6-f42f176728ba/plugin.min.js
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218c:c400:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 15dbcdac0428cd2f0fe0908ef712b07aaa30ba4423918551435fe453b61bd859

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 10:18:55 GMT
content-encoding: gzip
via: 1.1 aca12b6f838410f4b92b0d9603907f30.cloudfront.net (CloudFront)
last-modified: Tue, 19 Sep 2023 09:11:12 GMT
server: AmazonS3
x-amz-cf-pop: CDG50-P1
age: 38491
x-amz-server-side-encryption: AES256
etag: W/"5c296eeff897ad642724c3961d0c3bd3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=86400
x-amz-cf-id: xNghc7nU-kVxh1i43M-wnCsvcfcS22t1aMaZbTlxxmwsJ7OGhMWwYQ==

GET
H2 200 7dc02f83403f032a9ee1d03fd1433a6b91211f4f.js Show response
push.24olimp.ru/1004801/ 14 KB
4 KB 115ms
18ms Script
application/javascript 116.202.32.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://push.24olimp.ru/1004801/7dc02f83403f032a9ee1d03fd1433a6b91211f4f.js
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 116.202.32.31 Tönisvorst, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.31.32.202.116.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: 55d2d2872c3dcbe870c90c4b7d9e942456e8809e9cb5885ae42cc4e70edbc01e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: gzip
last-modified: Tue, 05 Sep 2023 14:21:48 GMT
server: nginx/1.18.0
etag: W/"64f7397c-37b6"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 context.js Show response
yandex.ru/ads/system/ 319 KB
91 KB 179ms
60ms Script
text/javascript 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/system/context.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a , Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

2e6509c398b04f81c0979e33ff15739ab107d9a3a761ac4f3497e70a3c6c3a03

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-encoding: br
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1699045225440937-4741271952278164377-balancer-l7leveler-kubr-yp-vla-162-BAL-1109
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Fri, 03 Nov 2023 22:00:25 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
51 KB 85ms
57ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2169694473459397

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f6c147644314f78829327cf7d47bcc7a8f0a2b7b41f1e2515b9c142952236c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zdorovieledy.ru/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52218
x-xss-protection: 0
server: cafe
etag: 15640915697894330546
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 03 Nov 2023 21:00:25 GMT

GET
H/1.1 200
OK zdorovieledy.js Show response
s3.wi-fi.ru/mtt/configs/sites/ 22 KB
7 KB 187ms
63ms Script
text/javascript 91.220.120.249
MAXIMATELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://s3.wi-fi.ru/mtt/configs/sites/zdorovieledy.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.220.120.249 , Russian Federation, ASN202173 (MAXIMATELECOM, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

8cd5aa76b102f5d10d5add1663eef2c3ce0dc699ae264f7aaf093f7033982d8e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Fri, 03 Nov 2023 21:00:25 GMT
Content-Security-Policy: block-all-mixed-content
Content-Encoding: gzip
Last-Modified: Thu, 12 Oct 2023 08:13:31 GMT
Server: nginx/1.14.2
X-Amz-Request-Id: 178D4E2564FAE744
Etag: W/"6318d74c5fdc43db536fecc5fdaf6cfe"
Transfer-Encoding: chunked
Vary: Accept-Encoding, Origin
Content-Type: text/javascript
X-Minio-Deployment-Id: ae9e4692-ccf9-495e-ad65-b797e6550821
Connection: keep-alive
X-Xss-Protection: 1; mode=block

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
51 KB 123ms
95ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

361165fff8e72d8aaf3ca4776fa347631befb6364b8d1788a6144be6a36eb584

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51890
x-xss-protection: 0
server: cafe
etag: 1412721381591795214
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 03 Nov 2023 21:00:25 GMT

GET
H2 200 scripts.min.js Show response
zdorovieledy.ru/wp-content/themes/zdorovieledy/assets/js/ 51 KB
10 KB 86ms
86ms Script
text/javascript 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to

Full URL: https://zdorovieledy.ru/wp-content/themes/zdorovieledy/assets/js/scripts.min.js
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: d2230cb1c1cb867cdf4d79eeb340d32e5fc0dec2936f8963140e6845cf268770

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: gzip
last-modified: Thu, 26 Aug 2021 14:20:09 GMT
server: Apache
etag: "cc1f-5ca77106c3840-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 9992

GET
H2 200 swiper.min.js Show response
zdorovieledy.ru/wp-content/themes/zdorovieledy/assets/js/plugins/ 133 KB
34 KB 88ms
88ms Script
text/javascript 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to

Full URL: https://zdorovieledy.ru/wp-content/themes/zdorovieledy/assets/js/plugins/swiper.min.js
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: a55b438b428508aeb2eb74f0a11ad7bc9ed76a020fcca76fe0c38b62a21ec267

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: gzip
last-modified: Thu, 26 Aug 2021 14:20:09 GMT
server: Apache
etag: "214bd-5ca77106c3840-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 34410

GET
H2 200 lazyload.min.js Show response
zdorovieledy.ru/wp-content/plugins/rocket-lazy-load/assets/js/16.1/ 8 KB
3 KB 50ms
50ms Script
text/javascript 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to

Full URL: https://zdorovieledy.ru/wp-content/plugins/rocket-lazy-load/assets/js/16.1/lazyload.min.js
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: 6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: gzip
last-modified: Wed, 27 Apr 2022 15:48:34 GMT
server: Apache
etag: "1ed2-5dda4bde79880-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 2704

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b2c5ec720589f442589df568f5dc92932bb95482274cff3d7acf8a9ec37663f9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 tag.js Show response
cdn.jsdelivr.net/npm/yandex-metrica-watch/ 214 KB
87 KB 39ms
22ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2dade26d313a48dd8fa7c2f6bb81d8fa246f38dfd0121956753af28c29f4414c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7465
x-jsd-version: 1.299.0
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230094-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"35869-AKFCGwiL1XTXlmG5A6PbfQ1UEf4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2Bfk4nGxjLPMDPE%2BCsCAcfluBm2fgopYgbV4mSj%2BNFTFl%2FHmNXwKaQ3q3%2B8YSYcX%2BAoGX63yLnpmO5unU07RaiL%2BlU2ej73J%2FeQ77iG4IcHpjvKLQGVRdFyiqomF3nIfhOm0rOPrOWCxn4hMvgo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 82078bf24f6f36dc-FRA

GET
H2 200 7cHmv4okm5zmbtYsK-4E4Q.woff2
fonts.gstatic.com/s/exo2/v21/ 20 KB
20 KB 31ms
8ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/exo2/v21/7cHmv4okm5zmbtYsK-4E4Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Exo+2%3A400%2C400i%2C700%7CRoboto%3A400%2C400i%2C700&subset=cyrillic&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20ac558ae4e736f5a22d58c1bcdab41693e106fb485d0c582be711621ef6456d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 18:05:16 GMT
x-content-type-options: nosniff
age: 10509
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20400
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:26:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 18:05:16 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
10 KB 42ms
19ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Exo+2%3A400%2C400i%2C700%7CRoboto%3A400%2C400i%2C700&subset=cyrillic&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:43:58 GMT
x-content-type-options: nosniff
age: 98187
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9644
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Nov 2024 17:43:58 GMT

GET
H2 200 7cHmv4okm5zmbtYoK-4.woff2
fonts.gstatic.com/s/exo2/v21/ 39 KB
40 KB 34ms
11ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/exo2/v21/7cHmv4okm5zmbtYoK-4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Exo+2%3A400%2C400i%2C700%7CRoboto%3A400%2C400i%2C700&subset=cyrillic&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9c1caceee24c82513919d61734ad3ccb66800fa0a92f71da617c49b8a872fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 18:29:56 GMT
x-content-type-options: nosniff
age: 95429
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40316
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:31:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Nov 2024 18:29:56 GMT

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60280b8ab4c8d489c74567c55e14945b935c2f5937855f808163ee40a65f065f

Request headers

Referer
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 wpshop-core.ttf
zdorovieledy.ru/wp-content/themes/zdorovieledy/assets/fonts/ 57 KB
58 KB 49ms
49ms Font
font/ttf 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to

Full URL: https://zdorovieledy.ru/wp-content/themes/zdorovieledy/assets/fonts/wpshop-core.ttf?bz30xv
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/wp-content/themes/zdorovieledy/assets/css/style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: 973408bd1a1da181c7eaa9293c0cd095f3836a76b626bc76af21e1cd96b5dcde

Request headers

Referer: https://zdorovieledy.ru/wp-content/themes/zdorovieledy/assets/css/style.min.css
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
last-modified: Thu, 26 Aug 2021 14:20:09 GMT
server: Apache
accept-ranges: bytes
etag: "e52c-5ca77106c3840"
content-length: 58668
content-type: font/ttf

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 36ms
16ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Exo+2%3A400%2C400i%2C700%7CRoboto%3A400%2C400i%2C700&subset=cyrillic&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 28 Oct 2023 13:37:19 GMT
x-content-type-options: nosniff
age: 544986
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 27 Oct 2024 13:37:19 GMT

GET
H2

200

1 Show response
mc.yandex.ru/watch/3/
Redirect Chain

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Afp%3A991%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen...
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Afp%3A991%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ae...

264 B
300 B

63ms
62ms

Fetch
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Afp%3A991%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1150%3Acn%3A2%3Adp%3A0%3Als%3A948240174337%3Ahid%3A292576548%3Az%3A60%3Ai%3A20231103220025%3Aet%3A1699045225%3Ac%3A1%3Arn%3A2022967%3Arqn%3A1%3Au%3A1699045225467725521%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C104%2C175%2C50%2C445%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1699045224374%3Ast%3A1699045225&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29&redirnss=1

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

9550f150e8cc0ab3ec70ed82b41bdb7c9162902b8abd2e2092bed0b497c5b565

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Fri, 03-Nov-2023 21:00:25 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://zdorovieledy.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 264
x-xss-protection: 1; mode=block
expires: Fri, 03-Nov-2023 21:00:25 GMT

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:25 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 03-Nov-2023 21:00:25 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/3/1?wmode=7&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Afp%3A991%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1150%3Acn%3A2%3Adp%3A0%3Als%3A948240174337%3Ahid%3A292576548%3Az%3A60%3Ai%3A20231103220025%3Aet%3A1699045225%3Ac%3A1%3Arn%3A2022967%3Arqn%3A1%3Au%3A1699045225467725521%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C104%2C175%2C50%2C445%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1699045224374%3Ast%3A1699045225&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29&redirnss=1
access-control-allow-origin: https://zdorovieledy.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Fri, 03-Nov-2023 21:00:25 GMT

GET
H2 200 advert.gif
mc.yandex.ru/metrika/ 43 B
322 B 177ms
64ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 02 Nov 2023 11:36:02 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "654389a2-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Fri, 03 Nov 2023 22:00:25 GMT

GET
H2

200

1 Show response
mc.yandex.ru/watch/82692964/
Redirect Chain

https://mc.yandex.ru/watch/82692964?wmode=7&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Afp%3A991%3Afu%3A0%3Aen%3Autf...
https://mc.yandex.ru/watch/82692964/1?wmode=7&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Afp%3A991%3Afu%3A0%3Aen%3Au...

420 B
502 B

63ms
62ms

Fetch
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/82692964/1?wmode=7&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Afp%3A991%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1150%3Acn%3A1%3Adp%3A0%3Als%3A1475501242492%3Ahid%3A292576548%3Az%3A60%3Ai%3A20231103220025%3Aet%3A1699045225%3Ac%3A1%3Arn%3A145074013%3Arqn%3A1%3Au%3A1699045225467725521%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C104%2C175%2C50%2C445%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1699045224374%3Arqnl%3A1%3Ast%3A1699045225%3At%3A%D0%9F%D1%80%D0%BE%D1%81%D1%82%D1%8B%D0%BC%D0%B8%20%D1%81%D0%BB%D0%BE%D0%B2%D0%B0%D0%BC%D0%B8%20%D0%BE%20%D1%81%D0%B0%D0%BC%D0%BE%D0%BC%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%B5%D1%81%D0%BD%D0%BE%D0%BC&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

5782cc466ec0473bc17c3bb0573c32fc1a478015596f1c8bfdcac765c06fb9ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Fri, 03-Nov-2023 21:00:25 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://zdorovieledy.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 420
x-xss-protection: 1; mode=block
expires: Fri, 03-Nov-2023 21:00:25 GMT

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:25 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 03-Nov-2023 21:00:25 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/82692964/1?wmode=7&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Afp%3A991%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1150%3Acn%3A1%3Adp%3A0%3Als%3A1475501242492%3Ahid%3A292576548%3Az%3A60%3Ai%3A20231103220025%3Aet%3A1699045225%3Ac%3A1%3Arn%3A145074013%3Arqn%3A1%3Au%3A1699045225467725521%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C104%2C175%2C50%2C445%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1699045224374%3Arqnl%3A1%3Ast%3A1699045225%3At%3A%D0%9F%D1%80%D0%BE%D1%81%D1%82%D1%8B%D0%BC%D0%B8%20%D1%81%D0%BB%D0%BE%D0%B2%D0%B0%D0%BC%D0%B8%20%D0%BE%20%D1%81%D0%B0%D0%BC%D0%BE%D0%BC%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%B5%D1%81%D0%BD%D0%BE%D0%BC&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29
access-control-allow-origin: https://zdorovieledy.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Fri, 03-Nov-2023 21:00:25 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/ 399 KB
135 KB 77ms
76ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2169694473459397&plah=zdorovieledy.ru

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2169694473459397

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e55db54a397fd4c54ceacb1fd97497392d2e6f13a1a50837176c1b3feb98dc0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138244
x-xss-protection: 0
server: cafe
etag: 10022821941961761263
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 03 Nov 2023 21:00:25 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231101/r20190131/ Frame 51EF 10 KB
5 KB 28ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231101/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2169694473459397

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zdorovieledy.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 71943
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 01:01:22 GMT
etag: 251720774729838433
expires: Fri, 17 Nov 2023 01:01:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 1620736369_14-phonoteka_org-p-elementi-dlya-fona-17.png
zdorovieledy.ru/wp-content/uploads/2022/04/ 283 KB
285 KB 53ms
51ms Image
image/png 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zdorovieledy.ru/wp-content/uploads/2022/04/1620736369_14-phonoteka_org-p-elementi-dlya-fona-17.png
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: 417094a113e794b806f92acee255768391a3c9c2957685bec3007bfd0e996d4b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
last-modified: Wed, 20 Apr 2022 07:48:56 GMT
server: Apache
accept-ranges: bytes
etag: "46cf5-5dd1139b68a00"
content-length: 290037
content-type: image/png

GET
H2 200 Skrinshot-20-04-2022-104725.jpg
zdorovieledy.ru/wp-content/uploads/2022/04/ 75 KB
76 KB 53ms
51ms Image
image/jpeg 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zdorovieledy.ru/wp-content/uploads/2022/04/Skrinshot-20-04-2022-104725.jpg
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: 0f089d447baa9f51a7ae8dff56d3e16f75326e6b1923d9cfc8bb2a4247805ea9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
last-modified: Wed, 20 Apr 2022 07:40:32 GMT
server: Apache
accept-ranges: bytes
etag: "12c08-5dd111bac1c00"
content-length: 76808
content-type: image/jpeg

GET
H2 200 Skrinshot-20-04-2022-104725-335x220.jpg
zdorovieledy.ru/wp-content/uploads/2022/04/ 13 KB
13 KB 51ms
50ms Image
image/jpeg 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zdorovieledy.ru/wp-content/uploads/2022/04/Skrinshot-20-04-2022-104725-335x220.jpg
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: 0321b2b62b565b3d740cbf32490953fd7acf455bedb700e1f354a95121db0f78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
last-modified: Wed, 20 Apr 2022 07:40:32 GMT
server: Apache
accept-ranges: bytes
etag: "327c-5dd111bac1c00"
content-length: 12924
content-type: image/jpeg

GET
H2 200 Skrinshot-20-04-2022-104512-335x220.jpg
zdorovieledy.ru/wp-content/uploads/2022/04/ 14 KB
15 KB 53ms
51ms Image
image/jpeg 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zdorovieledy.ru/wp-content/uploads/2022/04/Skrinshot-20-04-2022-104512-335x220.jpg
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: ad7f10cde03cdfc268b84174d2db61be7425c662fc959f013b958320be3c1398

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
last-modified: Wed, 20 Apr 2022 07:38:21 GMT
server: Apache
accept-ranges: bytes
etag: "398b-5dd1113dd3540"
content-length: 14731
content-type: image/jpeg

GET
H2 200 Skrinshot-20-04-2022-104046-335x220.jpg
zdorovieledy.ru/wp-content/uploads/2022/04/ 17 KB
17 KB 53ms
52ms Image
image/jpeg 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zdorovieledy.ru/wp-content/uploads/2022/04/Skrinshot-20-04-2022-104046-335x220.jpg
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: 4bdfa4a8506ade8df9ce261876bfb544940ef11b2cebd5faef1a7b664dd5a298

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
last-modified: Wed, 20 Apr 2022 07:34:00 GMT
server: Apache
accept-ranges: bytes
etag: "44ba-5dd11044eaa00"
content-length: 17594
content-type: image/jpeg

GET
H2 200 Skrinshot-20-04-2022-103712-335x220.jpg
zdorovieledy.ru/wp-content/uploads/2022/04/ 11 KB
12 KB 53ms
52ms Image
image/jpeg 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zdorovieledy.ru/wp-content/uploads/2022/04/Skrinshot-20-04-2022-103712-335x220.jpg
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: 3ea22e25aea5cd66209b403f9b7c8589b5d82d59a4e19238d61b1420a98febb6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
last-modified: Wed, 20 Apr 2022 07:30:24 GMT
server: Apache
accept-ranges: bytes
etag: "2d92-5dd10f76ec400"
content-length: 11666
content-type: image/jpeg

GET
H2 200 Skrinshot-20-04-2022-103439-335x220.jpg
zdorovieledy.ru/wp-content/uploads/2022/04/ 15 KB
15 KB 53ms
52ms Image
image/jpeg 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zdorovieledy.ru/wp-content/uploads/2022/04/Skrinshot-20-04-2022-103439-335x220.jpg
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: 7cf3664a2c648d0618c909a9173a9e6a3f5dd27168764e037d3c2374485a8d5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
last-modified: Wed, 20 Apr 2022 07:27:42 GMT
server: Apache
accept-ranges: bytes
etag: "3b80-5dd10edc6d780"
content-length: 15232
content-type: image/jpeg

GET
H2 200 para_liubov_kanon_123532_1280x720-335x220.jpg
zdorovieledy.ru/wp-content/uploads/2021/04/ 22 KB
22 KB 103ms
103ms Image
image/jpeg 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zdorovieledy.ru/wp-content/uploads/2021/04/para_liubov_kanon_123532_1280x720-335x220.jpg
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: 141b37e87db8ffd665b2348c155f3a6b40551bbb736184a37dd4067d1eadc2ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
last-modified: Thu, 01 Apr 2021 17:44:45 GMT
server: Apache
accept-ranges: bytes
etag: "58f3-5beecc974fd40"
content-length: 22771
content-type: image/jpeg

GET
H2 200 iptogeo Show response
ipgeo.service.qvant.ru/api/v1/ 35 B
125 B 275ms
55ms XHR
application/json 91.220.120.21
MAXIMATELECOM

General

Check archive.org

Show headers Download Go to

Full URL: https://ipgeo.service.qvant.ru/api/v1/iptogeo
Requested by: Host: s3.wi-fi.ru
URL: https://s3.wi-fi.ru/mtt/configs/sites/zdorovieledy.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.220.120.21 , Russian Federation, ASN202173 (MAXIMATELECOM, RU),
Reverse DNS
Software: nginx /
Resource Hash: 97f3fe872af5afde41784c06c54eef0952565322032c9ba3a3dd82c7a4cc02de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 03 Nov 2023 21:00:25 GMT
server: nginx
content-length: 35
content-type: application/json

GET
H2 200 a1c040c9c689e34ed20b.js Show response
yastatic.net/partner-code-bundles/902105/ 14 KB
5 KB 208ms
126ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/902105/a1c040c9c689e34ed20b.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

459ae4c6b63a4bb2cb02c4bade60e24c482293e0876bd71aa088ced2fd4aa1f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://zdorovieledy.ru/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 4771
last-modified: Thu, 02 Nov 2023 19:11:02 GMT
server: nginx/1.17.9
etag: "43c38bd52932781b5b7c1db3808c0d19"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 03 Nov 2053 03:32:52 GMT

GET
H2 200 12922ff5bac2802fd2f2.js Show response
yastatic.net/partner-code-bundles/902105/ 24 KB
8 KB 207ms
126ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/902105/12922ff5bac2802fd2f2.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

95342e68634196ba4cacad22852b250fe7ff1196b4d0e45d513dccd7bc8e09db

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://zdorovieledy.ru/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 7951
last-modified: Thu, 02 Nov 2023 19:11:02 GMT
server: nginx/1.17.9
etag: "ca7164873bd81febb8ffa454ce7dcf61"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 03 Nov 2053 03:32:52 GMT

GET
H2 200 32f63b7d50ff2e42ed2b.js Show response
yastatic.net/partner-code-bundles/902105/ 122 KB
27 KB 175ms
94ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/902105/32f63b7d50ff2e42ed2b.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

8e5a090344c3e521f2feb3cabf31c02707032881cb462cba100ef0261ff2e1a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://zdorovieledy.ru/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 26719
last-modified: Thu, 02 Nov 2023 19:11:02 GMT
server: nginx/1.17.9
etag: "ff0a0e770e0c322d3c0b6b696b2b7b1c"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 03 Nov 2053 03:32:52 GMT

GET
H2 200 host.js Show response
yastatic.net/safeframe-bundles/0.83/ 33 KB
9 KB 197ms
116ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/safeframe-bundles/0.83/host.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://zdorovieledy.ru/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 8878
last-modified: Wed, 03 Nov 2021 13:42:58 GMT
server: nginx/1.17.9
etag: "f80882bf67cf261aa08d636da095149a"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 03 Nov 2053 03:33:03 GMT

GET
H2 200 text-variable-full.woff2
yastatic.net/s3/home/fonts/ys/3/ 25 KB
26 KB 147ms
68ms Font
font/woff2 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/s3/home/fonts/ys/3/text-variable-full.woff2

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://zdorovieledy.ru/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 26004
x-amz-meta-owner: {"role":"admin","login":"4eb0da"}
last-modified: Mon, 25 Apr 2022 14:02:39 GMT
server: nginx/1.17.9
etag: "7f0cdaf91230f9789ca4162aedff612e"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31556952
x-nginx-request-id: 20a6b95ed994564a
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Nov 2024 02:46:15 GMT

GET
H2 200 4c099a3a4ad35be2d86a.js Show response
yastatic.net/partner-code-bundles/902105/ 59 KB
15 KB 191ms
115ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/902105/4c099a3a4ad35be2d86a.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

11cd8d40d84f166242c75509f56a74ba9745c45a93fc08ee1589c178b4a497ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://zdorovieledy.ru/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 14828
last-modified: Thu, 02 Nov 2023 19:11:02 GMT
server: nginx/1.17.9
etag: "2128465bd21300801a48e1291b744a47"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 03 Nov 2053 03:32:50 GMT

GET
H2 200 f3e64fe237f67b45f97b.js Show response
yastatic.net/partner-code-bundles/902105/ 610 KB
117 KB 100ms
99ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/902105/f3e64fe237f67b45f97b.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

6ab75e8a88cd6f9795dec64f50748838a54b4e9a645e43b673542fa1199eaa16

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://zdorovieledy.ru/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 119437
last-modified: Thu, 02 Nov 2023 19:11:02 GMT
server: nginx/1.17.9
etag: "a4c16c8b17541370fd90b2e6a741bd42"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 03 Nov 2053 03:32:50 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 100 KB
31 KB 130ms
81ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/7ba93d70-1db8-4f18-8cd6-f42f176728ba/plugin.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

330428bfbf80e592f0577e954484fdba3dc04724d53ec26a86fb4aa4f8163ba5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31324
x-xss-protection: 0
server: cafe
etag: 933 / 19664 / m202310310101 / config-hash: 15173247554200706278
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 03 Nov 2023 21:00:25 GMT

GET
H2

200

sync_cookie_image_decide
mc.webvisor.org/
Redirect Chain

https://mc.webvisor.org/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=10172._hdP2f91KVe5WeP6IRHitDfyISlbkMJwL9X9NwtwyI9JF4tSp9q2jrZeUrdSAMLI.RzE3U7KDTk87nbUIXVn4CIMItMI%2C
https://mc.webvisor.org/sync_cookie_image_decide?token=10172.-tOSVU17YBORyFJGn_56j5VPan3u37dBOQ8IyMvKMea_JjgsxCLYJwc0ib7noodLhS49kIFU5ofUCx0QiiWyzfznufWEIq2x56R-Cppl5YWVEZPY4fdAEVktivxX0zkJe1hZSMBU...

43 B
532 B

54ms
54ms

Image
image/gif

80.239.201.54
TWELVE99 Arelion

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.webvisor.org/sync_cookie_image_decide?token=10172.-tOSVU17YBORyFJGn_56j5VPan3u37dBOQ8IyMvKMea_JjgsxCLYJwc0ib7noodLhS49kIFU5ofUCx0QiiWyzfznufWEIq2x56R-Cppl5YWVEZPY4fdAEVktivxX0zkJe1hZSMBUP9t_Z_EgYaBItpXAsG4oftj7MEl19f3VSqKceYMgdv2VyQzyH-CrV4vBrA9DDt2D3al8B1mteY3aIYCiol4_yvOTJ2b4eguXO9w%2C.lgS0z28SHY7xWfBH3IIviL0vjSk%2C

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Server

80.239.201.54 , Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.webvisor.org/sync_cookie_image_decide?token=10172.-tOSVU17YBORyFJGn_56j5VPan3u37dBOQ8IyMvKMea_JjgsxCLYJwc0ib7noodLhS49kIFU5ofUCx0QiiWyzfznufWEIq2x56R-Cppl5YWVEZPY4fdAEVktivxX0zkJe1hZSMBUP9t_Z_EgYaBItpXAsG4oftj7MEl19f3VSqKceYMgdv2VyQzyH-CrV4vBrA9DDt2D3al8B1mteY3aIYCiol4_yvOTJ2b4eguXO9w%2C.lgS0z28SHY7xWfBH3IIviL0vjSk%2C
date: Fri, 03 Nov 2023 21:00:26 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 397 B
607 B 53ms
14ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=zdorovieledy.ru&callback=_gfp_s_&client=ca-pub-2169694473459397

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2169694473459397&plah=zdorovieledy.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70748a51411b299311fd16f79fda2b8824bf27c2bc883869db0961836a35fe0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 17EB 603 B
218 B 167ms
166ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2169694473459397&output=html&adk=1812271804&adf=1573534164&lmt=1650440532&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C188x945_r&format=0x0&url=https%3A%2F%2Fzdorovieledy.ru%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699045225500&bpp=4&bdt=390&idt=265&shv=r20231101&mjsv=m202310310101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4149270551015&frm=20&pv=2&ga_vid=1842509259.1699045226&ga_sid=1699045226&ga_hid=1451533323&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079307%2C31079345%2C44795922%2C44807048%2C44807334%2C44807455%2C44807461%2C31078301&oid=2&pvsid=2726199759630939&tmod=1169782769&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=301

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zdorovieledy.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 header-bidding.js Show response
yandex.ru/ads/system/ 111 KB
32 KB 55ms
54ms Script
text/javascript 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/system/header-bidding.js

Requested by

Host: s3.wi-fi.ru
URL: https://s3.wi-fi.ru/mtt/configs/sites/zdorovieledy.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a , Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

188c418e2e9a82efd8859aca963e14be1bc4a271508c7f06f692501702c132c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-encoding: br
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1699045225911844-5908504221801588064-balancer-l7leveler-kubr-yp-vla-162-BAL-2106
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Fri, 03 Nov 2023 22:00:25 GMT

GET
H/1.1 200
OK all.js Show response
s3.wi-fi.ru/mtt/banners/libs/1.11.4/ 142 KB
32 KB 66ms
66ms Script
text/javascript 91.220.120.249
MAXIMATELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://s3.wi-fi.ru/mtt/banners/libs/1.11.4/all.js

Requested by

Host: s3.wi-fi.ru
URL: https://s3.wi-fi.ru/mtt/configs/sites/zdorovieledy.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.220.120.249 , Russian Federation, ASN202173 (MAXIMATELECOM, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

6720fb9ead71bae3b623dc8943f9609cefd11203330684d64c79c301c330ac8a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Fri, 03 Nov 2023 21:00:25 GMT
Content-Security-Policy: block-all-mixed-content
Content-Encoding: gzip
Last-Modified: Tue, 03 Oct 2023 10:08:31 GMT
Server: nginx/1.14.2
X-Amz-Request-Id: 178A92AB58627D63
Etag: W/"7e99cdf22164e55508dadbbec91bef1d"
Transfer-Encoding: chunked
Vary: Accept-Encoding, Origin
Content-Type: text/javascript
X-Minio-Deployment-Id: ae9e4692-ccf9-495e-ad65-b797e6550821
Connection: keep-alive
X-Xss-Protection: 1; mode=block

GET
H2 200 adriver-core.js Show response
content.adriver.ru/ 21 KB
21 KB 305ms
50ms Script
application/javascript 88.218.242.3
MELBICOM-EU-AS Me...

General

Check archive.org

Show headers Download Go to

Full URL: https://content.adriver.ru/adriver-core.js
Requested by: Host: s3.wi-fi.ru
URL: https://s3.wi-fi.ru/mtt/configs/sites/zdorovieledy.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 88.218.242.3 Moscow, Russian Federation, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software: nginx /
Resource Hash: 42d19ded94a5695c5aafbd79adfc488217628ec7bb865db032aa94c9aa445c56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:55:55 GMT
last-modified: Tue, 29 Aug 2023 12:05:50 GMT
server: nginx
etag: "64eddf1e-5427"
content-type: application/javascript
cache-control: max-age=3600
accept-ranges: bytes
content-length: 21543
expires: Fri, 03 Nov 2023 21:55:55 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/ 425 KB
133 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8cf20f6e98c91ff5a877209649b0839bb06e5751793babfb0dbbbb60a9e811a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 11:02:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35858
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136288
x-xss-protection: 0
server: cafe
etag: 17302374607849014435
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 02 Nov 2024 11:02:47 GMT

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 143ms
7ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 02:29:26 GMT
content-encoding: gzip
age: 757860
x-guploader-uploadid: ABPtcPqHbjqPhKh2g3rLNDONjQOKU61Px7tzqzBh7WkCYt0i0BsdHalj9-b0OPiPUoULQhA2lZHQGq8cBXCis3HntxktCwlYb4qI
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Fri, 25 Oct 2024 02:29:26 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 161ms
26ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx
etag: W/"653b5c0e-a9a7"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 04 Nov 2023 21:00:26 GMT

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 143 KB
31 KB 155ms
18ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fab57543f51269755c854c09e1a361e6a3c04ae97b28b483ae00f13de630e9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 24 Oct 2023 08:11:43 GMT
server: cloudflare
x-amz-request-id: AZKHMN3J5641D79A
age: 1644
etag: W/"8a9ad568d94062c0186983f6aac0be50"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 82078bf77c4118cd-FRA
x-amz-id-2: YY4ezUb+Muw1VQU1aI5EgLP88wpJNBo+MUdVwQr7NiV/iORInFjKJJUHg1PFn8mGwE0HwKVkR34=

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
3 KB 144ms
8ms Script
text/javascript 2600:9000:2250:f000:a:e047:753:a221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:f000:a:e047:753:a221 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: KP_OVZMS6roEW_XJdOd.KnSEmM8GWiP3
Date: Fri, 03 Nov 2023 08:28:15 GMT
Via: 1.1 d4f777a2d5a6d5aeb7eb6201b41775ea.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P2
Age: 56732
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 2776
Last-Modified: Thu, 19 Oct 2023 06:40:11 GMT
Server: AmazonS3
ETag: "a3a9a9ee8e72db69d54e805f0586c651"
Content-Type: text/javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: ufmd_7HGwCMEM4KKEB1lGWrr11L45Kp914diiptjf0BOol9o9xArTQ==

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
800 B 17ms
16ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 17517
x-jsd-version: master
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230066-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QqbVd8V4zLTf1%2FhjRrHy31gINFzYNTRZnPqoYdrb6G6AhFYVBfVL%2BMVt%2FRG7hpo0DgpkZOEuizx9v9yPY6v3XQ4FV6YgOSEKoXhzAodQPP9Z%2FZVcleutSsK7rVcv9V1O4sFp3L1eS8n7l7Sh14M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 82078bf69be836dc-FRA

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 153ms
18ms Script
text/javascript 18.155.129.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.155.129.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-129-34.cdg52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 05:49:32 GMT
content-encoding: gzip
via: 1.1 7942de46d7f690659dee238fe5cd2d32.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: CDG52-P4
age: 54657
x-amz-server-side-encryption: AES256
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: eCbBTim1rmUqqCvsrM9ImlcewaIyfdTcxZVUc_y8D_TOq9EdnJ5rJg==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 159ms
24ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 9efe890ccbb8050144c6964d0746aacc
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 193 KB
54 KB 1639ms
1639ms Fetch
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2726199759630939&correlator=1834619682499630&eid=44807689&output=ldjh&gdfp_req=1&vrg=202310310101&ptt=17&impl=fif&iu_parts=121764058%3A22042839856%2Czoobird.ru%2Czoobird.ru_Interstitial&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=2&sfv=1-0-40&ists=1&fas=8&sc=1&cookie=ID%3D1198b4ecc1014cb7-22fce1cac5e40018%3AT%3D1699045225%3ART%3D1699045225%3AS%3DALNI_MbP1uL0IQDJFMzE5RS1-JPqkZrfKg&gpic=UID%3D00000d9f5f98df2e%3AT%3D1699045225%3ART%3D1699045225%3AS%3DALNI_MZIpNPcdgd0zYIHCPwP6H54z62UIQ&abxe=1&dt=1699045225986&lmt=1650440532&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Fzdorovieledy.ru%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1842509259.1699045226&ga_sid=1699045226&ga_hid=1451533323&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY_-vyt7kxSABSAghkEhkKCnB1YmNpZC5vcmcY_-vyt7kxSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGP_r8re5MUgAUgIIZBIXCghydGJob3VzZRj_6_K3uTFIAFICCGQSFAoFb3BlbngY_uvyt7kxSABSAghkEhkKCnVpZGFwaS5jb20Y_-vyt7kxSABSAghkEhsKDGlkNS1zeW5jLmNvbRj_6_K3uTFIAFICCGQ.&dlt=1699045225109&idt=841&adks=857435150&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fcb12b30ac6ce5d33b15062021a0dee67ad759e0020d2db332386ddec0c7807

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:27 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54905
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://zdorovieledy.ru
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 94 KB
43 KB 933ms
932ms Fetch
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2726199759630939&correlator=1834619682499630&eid=44807689&output=ldjh&gdfp_req=1&vrg=202310310101&ptt=17&impl=fif&iu_parts=121764058%3A22042839856%2Czoobird.ru%2Czoobird.ru_SF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C750x100%7C970x90&ifi=3&sfv=1-0-40&sc=1&cookie=ID%3D1198b4ecc1014cb7-22fce1cac5e40018%3AT%3D1699045225%3ART%3D1699045225%3AS%3DALNI_MbP1uL0IQDJFMzE5RS1-JPqkZrfKg&gpic=UID%3D00000d9f5f98df2e%3AT%3D1699045225%3ART%3D1699045225%3AS%3DALNI_MZIpNPcdgd0zYIHCPwP6H54z62UIQ&abxe=1&dt=1699045225994&lmt=1650440532&adxs=436&adys=1200&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Fzdorovieledy.ru%2F&vis=1&psz=0x-1&msz=728x-1&fws=640&ohw=0&ga_vid=1842509259.1699045226&ga_sid=1699045226&ga_hid=1451533323&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY_-vyt7kxSABSAghkEhkKCnB1YmNpZC5vcmcY_-vyt7kxSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGP_r8re5MUgAUgIIZBIXCghydGJob3VzZRj_6_K3uTFIAFICCGQSFAoFb3BlbngY_uvyt7kxSABSAghkEhkKCnVpZGFwaS5jb20Y_-vyt7kxSABSAghkEhsKDGlkNS1zeW5jLmNvbRj_6_K3uTFIAFICCGQ.&dlt=1699045225109&idt=841&adks=432837046&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ccf1dd1f6ec2de31523d52d59e8862af3b44539e2386eccd4d3a4b16f8e1b8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44203
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://zdorovieledy.ru
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 118 KB
46 KB 591ms
591ms Fetch
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2726199759630939&correlator=1834619682499630&eid=44807689&output=ldjh&gdfp_req=1&vrg=202310310101&ptt=17&impl=fif&iu_parts=121764058%3A22042839856%2Czoobird.ru%2Czoobird.ru_ATF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x90%7C970x250&ifi=4&sfv=1-0-40&sc=1&cookie=ID%3D1198b4ecc1014cb7-22fce1cac5e40018%3AT%3D1699045225%3ART%3D1699045225%3AS%3DALNI_MbP1uL0IQDJFMzE5RS1-JPqkZrfKg&gpic=UID%3D00000d9f5f98df2e%3AT%3D1699045225%3ART%3D1699045225%3AS%3DALNI_MZIpNPcdgd0zYIHCPwP6H54z62UIQ&abxe=1&dt=1699045225999&lmt=1650440532&adxs=436&adys=573&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Fzdorovieledy.ru%2F&vis=1&psz=0x-1&msz=728x-1&fws=132&ohw=1600&ga_vid=1842509259.1699045226&ga_sid=1699045226&ga_hid=1451533323&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY_-vyt7kxSABSAghkEhkKCnB1YmNpZC5vcmcY_-vyt7kxSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGP_r8re5MUgAUgIIZBIXCghydGJob3VzZRj_6_K3uTFIAFICCGQSFAoFb3BlbngY_uvyt7kxSABSAghkEhkKCnVpZGFwaS5jb20Y_-vyt7kxSABSAghkEhsKDGlkNS1zeW5jLmNvbRj_6_K3uTFIAFICCGQ.&dlt=1699045225109&idt=841&adks=982550737&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc8838761387ce639c31012496f42fc618a92847b8896b6b9dc2c79f3ef74ed7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47147
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://zdorovieledy.ru
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 111 KB
46 KB 1925ms
1924ms Fetch
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2726199759630939&correlator=1834619682499630&eid=44807689&output=ldjh&gdfp_req=1&vrg=202310310101&ptt=17&impl=fif&iu_parts=121764058%3A22042839856%2Czoobird.ru%2Czoobird.ru_W1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x600&ifi=5&sfv=1-0-40&sc=1&cookie=ID%3D1198b4ecc1014cb7-22fce1cac5e40018%3AT%3D1699045225%3ART%3D1699045225%3AS%3DALNI_MbP1uL0IQDJFMzE5RS1-JPqkZrfKg&gpic=UID%3D00000d9f5f98df2e%3AT%3D1699045225%3ART%3D1699045225%3AS%3DALNI_MZIpNPcdgd0zYIHCPwP6H54z62UIQ&abxe=1&dt=1699045226005&lmt=1650440532&adxs=1050&adys=1102&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Fzdorovieledy.ru%2F&vis=1&psz=0x-1&msz=300x-1&fws=132&ohw=1600&ga_vid=1842509259.1699045226&ga_sid=1699045226&ga_hid=1451533323&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY_-vyt7kxSABSAghkEhkKCnB1YmNpZC5vcmcY_-vyt7kxSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGP_r8re5MUgAUgIIZBIXCghydGJob3VzZRj_6_K3uTFIAFICCGQSFAoFb3BlbngY_uvyt7kxSABSAghkEhkKCnVpZGFwaS5jb20Y_-vyt7kxSABSAghkEhsKDGlkNS1zeW5jLmNvbRj_6_K3uTFIAFICCGQ.&dlt=1699045225109&idt=841&adks=1582606233&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9cc9bad784b24501e0317284a1827d4c8127c998c60ff5a39f687ecc6a1e74ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:27 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46786
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://zdorovieledy.ru
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3AD8 6 KB
3 KB 63ms
14ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zdorovieledy.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:26 GMT
expires: Sat, 02 Nov 2024 21:00:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/ 39 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl_page_level_ads.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7b8af9b735073ec39e38018ae49ba7396286cd7e2cb2c4d457885ff41ad755f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 12:04:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32173
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13740
x-xss-protection: 0
server: cafe
etag: 11733316767131186006
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 02 Nov 2024 12:04:13 GMT

GET
H2 200 getcookie Show response
matchid.adfox.yandex.ru/ 88 B
275 B 191ms
58ms XHR
application/json 2a02:6b8::16b
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://matchid.adfox.yandex.ru/getcookie

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/header-bidding.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a02:6b8::16b Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

d85c3f3cfd83940b22f53ec01130fed54c31d6ee8ff19ecc66fc95196fe6e0fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://zdorovieledy.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://zdorovieledy.ru
date: Fri, 03 Nov 2023 21:00:26 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
timing-allow-origin: *
content-length: 88
content-type: application/json

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fzdorovieledy.ru%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fzdorovieledy.ru%2F&rid=esp&cc=1

85 B
202 B

119ms
118ms

Fetch
application/json

34.120.135.53
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fzdorovieledy.ru%2F&rid=esp&cc=1
Protocol: H2
Server: 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: c6ba28d5afb3ad12e1d599e609dcc3f1fc633f63c9d55f337214083ba6e4a6b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-54Xni0BwkI0+LsMlQccfC3qaV7U"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://zdorovieledy.ru
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Fri, 03 Nov 2023 21:00:26 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://zdorovieledy.ru
location: /esp?url=https%3A%2F%2Fzdorovieledy.ru%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame A071 15 KB
6 KB 45ms
17ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=zdorovieledy.ru

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://zdorovieledy.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:25 GMT
server: Kestrel
server-processing-duration-in-ticks: 242172
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
231 B 29ms
7ms XHR
text/plain 141.95.33.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.95.33.111 , Germany, ASN16276 (OVH, FR),

Reverse DNS

ns3203177.ip-141-95-33.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://zdorovieledy.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://zdorovieledy.ru
date: Fri, 03 Nov 2023 21:00:25 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
334 B 119ms
32ms XHR
application/json 34.249.63.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.63.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-63-196.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 19aed234ef7080013c9cfc81584327bc6d47f827919eee10a4b69fed424638ff

Request headers

Referer: https://zdorovieledy.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://zdorovieledy.ru
cache-control: no-cache
x-server: 10.45.23.46
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 200 7226a3bfbe1e3a1c0885.js Show response
yastatic.net/partner-code-bundles/902105/ 9 KB
4 KB 36ms
35ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/902105/7226a3bfbe1e3a1c0885.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/header-bidding.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

7c1b93943f2c358ea10bc315255008a18d0d5b1ca54f13c3be9c7bcd5e422d69

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://zdorovieledy.ru/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 3557
last-modified: Thu, 02 Nov 2023 19:11:02 GMT
server: nginx/1.17.9
etag: "e5920dd0a4261310fc7ca3e18151193d"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 03 Nov 2053 03:32:54 GMT

GET
H2 200 c416a2684bbdfa53a041.js Show response
yastatic.net/partner-code-bundles/902105/ 30 KB
9 KB 37ms
36ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/902105/c416a2684bbdfa53a041.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/header-bidding.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

513fce28ef11f555cc363b63aa670f2bc0427d4f1f4d2a3fd47b64c99261713b

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://zdorovieledy.ru/
Origin: https://zdorovieledy.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 8680
last-modified: Thu, 02 Nov 2023 19:11:02 GMT
server: nginx/1.17.9
etag: "3f5437cd67c53b5250a77a2e45017b4f"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 03 Nov 2053 03:32:57 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame A071
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=zdorovieledy.ru&sn=ChromeSyncframe&so=0&topUrl=zdorovieledy.ru&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=nUcda3xKays0NWlYczNjQVVJN0hyS2RsNENKQUdUY0g2c2h5d0YvV3dTS01IcWh5QlF1dW9RS1duSWJ1ci9GQUFuRUd2enBDMS9NaUJwaS9MakZEZnN0c2hPeWR2czd4UHZBOUZjNERja0ZnaGVwRDNkSzBtNVY4UldHZU...

428 B
649 B

37ms
14ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=nUcda3xKays0NWlYczNjQVVJN0hyS2RsNENKQUdUY0g2c2h5d0YvV3dTS01IcWh5QlF1dW9RS1duSWJ1ci9GQUFuRUd2enBDMS9NaUJwaS9MakZEZnN0c2hPeWR2czd4UHZBOUZjNERja0ZnaGVwRDNkSzBtNVY4UldHZU0zTmZLZ25SSytIYTM1blRweHZWT1RBSEs2N2dsK0xCdnk4Rm1HK0YwUGhXOWpRMnVXYlF3YmM2RW5BYjNxL1V5ZTg4UE5Xa2pyUjdhWDdFTjhYZUZnWXYrWHdqV0RLL3lEU21XWUt4Z0dFc2hScHBTaDViRVBlbW1YT05OeUVoZHNMbXRuVXBnUHRxWmpJZEdJdlJaamNhcEZxcmgwREhjZU9FR25rTGt0KzQrR0NtemFtQT18&cppv=2

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f36d57f91502963d51a7ae4940fb267364d9c1805bf5f973d327257bb4084024

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:25 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1212448
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:25 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=nUcda3xKays0NWlYczNjQVVJN0hyS2RsNENKQUdUY0g2c2h5d0YvV3dTS01IcWh5QlF1dW9RS1duSWJ1ci9GQUFuRUd2enBDMS9NaUJwaS9MakZEZnN0c2hPeWR2czd4UHZBOUZjNERja0ZnaGVwRDNkSzBtNVY4UldHZU0zTmZLZ25SSytIYTM1blRweHZWT1RBSEs2N2dsK0xCdnk4Rm1HK0YwUGhXOWpRMnVXYlF3YmM2RW5BYjNxL1V5ZTg4UE5Xa2pyUjdhWDdFTjhYZUZnWXYrWHdqV0RLL3lEU21XWUt4Z0dFc2hScHBTaDViRVBlbW1YT05OeUVoZHNMbXRuVXBnUHRxWmpJZEdJdlJaamNhcEZxcmgwREhjZU9FR25rTGt0KzQrR0NtemFtQT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 269374
content-length: 0
expires: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 67ms
66ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231101&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b468b6be87ef872e5210ed17bdc1a769e27dc72a0da47635570c0e5fc58a1bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12428
x-xss-protection: 0

GET
H2 200 AdriverAdvertisingPlayer.js Show response
content.adriver.ru/ 255 KB
255 KB 49ms
49ms Script
application/javascript 88.218.242.3
MELBICOM-EU-AS Me...

General

Check archive.org

Show headers Download Go to

Full URL: https://content.adriver.ru/AdriverAdvertisingPlayer.js
Requested by: Host: content.adriver.ru
URL: https://content.adriver.ru/adriver-core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 88.218.242.3 Moscow, Russian Federation, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software: nginx /
Resource Hash: 2d632eb27d61780aff41bf3e17337770767afe6c3114216d2a663489775c9b1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:55:56 GMT
last-modified: Tue, 28 Mar 2023 18:02:02 GMT
server: nginx
etag: "64232b9a-3fc11"
content-type: application/javascript
cache-control: max-age=3600
accept-ranges: bytes
content-length: 261137
expires: Fri, 03 Nov 2023 21:55:56 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 46ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 03 Nov 2023 21:00:26 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CDDA 13 KB
5 KB 8ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zdorovieledy.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 26426
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 13:40:00 GMT
expires: Sat, 02 Nov 2024 13:40:00 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 08C0 829 B
1 KB 43ms
21ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

131a40c0c1dfac9b88c487d37b4507545414b974b2a3f3a221071e6144035e7f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4LmREvoiPHBlpc1SAol-4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zdorovieledy.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-4LmREvoiPHBlpc1SAol-4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:26 GMT
expires: Fri, 03 Nov 2023 21:00:26 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame CDDA 38 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6929
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 08C0 0
0 41ms
40ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231101&jk=2726199759630939&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame BB35 0
176 B 44ms
17ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://zdorovieledy.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Fri, 03 Nov 2023 21:00:26 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 conf.json Show response
content.adriver.ru/player/225697/conf/ 753 B
929 B 151ms
49ms Fetch
application/json 88.218.242.3
MELBICOM-EU-AS Me...

General

Check archive.org

Show headers Download Go to

Full URL: https://content.adriver.ru/player/225697/conf/conf.json?a=1
Requested by: Host: content.adriver.ru
URL: https://content.adriver.ru/AdriverAdvertisingPlayer.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 88.218.242.3 Moscow, Russian Federation, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software: nginx /
Resource Hash: 6855da45f19bcfd04a2b0ff634c343ab601e4973c37d7f42cf2531c5969b3bc1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:55:56 GMT
last-modified: Wed, 22 Mar 2023 13:10:41 GMT
server: nginx
etag: "641afe51-2f1"
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 753

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame CDDA 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?P7XErQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 container.html Show response
eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8CA7 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zdorovieledy.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:26 GMT
expires: Sat, 02 Nov 2024 21:00:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EBE1 624 B
242 B 47ms
46ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARijvLb3ATAB&v=APEucNW4Blb-liDnXeDDjyO8-v66le28aH10yJudfn8xIUoJah802jHZmR0db9KytPQ-GvHcSJ55azjXcAVShZm6hNr_UVGm-qsaeIOp8bVoMnM_rHnV-BHWgdC5N_iuBGILg_L9tL65xhi4W7YevwU6N3xZfrf0GosZVspzJ-MUIa5B3vwu3owyj77kNGyB0hC7CKRql6PjLlndQpKNyi9E23vK2HkcUg

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 8CA7 172 KB
61 KB 61ms
7ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Origin: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 12:29:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30675
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 12:29:11 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame 8CA7 7 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:17:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2606
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 20:17:00 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame 8CA7 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite_fy2021.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:25:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5704
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9345
x-xss-protection: 0
server: cafe
etag: 15168757854195530193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:25:22 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 8CA7 41 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24147
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 14:17:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 8CA7 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 11:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35716
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 11:05:10 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E7B7 1 KB
643 B 9ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 67099
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 02:22:07 GMT
etag: 48472445140208031
expires: Sat, 04 Nov 2023 02:22:07 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 8CA7 20 KB
8 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5978
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:20:48 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8CA7 42 B
63 B 43ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CUl0etQs7OxiXsT_eD13N5HtCCZ5DaDRyK-tUeIsFsAGFZ_VRTONw-p-OxFXsc0Awjs0PCaKyFt77K9yP_VCXGWTPwbiZZtx1V5KzV6OFcfw1s2_Y

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 8CA7 0
0 16ms
15ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRc4RjqHuT-Td84wlIudcWPU1eWp7PXePGxO7RiErjN79L3k-sq637bDgrp9mjWjABCNAJDQOONY7mtR8zjS2RFcgN7aQ
Requested by: Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8CA7 189 KB
60 KB 42ms
20ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Nov 2023 21:00:26 GMT

GET
H/1.1 200
OK rle.cgi Show response
ad.adriver.ru/cgi-bin/ 5 KB
6 KB 244ms
81ms Fetch
text/xml 195.209.108.51
ADRIVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.adriver.ru/cgi-bin/rle.cgi?sid=225697&bn=1&bt=61&tuid=1&pz=0&vp=3&target=blank&vmindn=0&vmaxdn=30&vminbtr=0&vmaxbtr=4500&rnd=![rnd]&tail256=avtika.ru
Requested by: Host: content.adriver.ru
URL: https://content.adriver.ru/AdriverAdvertisingPlayer.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.209.108.51 , Russian Federation, ASN52007 (ADRIVER, RU),
Reverse DNS
Software: /
Resource Hash: f4ae5d08fa5921e9f45874deec71da3fb5222c06710ce6015efe1ed9bcc41fbf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 03 Nov 2023 21:00:26 GMT
Transfer-Encoding: chunked
Content-Type: text/xml
Access-Control-Allow-Origin: https://zdorovieledy.ru
P3P: policyref="https://adriver.ru/w3c/p3p.xml", CP="NON DSP COR CURa ADMa DEVa OUR BUS UNI COM NAV INT STA"
Cache-control: no-cache, no-cache=Set-Cookie, max-age=0, must-revalidate, proxy-revalidate, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 8CA7 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87dd283afe75a225a5d554f0a7440a95838783bdb33d4c2bbb2b7cc6d25f9145

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame E7B7
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHiu-A1qJhwz3G8p8mfQT_I&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHiu-A1qJhwz3G8p8mfQT_I&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dDZoT01DcmIxUVoxaGc1&google_gid=CAESEHiu-A1qJhwz3G8p8mfQT_I&google_cver=1&google_push=AXcoOmSrRny5sVsejGim0ymX837n2MTmqxO7QKtsJsRBM6-...

170 B
232 B

19ms
19ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dDZoT01DcmIxUVoxaGc1&google_gid=CAESEHiu-A1qJhwz3G8p8mfQT_I&google_cver=1&google_push=AXcoOmSrRny5sVsejGim0ymX837n2MTmqxO7QKtsJsRBM6-98ukdSseCAkRoRgtqg6JMQJNO9e7L7iGXqReB76xxOsnHG4-_h7QLhg

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 03 Nov 2023 21:00:26 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-794-ga594423#rel-ec2-master i-0de411db0dbb18bd6@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dDZoT01DcmIxUVoxaGc1&google_gid=CAESEHiu-A1qJhwz3G8p8mfQT_I&google_cver=1&google_push=AXcoOmSrRny5sVsejGim0ymX837n2MTmqxO7QKtsJsRBM6-98ukdSseCAkRoRgtqg6JMQJNO9e7L7iGXqReB76xxOsnHG4-_h7QLhg
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E7B7
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEBvmPTvXnzbLNK1VxjZG1zI&google_cver=1&google_push=AXcoOmQrmAjVZXeT7hi5qPwxx0Dnlg1pSy0GJ2ZDQs8M8lvj5nuasiMoaO5GOoWkUSvyWQGXBdXu4gN0...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEBvmPTvXnzbLNK1VxjZG1zI&google_cver=1&google_push=AXcoOmQrmAjVZXeT7hi5qPwxx0Dnlg1pSy0GJ2ZDQs8M8lvj5nuasiMoaO5GOoWkUSvyWQGXBdX...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODgyMzIxMTQ1OTkxODcwMDM5MA&google_push=AXcoOmQrmAjVZXeT7hi5qPwxx0Dnlg1pSy0GJ2ZDQs8M8lvj5nuasiMoaO5GOoWkUSvyWQGXBdXu4g...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODgyMzIxMTQ1OTkxODcwMDM5MA&google_push=AXcoOmQrmAjVZXeT7hi5qPwxx0Dnlg1pSy0GJ2ZDQs8M8lvj5nuasiMoaO5GOoWkUSvyWQGXBdXu4gN0DKN5klJJPpxOVzw-HR0z

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODgyMzIxMTQ1OTkxODcwMDM5MA&google_push=AXcoOmQrmAjVZXeT7hi5qPwxx0Dnlg1pSy0GJ2ZDQs8M8lvj5nuasiMoaO5GOoWkUSvyWQGXBdXu4gN0DKN5klJJPpxOVzw-HR0z
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E7B7
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEK8l-RjRH0RK9QLn2REX0cg&google_cver=1&google_push=AXcoOmRnQ4B2N6zbyxN4rNJxFkBQMmCAI_SF3CNIMRxk3190X_HkUAdt3JKEAVPTxkm1JwLesHVnjlkyNxN3m...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEK8l-RjRH0RK9QLn2REX0cg&google_push=AXcoOmRnQ4B2N6zbyxN4rNJxFkBQMmCAI_SF3CNIMRxk3190X_HkUAdt3JKEAVPTxkm1JwLesHVnjlkyNxN3m...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmRnQ4B2N6zbyxN4rNJxFkBQMmCAI_SF3CNIMRxk3190X_HkUAdt3JKEAVPTxkm1JwLesHVnjlkyNxN3mag8_-NyM6AmOzXA&google_hm=QUk4Rkx4eFlZdE5VVjNU...

170 B
188 B

17ms
16ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmRnQ4B2N6zbyxN4rNJxFkBQMmCAI_SF3CNIMRxk3190X_HkUAdt3JKEAVPTxkm1JwLesHVnjlkyNxN3mag8_-NyM6AmOzXA&google_hm=QUk4Rkx4eFlZdE5VVjNUNUFXVEc=

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 03 Nov 2023 21:00:27 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmRnQ4B2N6zbyxN4rNJxFkBQMmCAI_SF3CNIMRxk3190X_HkUAdt3JKEAVPTxkm1JwLesHVnjlkyNxN3mag8_-NyM6AmOzXA&google_hm=QUk4Rkx4eFlZdE5VVjNUNUFXVEc=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 236
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame E7B7
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELzGx917xCy6ZJJ9Jlw4I2c&google_cver=1&google_push=AXcoOmQNe1IzCd0cYtspMpyRwdX_bQMn6XRk86B_dxNXStKxUF_nt2PaHA0zZWCYQIkaJx2Qz3JqeKuSYjFq...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQNe1IzCd0cYtspMpyRwdX_bQMn6XRk86B_dxNXStKxUF_nt2PaHA0zZWCYQIkaJx2Qz3JqeKuSYjFqyAbk-bnI5qhHBYQlTg

170 B
243 B

16ms
16ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQNe1IzCd0cYtspMpyRwdX_bQMn6XRk86B_dxNXStKxUF_nt2PaHA0zZWCYQIkaJx2Qz3JqeKuSYjFqyAbk-bnI5qhHBYQlTg

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQNe1IzCd0cYtspMpyRwdX_bQMn6XRk86B_dxNXStKxUF_nt2PaHA0zZWCYQIkaJx2Qz3JqeKuSYjFqyAbk-bnI5qhHBYQlTg
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 200 ebda
match.360yield.com/match/ Frame E7B7 43 B
199 B 117ms
31ms Image
image/gif 54.76.77.157
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.360yield.com/match/ebda?google_gid=CAESECFtYiG3L09GtNPVCnzxJGM&google_cver=1&google_push=AXcoOmR4CoUUNbsjWRy19W8FdefZGasBOuBPOoRtqAwLDDmwTzrBb8nRAna9AZ3BurJO-HF546A4sHpG8e5mZxJRk0Gzq4SefXCrkA
Requested by: Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.76.77.157 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-77-157.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 03 Nov 2023 21:00:26 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame E7B7
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEGy9M12o05EqKhok92L7Lv0&google_cver=1&google_push=AXcoOmT---nswfpfNaeT2adoBPVVHngYJoXHGBcFqKZUK7OjXTTxefQ9wTDf1er23c6YU-Aw1R5LRBYyYDS4iKUG2K8pBGEogd...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmT---nswfpfNaeT2adoBPVVHngYJoXHGBcFqKZUK7OjXTTxefQ9wTDf1er23c6YU-Aw1R5LRBYyYDS4iKUG2K8pBGEogd0...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzE1OTg3MjkzNTAxNTgzNDc5Njk3Mw%3D%3D&google_push=AXcoOmT---nswfpfNaeT2adoBPVVHngYJoXHGBcFqKZUK7OjXTTxefQ9...

170 B
232 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzE1OTg3MjkzNTAxNTgzNDc5Njk3Mw%3D%3D&google_push=AXcoOmT---nswfpfNaeT2adoBPVVHngYJoXHGBcFqKZUK7OjXTTxefQ9wTDf1er23c6YU-Aw1R5LRBYyYDS4iKUG2K8pBGEogd0wNA

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzE1OTg3MjkzNTAxNTgzNDc5Njk3Mw%3D%3D&google_push=AXcoOmT---nswfpfNaeT2adoBPVVHngYJoXHGBcFqKZUK7OjXTTxefQ9wTDf1er23c6YU-Aw1R5LRBYyYDS4iKUG2K8pBGEogd0wNA
date: Fri, 03 Nov 2023 21:00:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame E7B7 0
45 B 293ms
26ms Image
text/plain 185.86.139.101
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEBZoZLCNVwUTd1_tZSyBMJ4&google_cver=1&google_push=AXcoOmTbvkhB1OECiKmKgloWdwfZG7MiRQsSzN7tJ-fUYa30n_jBIIJsj8yfgcky0mjbRzA3iQV66oT4h0Yw1XkGAUEqQl47SMa03g
Requested by: Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.101 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
content-length: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame E7B7 0
130 B 44ms
15ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IO6atG_UScpQ-0aFqbw3T_Qebv0EAtFFUvhyxgtrnQayFhaSXRNz2Tgi6dW_i-RZmLHE-y

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 71BC 38 KB
13 KB 7ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 19027
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 15:43:19 GMT
expires: Sat, 02 Nov 2024 15:43:19 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame EBE1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKXtB6yjqKs9YtH3dMAIuIs&google_cver=1

43 B
337 B

25ms
24ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKXtB6yjqKs9YtH3dMAIuIs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARijvLb3ATAB&v=APEucNW4Blb-liDnXeDDjyO8-v66le28aH10yJudfn8xIUoJah802jHZmR0db9KytPQ-GvHcSJ55azjXcAVShZm6hNr_UVGm-qsaeIOp8bVoMnM_rHnV-BHWgdC5N_iuBGILg_L9tL65xhi4W7YevwU6N3xZfrf0GosZVspzJ-MUIa5B3vwu3owyj77kNGyB0hC7CKRql6PjLlndQpKNyi9E23vK2HkcUg
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HOv%2BoAuzdnkYaO8ca4MbguksEIWt0%2FxAENRnpTBa7mVrcEqZOXi16catAlNZGR2EntIM6DfoqtjlWInOZjL%2FZFdP1iSVM1vSQ9JLixBWnQxXHzRfk3djB0uG1hgg9i6vzTHLVBSHYxduOw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82078bfb8cb22bfe-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKXtB6yjqKs9YtH3dMAIuIs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame EBE1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUVfapsOLFUhjbf9MXldzAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKXtB6yjqKs9YtH3dMAIuIs&google_cver=1

43 B
771 B

22ms
22ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKXtB6yjqKs9YtH3dMAIuIs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARijvLb3ATAB&v=APEucNW4Blb-liDnXeDDjyO8-v66le28aH10yJudfn8xIUoJah802jHZmR0db9KytPQ-GvHcSJ55azjXcAVShZm6hNr_UVGm-qsaeIOp8bVoMnM_rHnV-BHWgdC5N_iuBGILg_L9tL65xhi4W7YevwU6N3xZfrf0GosZVspzJ-MUIa5B3vwu3owyj77kNGyB0hC7CKRql6PjLlndQpKNyi9E23vK2HkcUg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RGBglWoJBlaKNhPOl0TsTnEjSHdkood2eljsd3RtJPE4O11SWCOVA2RMrZRry69bZy53LHa2lNG6ZdbD1pJ4JqHDqfKxVXp%2FpLi5fM7kuSEMT%2BKiewP7PNvslXctFD%2BT2zRAJf8O%2FN%2F1mw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82078bfbe8dc5d59-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKXtB6yjqKs9YtH3dMAIuIs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame EBE1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENN-Uzw60ICzngo0WTLkcwY&google_cver=1

43 B
840 B

35ms
35ms

Image
image/gif

185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESENN-Uzw60ICzngo0WTLkcwY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARijvLb3ATAB&v=APEucNW4Blb-liDnXeDDjyO8-v66le28aH10yJudfn8xIUoJah802jHZmR0db9KytPQ-GvHcSJ55azjXcAVShZm6hNr_UVGm-qsaeIOp8bVoMnM_rHnV-BHWgdC5N_iuBGILg_L9tL65xhi4W7YevwU6N3xZfrf0GosZVspzJ-MUIa5B3vwu3owyj77kNGyB0hC7CKRql6PjLlndQpKNyi9E23vK2HkcUg

Protocol

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
an-x-request-uuid: f884157c-633e-4e84-b305-9abadb3195c8
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.74; 45.141.152.74; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESENN-Uzw60ICzngo0WTLkcwY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EBE1
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE2MTIwNTc2OTgxNTczMDI0

170 B
188 B

27ms
27ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE2MTIwNTc2OTgxNTczMDI0

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:26 GMT
an-x-request-uuid: a6324df8-ec48-405a-9c0c-0bf135b4dc15
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE2MTIwNTc2OTgxNTczMDI0
x-proxy-origin: 45.141.152.74; 45.141.152.74; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 728x090.html Show response
s0.2mdn.net/sadbundle/17952959967271059456/ Frame 64CA 47 KB
12 KB 30ms
16ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=cqCg5eYezf&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

011e3c5d05b1f8220f59241e57ac65c49b382e8ed8eff99149e2eda18e36a660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:26 GMT
expires: Sat, 02 Nov 2024 21:00:26 GMT
last-modified: Wed, 15 Feb 2023 15:44:22 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8CA7 0
0 94ms
52ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsujw7BZDfVwFeYK2-tXrIxJuFeYmx1NHQ2-YM-INOV9bJELyDAggZGRPZzh3Gd-VexGgv9zTUYAiCQndDdq96vpEJZqEphAHEB--Rv2bFq2RLHuPnYbLQNh5IMjzjd-HCqZoJ2QBLIstQuZPAg4MeymsJl7NsZl2reu7j9dkv9L_QJ5gFK6FSndMF5puvb2i07obv8BtT2MLQf2YdSdVaCg2KudW16SP4ZQHWRR7xzR8qTCNCrKLYhWScHXjNKQLzno920OqAbXuN1xzFhyBYXFUqPSOVgz9NrIGCY-yjGdYBR6XcRgEOKO10hRiXXC3j5d8UfJeCQwX9t5oG0UtknAb8c1h1NaQdydN7QAjcJNw1jqtBVwYlbt86KAnpIPTUi-zovf8SpapA7Ht7tJnD1fotSuQ6XYEsA4mQdfDq9p1qGQVa4A4CL4eDetVsVgidQ-bKs1JF0zfvVI7BH7clar2ZsCoNF8fxWbtdrN78fgMkhtn3DkIXhX89Sgw5gqQQWmdc8akSm-s6gV_Qpnr-mwfIlvgoKqssUbkoqUApQyiYBCCUBudt_Qwnt6f95YLHYf8O_JAeAuf4izELOSqDwFBUVrO0mNsTslmXo6DlQoO9STFqYBrnAhuVhZbxnsvLE_jXap-cBCjTutMXoQJHOY5m15eR-YLnT-Yvy-GU4MuSYhsT9UGHi6Dlorj9RZ1nZWkCHTSrjR14GghvtjMxXpPhoxOTkZBuh8IftG8_ourN4EpYCcL7HYNAge1t-T3GlTThfdjc_K9lmD8NRjEX8D-h_NRFH7kRxioOoKapCKG_4w-KdeJ2NXG1L1YIX4mVgBb48xYzrSDWLLOm6DDzjZoNLrmC0cpGR93TMh-fblKGDFnlLKnc2wy7stVg2JsepohyxIfKBlVasBT79ZfmnzTCPeI2q1w3V96JvE_WlwHdCrGCu2vAKLbDUPU4PC4Hhplfug_2wSM_8sOwTqhxlWQczXRh4sjQC8MVt-9da55TuLvzMaCmacN0XXxnnKjD38mC_ez2Gy2RP2pKOiFWU8UYO15Vav_ZN-gBVTi3Qp24a2Ad7_Bu2Iw_qLjpKGz_pdaHmxEt7GueQOn33Vb0fVJ1UZfyYbm7ZU46bQBDn88OXOBFNgWT5dGis6SuJXQmVVBcN9gVSSBiSjMLykJI9gFgm5MnKImio5foNNpJfqY368b7hszjmKmGX2JOpDdE8MrwKDSt_y39s50YtBLqxZ1n0IF2UwC3TzPOZXQenBQeGEyRXMEMLwvRn-r2yZo-Cyg3MPVmBmyLH-pXDOL2EDfvYpRLBCL-OzEu_Zoe_jYj8hDUciWwdpW1Mn1SWCnHUiErFNjWZSlKGnfrKkmTbBmIXh-S93jx9mcD8pLhfngmBkPWclWYgdDzTwMYZecJ4UYVQi1mNBZUeWsKyLlAOZRARrzVnFpblevBVI&sai=AMfl-YQX39RZ9OyiXgntasI-pWISCdw3ImoDISrPt_W1rG2xynbHsBEiF-0h2rwIyFxOTg3akbN-7AkLR0pXWVlvcSTHM-zIe60t6b-UBDMhEpfuQ1xrgxX-pH4Y9QrOF6N-f4vqKVIdy9CkCGJQJ0L6cmtheBk1y8FJEYEU4fWgs78V3_Gna3hKcKDHhRKkCeC3U-MHn8MP7uIWuEX3L2fJUK96PYxl4TXszoAjrxmJoYSJGn_7BqGxW7PVHi8HgdeL8TmBazVkkT1Sls9I9hmeVjkt6VoBZHBAf3kJ_KDG8vPxKzT444QYzC3e_0UfSnVrT4AY46-SIWyQJ14t1KUPGqzGMKhd-3sDXbc3aOlffNoXCCPjogt8EX6WgQ2-FFCYrGn9nLMiKsCveCUwPMjicXv3xE-dctLOBqV1mgGCwFk2v8R5gQ&sig=Cg0ArKJSzCBYIBZGfsFQEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=164&cbvp=1&cstd=155&cisv=r20231101.33579&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 03 Nov 2023 21:00:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 71BC 38 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6929
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 64CA 118 KB
40 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=cqCg5eYezf&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=cqCg5eYezf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 12:45:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29681
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 12:45:45 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 64CA 63 KB
25 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=cqCg5eYezf&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=cqCg5eYezf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 03 Nov 2023 21:00:26 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8CA7 0
0 45ms
44ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsujw7BZDfVwFeYK2-tXrIxJuFeYmx1NHQ2-YM-INOV9bJELyDAggZGRPZzh3Gd-VexGgv9zTUYAiCQndDdq96vpEJZqEphAHEB--Rv2bFq2RLHuPnYbLQNh5IMjzjd-HCqZoJ2QBLIstQuZPAg4MeymsJl7NsZl2reu7j9dkv9L_QJ5gFK6FSndMF5puvb2i07obv8BtT2MLQf2YdSdVaCg2KudW16SP4ZQHWRR7xzR8qTCNCrKLYhWScHXjNKQLzno920OqAbXuN1xzFhyBYXFUqPSOVgz9NrIGCY-yjGdYBR6XcRgEOKO10hRiXXC3j5d8UfJeCQwX9t5oG0UtknAb8c1h1NaQdydN7QAjcJNw1jqtBVwYlbt86KAnpIPTUi-zovf8SpapA7Ht7tJnD1fotSuQ6XYEsA4mQdfDq9p1qGQVa4A4CL4eDetVsVgidQ-bKs1JF0zfvVI7BH7clar2ZsCoNF8fxWbtdrN78fgMkhtn3DkIXhX89Sgw5gqQQWmdc8akSm-s6gV_Qpnr-mwfIlvgoKqssUbkoqUApQyiYBCCUBudt_Qwnt6f95YLHYf8O_JAeAuf4izELOSqDwFBUVrO0mNsTslmXo6DlQoO9STFqYBrnAhuVhZbxnsvLE_jXap-cBCjTutMXoQJHOY5m15eR-YLnT-Yvy-GU4MuSYhsT9UGHi6Dlorj9RZ1nZWkCHTSrjR14GghvtjMxXpPhoxOTkZBuh8IftG8_ourN4EpYCcL7HYNAge1t-T3GlTThfdjc_K9lmD8NRjEX8D-h_NRFH7kRxioOoKapCKG_4w-KdeJ2NXG1L1YIX4mVgBb48xYzrSDWLLOm6DDzjZoNLrmC0cpGR93TMh-fblKGDFnlLKnc2wy7stVg2JsepohyxIfKBlVasBT79ZfmnzTCPeI2q1w3V96JvE_WlwHdCrGCu2vAKLbDUPU4PC4Hhplfug_2wSM_8sOwTqhxlWQczXRh4sjQC8MVt-9da55TuLvzMaCmacN0XXxnnKjD38mC_ez2Gy2RP2pKOiFWU8UYO15Vav_ZN-gBVTi3Qp24a2Ad7_Bu2Iw_qLjpKGz_pdaHmxEt7GueQOn33Vb0fVJ1UZfyYbm7ZU46bQBDn88OXOBFNgWT5dGis6SuJXQmVVBcN9gVSSBiSjMLykJI9gFgm5MnKImio5foNNpJfqY368b7hszjmKmGX2JOpDdE8MrwKDSt_y39s50YtBLqxZ1n0IF2UwC3TzPOZXQenBQeGEyRXMEMLwvRn-r2yZo-Cyg3MPVmBmyLH-pXDOL2EDfvYpRLBCL-OzEu_Zoe_jYj8hDUciWwdpW1Mn1SWCnHUiErFNjWZSlKGnfrKkmTbBmIXh-S93jx9mcD8pLhfngmBkPWclWYgdDzTwMYZecJ4UYVQi1mNBZUeWsKyLlAOZRARrzVnFpblevBVI&sai=AMfl-YQX39RZ9OyiXgntasI-pWISCdw3ImoDISrPt_W1rG2xynbHsBEiF-0h2rwIyFxOTg3akbN-7AkLR0pXWVlvcSTHM-zIe60t6b-UBDMhEpfuQ1xrgxX-pH4Y9QrOF6N-f4vqKVIdy9CkCGJQJ0L6cmtheBk1y8FJEYEU4fWgs78V3_Gna3hKcKDHhRKkCeC3U-MHn8MP7uIWuEX3L2fJUK96PYxl4TXszoAjrxmJoYSJGn_7BqGxW7PVHi8HgdeL8TmBazVkkT1Sls9I9hmeVjkt6VoBZHBAf3kJ_KDG8vPxKzT444QYzC3e_0UfSnVrT4AY46-SIWyQJ14t1KUPGqzGMKhd-3sDXbc3aOlffNoXCCPjogt8EX6WgQ2-FFCYrGn9nLMiKsCveCUwPMjicXv3xE-dctLOBqV1mgGCwFk2v8R5gQ&sig=Cg0ArKJSzCBYIBZGfsFQEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=254&vt=11&dtpt=90&dett=3&cstd=155&cisv=r20231101.33579&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 64CA 47 KB
47 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=cqCg5eYezf&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:50:24 GMT
x-content-type-options: nosniff
age: 602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 03 Nov 2023 21:05:24 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 64CA 46 KB
46 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=cqCg5eYezf&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:50:06 GMT
x-content-type-options: nosniff
age: 620
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 03 Nov 2023 21:05:06 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 64CA 8 KB
6 KB 50ms
49ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77289abd38d4fdc1a383e94959fa88d6e9daf30c175446e42ec6c719f90695b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5853
x-xss-protection: 0

GET
H3 200 60005582_20210507060843268_Asset_Transparent.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 64CA 2 KB
2 KB 15ms
14ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210507060843268_Asset_Transparent.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f741883eafc84067b80014e53fbfab2505aca4f7cf767b17404a291fffb79d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=cqCg5eYezf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 23:08:41 GMT
x-content-type-options: nosniff
age: 78705
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2040
x-xss-protection: 0
last-modified: Fri, 07 May 2021 13:08:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 03 Nov 2023 23:08:41 GMT

GET
H3 200 60005582_20231030032934149_Frau_728x090_01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 64CA 34 KB
34 KB 12ms
11ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20231030032934149_Frau_728x090_01.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba05d287658833589d3a45e0c5346e6194bf9d153c49392786330c023eaef896

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=cqCg5eYezf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 12:55:40 GMT
x-content-type-options: nosniff
age: 29086
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34380
x-xss-protection: 0
last-modified: Mon, 30 Oct 2023 10:29:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 12:55:40 GMT

GET
H3 200 60005582_20230907064451090_Frau_728x090_02.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 64CA 41 KB
41 KB 13ms
12ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230907064451090_Frau_728x090_02.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ec0de8d3390ed6caee667281dd61d50ddec8184eec891bb994059fd7867b464

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=cqCg5eYezf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 13:51:26 GMT
x-content-type-options: nosniff
age: 25740
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41946
x-xss-protection: 0
last-modified: Thu, 07 Sep 2023 13:44:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 13:51:26 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 64CA 43 B
607 B 58ms
18ms Image
image/gif 141.101.90.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_PEF_HAV_14123_PV&mediacode=30520114_4307561_375826190_145341330_DIV1303A20230914&ref=30520114_4307561_375826190_145341330_DIV1303A20230914
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Fri, 03 Nov 2023 21:00:27 GMT
via: 1.1 varnish-live-1-1
CF-Cache-Status: HIT
age: 145137
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Mon, 16 Oct 2023 12:55:26 GMT
Server: cloudflare
etag: "2b-607d4eb83ab80"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 19488550
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 82078bfcbf2135f3-FRA
Expires: Sat, 02 Nov 2024 21:00:27 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame 64CA 26 KB
26 KB 12ms
12ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=cqCg5eYezf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:56:41 GMT
x-content-type-options: nosniff
age: 225
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 03 Nov 2023 21:11:41 GMT

GET
H3 200 container.html Show response
eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B9AA 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zdorovieledy.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:26 GMT
expires: Sat, 02 Nov 2024 21:00:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 71BC 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BkhsKal9FZYPXA5H-3wPj5qbQDwAAAAA4AeAEAg&bg=!lpWlldrNAAb4oU7C2KE7ADQBe5WfOKzHqz0aRYI4Bi9dSl1RYoxIym8rLfzy5oRiomGGJXDq-3dYCl2G6XGgDc_6sx6DAgAAAGJSAAAABWgBB5kDOqzdUZU-bx5Dbs-R6daULivkDkfloenmdTJfeJfSzKSIOXQfGn31BA6PmLOCkM0t97ge-jY4OrSJoB6NA8J_puHnlUS38TVRrAEySsp1ufa1Jo15P3H6rw1CDPwbZeVf5KEe7jL1iL_8OxCwRzHDX3lo-AO9LmBMt73aXPlvP41ciWdra7hbzp-wr1KbhI4fiZ7yVApdJ5a8ixfTUyv6aacBvw-Rp5ul6bf6UhrklsSh1RL4IltOpETxHc-5tpCaKAjRtPKDHKh1_oirF6sjYdv48Qb7Xd03Ei9S5CqXbiGPRb5wsohzU2jNuFfUJuX2Lbnopv_JM9U75CBFZhrjZY2fRQLqsYVv92vm2maP1S-DMwrvpYXIsjHgCar88Ti3j7hWN32KdnSQu0dWkXznA93CJcizGXNTejPnjSdo1L6GFbLrB1HbJA3YWb66X1SdJQ85iQwVVYXRhPGi6_b4tw8j_eVFFJirabEZZ2G0sJmKv7FJg2wXDxrRR9A2Bsa0_aAcNR0S_s2e9JnApUxZAARu1OgZ7p0qoAyHJz244hHIDx_VcBD8vbWine4VW0Z6CaQkzo014aWUWiemNIxX47gfTfGpXSHOPfsF6sTFSTn0_pN8VyWKHCWNU5VtQLNLiZolPJoAL8hEULUspYsEsgIqeCUaeOMOCJY8TgZTm3u7-V7y61vDDtBdCoWNAoQf0xd-7jAZcd16LRKQOS90Z524FnjL3oxXzj9Ex3myzldG0FUbCsqbllOHmT3FQ3F_nTnW53_rKKfcqIq-X6YyHCz6DSgiPI8R2pwwBsxNyB4VV0t5T13EVhdMGPK8L-7Z2elkoU4aM5pB-NJ_665FLyDaCPeRtYkIH_LhjKsuWeFxAS_LLLTCeDf0MGIm2qRUSH8D43hD7soOzvkv8PuoF3HPG3kreaoMNHtaYsZjBP7rr5QO856NRxJo8Lw9mGOcN3UzdDatzkBB_y9bSVGa-BCtPt0oDmNu6MmE_hEeGqpJskEn86qLVecs8i5tZ7-HbdjDUeqWD5-KcF7X4jl1_ORb1q9qHD8UQ_HFvP0m0w1mmcIUKZIOiQivKqDIZj19IVx9kToADmBgThY

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 64CA 17 KB
6 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 03 Nov 2023 21:00:27 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B568 624 B
242 B 47ms
47ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGK3o7vgBMAE&v=APEucNX3ukjAIz8uMPUjmqvEyAbmpx6ahqnLSUo7OKdDMsF97gI3VkULkjVAlZm-ysl5_NX1utTz2zhxzYGU0kPBWEZwjWixkOzInoBHyM4gbkepM6ppWVNxoviyXKbhzzaMqHdfvftqt0OpPdrPVNCSyfiq3LttoZ2foNxHjlZp2ykOLZnu4xDxkbH__4Qh7glBOpVyVml5wBQEoqNv6BRjpcBjUNZlXQ

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame B9AA 23 KB
9 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite_fy2021.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:25:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5705
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9345
x-xss-protection: 0
server: cafe
etag: 15168757854195530193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:25:22 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame B9AA 7 KB
3 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:17:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2607
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 20:17:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B9AA 0
0 54ms
53ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvlPZPe185gSyxojR08-si8O0oSK5I_IjnEBnLGwXeyM_Uuqd7cG_3siY-6EA5UdMKLbYrR_VD9neAGDROPUf2F94dWJlLnO7EqfomgEfbqCYYnxP12cxX0dcoEQs9gQ7wjt4mT0tIxaw3XGePDdd7UnIF1y3mtNyP1ttpM_caQzW3aHFKdscu9gyiBcCAWCElUwHgOK6MHYsEeiSEm5t6hVjOAhPTvqkGFHDzf5YabJgbuVON5hg91SiZOi-Dcw7yt2joUdUzJypZ0CihSi72ddSze1q6bRxSheTrJJmbzyfaUo9JCIw9U9eQmco7tj-Cef0_hTAEvh-dtTkxpIPrNb7uX28ctKyuC-Dq-ZfWmjWjfsADqgEgHNMqgnMx9DWUNnLom6mK_RbNChhgrhhNksavknH-ejQPpDqtZqaIC7NV0Xe9Py1GFnLhyjcGu6yIW-NTLcgysraezARozUjN4haE5KaRV0fuhKbV6toXai2iIPzWqTiT6-gkLy9K0ESomatGbDUO7Wa_Li2bz4W7IAgjdVAoTmGdyIRuDOKcntr-H7Wx_LCcfdGgEI0oYC5lFSlwwwDd9i6jkY_-cIy3HwCZ7sE6dxGt9snlCcgKVk4gqsonwbfkTAGZEnFHVvW5MR2DGmsPQAGwk15L7qNyBjXi1PJwuNAnEDoTBeFJYdCatQHcUR0-NtyW_wmUkalh1vfU758g7HHCKv8BqyO0pZnTuQ-aI3cDZQjiOA1Cy526V8GjLk6mKxPmS759Q05EUNJ-nzUFLFRxXIYzi0Oq8JGriqd1-zTKuxyLJtmqYMPkn8gyg5t1uWHTtZl8tXp8O6uBd1GeU_UJipEppBJDCX_orPdFGWLfl_zGsXD8GYXuoQ37ybqYSvuNuPXxhP8gbrqLvnXxBIJwi2tJFVl-IamASrDViTbw3vHgVpYdcL1Ad1lVSSGua4dZ-jk-sIY5iJ6YDsPwJdfXfxoK_AoV8cy9WHBbtwSWw4ZCY4gdEQxSv_yjtK9ojdcaWMw6lmK_ntmErxrruKFA8eoeeYKNYW59B9-8Hwk-XKwvy2igL0yfFoYUrSK3TjQ3O8SYQcDksDTqltcOXMIXMeTTD8ypPsv1x4FU4L-ijGYv4o3uSZY2GL-E8kLWxZqeAlOdmlpzcmftPcOpc7u5duwM5dFk0XU8WJB7oIlDe0V4KH_xar15MI4wKpEXN38jvPYRLvkfxi0_FwVzTL874k4bCym9mzVLgAB4RPJ7MrXKwbWSHnWliROywwumYr9XUUJKH49iiBx-3lhVLrlf_Wk2VxeM42eZcsz64nYYGjQh9AXeiy-ed7ne5PKgebNYuGoydh57eX40yiPQyu4XwQQ&sai=AMfl-YT_VKZMCtkx5wqhSRTaontuXps9M1g50Q_mCz0jyBBvB8yyP3zqB1H0zAYUKLIENRKZKZCXNVev5XQ2o_OcEmE2O8i0ztrTyxIqmc8ZptLWDMKNSHTzvJlgKYbw6xnTh5QfSGcoJdBk3SVoCYgh6LxQQGzci-mKxdm3nDsSWmKCLptCiC9DIfnb-mhQ_3ncKWc69k2YgYn7W1HMsNtEdav1GFw2F4gqMMr_qRRvU-Xty3sXEZ0g6mUlL9xiumMaDTS97tyRMuRFuEf9N59ZvIVqYBQGwrAuke-3xgkKeVmj-j1a6Pfe2m5H7Ke7NdwceLwl0JxFPzL1ePM1FbJoj1zJi0kqt6he_3eAa7v8NDyxAFUGN9LhGJtNKR46warjAQ_qSc_72xcZwfpWZakbQmym&sig=Cg0ArKJSzFDNfjHKZ3yKEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20231101.59233&arae=0&ftch=1&adurl=

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 03 Nov 2023 21:00:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame B9AA 41 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24148
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 14:17:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame B9AA 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 11:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35717
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 11:05:10 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 625F 1 KB
643 B 9ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 67100
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 02:22:07 GMT
etag: 48472445140208031
expires: Sat, 04 Nov 2023 02:22:07 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame B9AA 20 KB
8 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:20:48 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B9AA 42 B
63 B 44ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AbLu4ipF59uBJlDa9Ig7SJjjCNaW20r2H9U2p8Z-Q9_taKZiBbarD_egp4VjMm0JG8n_JoGhK9NTCgpRabbMpUDRI-c3OwWNQ91xaCPw6fhhulIaI

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B9AA 0
0 17ms
15ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSMFo4vHqDG0oOXAaLKtBf3IkkR4Doyk0TiYbrUFG8UwyDajcJ9AF-0qv1MNlOUfVg1bDplJ7bzEAOMq-_2cb4ttBwEUQ
Requested by: Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B9AA 189 KB
59 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Nov 2023 21:00:27 GMT

GET
H3 200 6419562279464366881
s0.2mdn.net/simgad/ Frame B9AA 39 KB
39 KB 9ms
7ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/6419562279464366881?sqp=uqWu0g0HCFoQygdAZA&rs=AOga4qkFuuxwYnhlgeejrlas_0V4mHxKfw

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02600a23c6f383880f5706af53e035423140c8b23c83025ccc780d53e29c4019

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 14:44:28 GMT
x-content-type-options: nosniff
age: 108959
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39886
x-xss-protection: 0
last-modified: Wed, 27 Sep 2023 15:16:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Nov 2024 14:44:28 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B9AA 0
0 45ms
44ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvlPZPe185gSyxojR08-si8O0oSK5I_IjnEBnLGwXeyM_Uuqd7cG_3siY-6EA5UdMKLbYrR_VD9neAGDROPUf2F94dWJlLnO7EqfomgEfbqCYYnxP12cxX0dcoEQs9gQ7wjt4mT0tIxaw3XGePDdd7UnIF1y3mtNyP1ttpM_caQzW3aHFKdscu9gyiBcCAWCElUwHgOK6MHYsEeiSEm5t6hVjOAhPTvqkGFHDzf5YabJgbuVON5hg91SiZOi-Dcw7yt2joUdUzJypZ0CihSi72ddSze1q6bRxSheTrJJmbzyfaUo9JCIw9U9eQmco7tj-Cef0_hTAEvh-dtTkxpIPrNb7uX28ctKyuC-Dq-ZfWmjWjfsADqgEgHNMqgnMx9DWUNnLom6mK_RbNChhgrhhNksavknH-ejQPpDqtZqaIC7NV0Xe9Py1GFnLhyjcGu6yIW-NTLcgysraezARozUjN4haE5KaRV0fuhKbV6toXai2iIPzWqTiT6-gkLy9K0ESomatGbDUO7Wa_Li2bz4W7IAgjdVAoTmGdyIRuDOKcntr-H7Wx_LCcfdGgEI0oYC5lFSlwwwDd9i6jkY_-cIy3HwCZ7sE6dxGt9snlCcgKVk4gqsonwbfkTAGZEnFHVvW5MR2DGmsPQAGwk15L7qNyBjXi1PJwuNAnEDoTBeFJYdCatQHcUR0-NtyW_wmUkalh1vfU758g7HHCKv8BqyO0pZnTuQ-aI3cDZQjiOA1Cy526V8GjLk6mKxPmS759Q05EUNJ-nzUFLFRxXIYzi0Oq8JGriqd1-zTKuxyLJtmqYMPkn8gyg5t1uWHTtZl8tXp8O6uBd1GeU_UJipEppBJDCX_orPdFGWLfl_zGsXD8GYXuoQ37ybqYSvuNuPXxhP8gbrqLvnXxBIJwi2tJFVl-IamASrDViTbw3vHgVpYdcL1Ad1lVSSGua4dZ-jk-sIY5iJ6YDsPwJdfXfxoK_AoV8cy9WHBbtwSWw4ZCY4gdEQxSv_yjtK9ojdcaWMw6lmK_ntmErxrruKFA8eoeeYKNYW59B9-8Hwk-XKwvy2igL0yfFoYUrSK3TjQ3O8SYQcDksDTqltcOXMIXMeTTD8ypPsv1x4FU4L-ijGYv4o3uSZY2GL-E8kLWxZqeAlOdmlpzcmftPcOpc7u5duwM5dFk0XU8WJB7oIlDe0V4KH_xar15MI4wKpEXN38jvPYRLvkfxi0_FwVzTL874k4bCym9mzVLgAB4RPJ7MrXKwbWSHnWliROywwumYr9XUUJKH49iiBx-3lhVLrlf_Wk2VxeM42eZcsz64nYYGjQh9AXeiy-ed7ne5PKgebNYuGoydh57eX40yiPQyu4XwQQ&sai=AMfl-YT_VKZMCtkx5wqhSRTaontuXps9M1g50Q_mCz0jyBBvB8yyP3zqB1H0zAYUKLIENRKZKZCXNVev5XQ2o_OcEmE2O8i0ztrTyxIqmc8ZptLWDMKNSHTzvJlgKYbw6xnTh5QfSGcoJdBk3SVoCYgh6LxQQGzci-mKxdm3nDsSWmKCLptCiC9DIfnb-mhQ_3ncKWc69k2YgYn7W1HMsNtEdav1GFw2F4gqMMr_qRRvU-Xty3sXEZ0g6mUlL9xiumMaDTS97tyRMuRFuEf9N59ZvIVqYBQGwrAuke-3xgkKeVmj-j1a6Pfe2m5H7Ke7NdwceLwl0JxFPzL1ePM1FbJoj1zJi0kqt6he_3eAa7v8NDyxAFUGN9LhGJtNKR46warjAQ_qSc_72xcZwfpWZakbQmym&sig=Cg0ArKJSzFDNfjHKZ3yKEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=22&vt=11&dtpt=20&dett=2&cstd=0&cisv=r20231101.59233&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 625F
Redirect Chain

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESELYTODDSI2qmXmaGWQ2ZEP8&google_cver=1&google_push=AXcoOmSaPtmFbIoBpUrHKid-QA5LZfKuk0t6jbHtW0V69nWIpxAX4piU14R98UlPd8UiOU4kZirP_b18Tt_...
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AXcoOmSaPtmFbIoBpUrHKid-QA5LZfKuk0t6jbHtW0V69nWIpxAX4piU14R98UlPd8UiOU4kZirP_b18Tt_zjQbgA-noIVVmo0s

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AXcoOmSaPtmFbIoBpUrHKid-QA5LZfKuk0t6jbHtW0V69nWIpxAX4piU14R98UlPd8UiOU4kZirP_b18Tt_zjQbgA-noIVVmo0s

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AXcoOmSaPtmFbIoBpUrHKid-QA5LZfKuk0t6jbHtW0V69nWIpxAX4piU14R98UlPd8UiOU4kZirP_b18Tt_zjQbgA-noIVVmo0s
Date: Fri, 03 Nov 2023 21:00:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 625F
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEG_SPj6LdQHDTCldfK5I2to&google_cver=1&google_push=AXcoOmT180r5U4xRN_Fn5d7bLQbQHjD6epZTyQFPnSEcvtov_lYwCTfhtA7bWEj3uqRSEkHhr6in1_ocrR89XrWYd5oAjS8...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmT180r5U4xRN_Fn5d7bLQbQHjD6epZTyQFPnSEcvtov_lYwCTfhtA7bWEj3uqRSEkHhr6in1_ocrR89XrWYd5oAjS8h8zuv&google_hm=eS1pQVRxMnF0RTJwRW5ZNi...

170 B
188 B

19ms
19ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmT180r5U4xRN_Fn5d7bLQbQHjD6epZTyQFPnSEcvtov_lYwCTfhtA7bWEj3uqRSEkHhr6in1_ocrR89XrWYd5oAjS8h8zuv&google_hm=eS1pQVRxMnF0RTJwRW5ZNi5kWlB5UHNwaE5aUEtrN0h6Q35B

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 03 Nov 2023 21:00:27 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmT180r5U4xRN_Fn5d7bLQbQHjD6epZTyQFPnSEcvtov_lYwCTfhtA7bWEj3uqRSEkHhr6in1_ocrR89XrWYd5oAjS8h8zuv&google_hm=eS1pQVRxMnF0RTJwRW5ZNi5kWlB5UHNwaE5aUEtrN0h6Q35B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 625F
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEMgLR3AT_iwBG6MVrPzwn0Q&google_cver=1&google_push=AXcoOmRZO-db_5r8QzjmvHXI5MnDTBkj1iQmWrU2YBI2C0fHZzxLz6MFvJn3mJID_zYtF50lbOouXtMrcTayJ...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEMgLR3AT_iwBG6MVrPzwn0Q&google_push=AXcoOmRZO-db_5r8QzjmvHXI5MnDTBkj1iQmWrU2YBI2C0fHZzxLz6MFvJn3mJID_zYtF50lbOouXtMrcTayJ...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmRZO-db_5r8QzjmvHXI5MnDTBkj1iQmWrU2YBI2C0fHZzxLz6MFvJn3mJID_zYtF50lbOouXtMrcTayJqLGzWdbllqro0E&google_hm=Q0llMnQ2c0FiWlpnQUdYY...

170 B
188 B

18ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmRZO-db_5r8QzjmvHXI5MnDTBkj1iQmWrU2YBI2C0fHZzxLz6MFvJn3mJID_zYtF50lbOouXtMrcTayJqLGzWdbllqro0E&google_hm=Q0llMnQ2c0FiWlpnQUdYYkxsVVE=

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 03 Nov 2023 21:00:27 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmRZO-db_5r8QzjmvHXI5MnDTBkj1iQmWrU2YBI2C0fHZzxLz6MFvJn3mJID_zYtF50lbOouXtMrcTayJqLGzWdbllqro0E&google_hm=Q0llMnQ2c0FiWlpnQUdYYkxsVVE=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 235
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 625F 0
166 B 56ms
13ms Image
text/html 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKlhfb57B1UHEcvCxs6xV44&google_cver=1&google_push=AXcoOmRHJPAcsEBuo8z8mH_VisglclfPHKwcLd2EoOQysXrM2_58uJgfHyXBjIqTF3QUzOeY9jAm0Xu9r7QTiSO3ldG7NgI0-GI
Requested by: Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Fri, 03 Nov 2023 21:00:26 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 625F
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEDgWi76M025qi92bZFeEWEQ&google_cver=1&google_push=AXcoOmTEEcx9xN_19abLEHP-mKukOYLvCXb1l8T5bfXxA_W5ri9b0xLZ-eo5VjSOkEbt23zhEPlK1qbpBZ8R3A8...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=FysCS4SuWPVTeMQfErfbAy2NmEo&google_push=AXcoOmTEEcx9xN_19abLEHP-mKukOYLvCXb1l8T5bfXxA_W5ri9b0xLZ-eo5VjSOkEbt23zhEPlK1qbpBZ8R3A...

170 B
188 B

19ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=FysCS4SuWPVTeMQfErfbAy2NmEo&google_push=AXcoOmTEEcx9xN_19abLEHP-mKukOYLvCXb1l8T5bfXxA_W5ri9b0xLZ-eo5VjSOkEbt23zhEPlK1qbpBZ8R3A8rogyO4A4z9YPT

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=FysCS4SuWPVTeMQfErfbAy2NmEo&google_push=AXcoOmTEEcx9xN_19abLEHP-mKukOYLvCXb1l8T5bfXxA_W5ri9b0xLZ-eo5VjSOkEbt23zhEPlK1qbpBZ8R3A8rogyO4A4z9YPT
Date: Fri, 03 Nov 2023 21:00:27 GMT
Connection: keep-alive
Content-Length: 242
Content-Type: text/html; charset=utf-8

GET
H2 204 v1
match.sharethrough.com/E4rooAtA/ Frame 625F 0
35 B 40ms
7ms Image
text/plain 3.67.250.230
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEMe77fasoOpU2FvvKLhZmOc&google_cver=1&google_push=AXcoOmQ86BF_7ALxAy7QuCOC-ORXNG_OXKLCjAHQi6YhUMIf2EpRhAlA88YzZVjuVFFvrQq8XesrB2P_SKXcdjQ5Gehvr3qRuQutrg
Requested by: Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.67.250.230 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-67-250-230.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:27 GMT

GET
H2

200

0.gif
id5-sync.com/i/495/ Frame 625F
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEDh9jYRxPk1_yq_7bVFu5xY&google_cver=1&google_push=AXcoOmSfSNRoQfuTJUoq5Hzgz1hohcOSMntpeyJJnOEnSJMjuuGVTMMM46JWehqBzZHLyK-bGMwV5Nf_Kh4_okYA9JE6UZDuv7nO9Q
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSfSNRoQfuTJUoq5Hzgz1hohcOSMntpeyJJnOEnSJMj...

43 B
921 B

25ms
9ms

Image
image/gif

141.95.33.111
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSfSNRoQfuTJUoq5Hzgz1hohcOSMntpeyJJnOEnSJMjuuGVTMMM46JWehqBzZHLyK-bGMwV5Nf_Kh4_okYA9JE6UZDuv7nO9Q

Protocol

Server

141.95.33.111 , Germany, ASN16276 (OVH, FR),

Reverse DNS

ns3203177.ip-141-95-33.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Fri, 03 Nov 2023 21:00:26 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

Redirect headers

date: Fri, 03 Nov 2023 21:00:27 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSfSNRoQfuTJUoq5Hzgz1hohcOSMntpeyJJnOEnSJMjuuGVTMMM46JWehqBzZHLyK-bGMwV5Nf_Kh4_okYA9JE6UZDuv7nO9Q
x-download-options: noopen
vary: Accept
content-length: 273
x-xss-protection: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 625F 0
12 B 14ms
14ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I1ZfG-iQMFC9RmjivFeHTezQ_A8Tb-OGgmVQs8ayUgoUmYXGfl8-pBzZnZx2KrINcxCIv9NUU

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:27 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 43ms
43ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231101&jk=2726199759630939&bg=!MTKlMn3NAAb4oU7C2KE7ADQBe5WfOKO4-hHXmsrQPQMwv1NbBecdwaLO2Jcqr26bnMkl5bQXI99dznXThF7iSmtwQ9WKAgAAAG9SAAAABWgBB5kC28YJstsRPFuXkDoXuXeyo7YYWR9oCmjInli-t2tF-kZXAqCUMFq2CEuoeZJCWwyfgKj8MYJWAMDQXU9Fp_LrDte2G7WMrDwXclcOsa_mMCHCnyzndT0MDZzHM-vOqNl5eegi6wGWiXbpQmNpbq6mPWYvERtfhAojzzW5zXwQO916hrZAKIixgspx6--aylrltqXJxojDWuG-09rIBAWetZMQlc3Xh7jxP-k1izt8hooP2RW7dXN2waJSk8d8cCWMTp5ozDAI-SbpPIMYUxtywjp93dlDwcw4OLD4vgeRC-VEFcVaOVvCfzOoKEDCOeOda40HW5wfi8YD6vYLLFNM7PHEh5rehQgK4Ap0i6vEm3QgyQnkq-7yCAX9PzylJhZvdt1W8vjtY6oGHqV8chZOFwDYG5xm3qbCgR3PEJmDinuzvGqbNWPDTItp6b9ZQwE04DOmd7qSzf4QSPSyprnsKP4wpyGaKp_NhmN72UXjYRpalbfgDHRGP0JMaMIo8L6Am7yOksl_VzTkxQ_gtOWQOdg0TXiT9G8rmCtXNUht7BZhVzaIpXjUeI5TMaErS6UfMdlI2CFbBUl_UkhdJ3b_XFGO_aqhOcm6uU9wrKRDbvu9hB04VTCfj1JF74AP1ebAfClZgHggiIG2Ps2t_IKQKIeqMXh6XbzA9utKjo9B_c4r5N-abLvr0899qJW1yaVh8AlIY4DXkLEnrS83XbSomqzcJDa1AgBMpY9m2JVIvUYDKArRTrXeNfQverd62EDX6EE2cqh0gqytqEH7nFABQLKUlAPtoNgQTZjWFdo3Ow-oMRMyO3_LSyOQk1msdrJOuziRMYeI7rB4Ih7UXFdlxsNRM10LgiJ2utTtDW5loEV7-isqtsSWc1WzlF0nvomwIffktGdq7A3NcpGfA1ewI71bI6EQorisVNtHS3sDMoJGaZzBK5DhVemp-hV0MojCNGLmsm0MyeuSYsii
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame F47B 38 KB
13 KB 8ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 19028
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 15:43:19 GMT
expires: Sat, 02 Nov 2024 15:43:19 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame B568
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOXO_n-3iNrHHMEUKbr7lo4&google_cver=1

43 B
731 B

29ms
28ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOXO_n-3iNrHHMEUKbr7lo4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGK3o7vgBMAE&v=APEucNX3ukjAIz8uMPUjmqvEyAbmpx6ahqnLSUo7OKdDMsF97gI3VkULkjVAlZm-ysl5_NX1utTz2zhxzYGU0kPBWEZwjWixkOzInoBHyM4gbkepM6ppWVNxoviyXKbhzzaMqHdfvftqt0OpPdrPVNCSyfiq3LttoZ2foNxHjlZp2ykOLZnu4xDxkbH__4Qh7glBOpVyVml5wBQEoqNv6BRjpcBjUNZlXQ
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1eT4pU7IywpHtLG1ocKnVCDU5oRFPBgxLzZTvZu8hpaZ1wnmsNPecA4AJEb497iYNYJ4iD4Ofrz4P3AyzOctEJ9LNI%2FQUVM6bYETpMIEkk6ISPHBgLcpIMRf%2BBvs6GqX09haNbBTHzGBeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82078bfd8a6b5d59-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOXO_n-3iNrHHMEUKbr7lo4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame B568
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUVfapsOLFUhjbf9MXldzAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOXO_n-3iNrHHMEUKbr7lo4&google_cver=1

43 B
730 B

21ms
21ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOXO_n-3iNrHHMEUKbr7lo4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGK3o7vgBMAE&v=APEucNX3ukjAIz8uMPUjmqvEyAbmpx6ahqnLSUo7OKdDMsF97gI3VkULkjVAlZm-ysl5_NX1utTz2zhxzYGU0kPBWEZwjWixkOzInoBHyM4gbkepM6ppWVNxoviyXKbhzzaMqHdfvftqt0OpPdrPVNCSyfiq3LttoZ2foNxHjlZp2ykOLZnu4xDxkbH__4Qh7glBOpVyVml5wBQEoqNv6BRjpcBjUNZlXQ
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3rZj0hWpwujOaZAKMlfC7UOeSq3WcAHkCIJEYOQ74FYa71a8sttOoiymtF24SZTzzYwlIyfKPaF6To5%2F60jtBJj8p2sTVlSJwNDQ4ECsF1ch7pCZQ7h8NE2sywRJ%2BJO02ZnwSUBt5f0AGw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82078bfd9a825d59-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOXO_n-3iNrHHMEUKbr7lo4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame B568
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECuPaTM2lRIrucffNih-85s&google_cver=1

43 B
839 B

14ms
13ms

Image
image/gif

185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECuPaTM2lRIrucffNih-85s&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGK3o7vgBMAE&v=APEucNX3ukjAIz8uMPUjmqvEyAbmpx6ahqnLSUo7OKdDMsF97gI3VkULkjVAlZm-ysl5_NX1utTz2zhxzYGU0kPBWEZwjWixkOzInoBHyM4gbkepM6ppWVNxoviyXKbhzzaMqHdfvftqt0OpPdrPVNCSyfiq3LttoZ2foNxHjlZp2ykOLZnu4xDxkbH__4Qh7glBOpVyVml5wBQEoqNv6BRjpcBjUNZlXQ

Protocol

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
an-x-request-uuid: 8a8a4d4c-3586-4015-9388-89bb086da249
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.74; 45.141.152.74; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECuPaTM2lRIrucffNih-85s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B568
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE2MTIwNTc2OTgxNTczMDI0

170 B
188 B

17ms
16ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE2MTIwNTc2OTgxNTczMDI0

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
an-x-request-uuid: b0609b37-1fc9-4e1a-a5fe-a91c42fdefa1
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE2MTIwNTc2OTgxNTczMDI0
x-proxy-origin: 45.141.152.74; 45.141.152.74; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame B9AA 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0197a9926027170f8a4772e279eeaa0d3f52ba03ab805203ab993b6b2551bae3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 2ED6 38 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6930
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame F47B 38 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6930
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&wpc=ca-pub-2169694473459397&su=zdorovieledy.ru&eid=44759876%2C44759927%2C31079307%2C31079345%2C44795922%2C44807048%2C44807334%2C44807455%2C44807461%2C31078301&doc=complete&pg_h=6425&pg_w=1600&pg_hs=6425&c=3&aa_c=0&av_h=76&av_w=586.667&av_a=51932&s=465&all_s=465&b=5225&all_b=5225&d=0.035&all_d=0.035&ard=0.015&all_ard=0.015&dt=d

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F47B 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B6aWjal9FZYHiIfKWjuwPhNmUsAoAAAAAOAHgBAI&bg=!Pj2lPXLNAAb4oU7C2KE7ADQBe5WfOKBNUYua0I_O96I0re-ZhdGdLFvV1WTdcETFzaQB2zc6de6U3_qx4ePULJBltAB_AgAAAE5SAAAABWgBBwoAHzorEckwgzxxJCkDVnKzkRH9nJhQkrJ2NHNaz611NUCZAzVYF3mvaUHevm2aCIMtsjBb29DM8HXKXs1xF3qTTZaACK4DxbZMZbsrzSJJc61a5hVCJcbeAsYfbpZqxReOINiwLKwTxu6XtUhDvqOyXfJXEASpIp3auAT-ibTcPK5mLsNpEeFUUullAXnMBnkzGOT6PubbJHACLyjPw2iCmF2LDepAx329SK3B5Y7vRe_aBRxzDBzmHBdPG53iBzPwVFoqvRird7CytsA0bacYl9rh-7LPGE4AU-kEuUEeNKt7AjKUbbDS659hPjid_r_Pu3Qwj8L7R3B96Qn_RKLpdt1WaTkAJNH7GTw8QSuMh2r5QR20PPCL3jYtSUmGTMOYoUMMakpXbjeF4Hyjxfkgv5FV7a1RUh-oRJ39znC63Gkgxbb0_qjrRkl9qC0akYNA_IOFVGShHIqHlgXu1XiEVKqC5DgB8L4Mo2_C8IpPzLYPJrB0xEurCJ-bFnvO8syHN1sD-rl-sE8DlSKLCC8_JBpwSJseNC2SNfvDxhxxmYdcBjPiBySGFcC27PiUCiqFWpD5AOaqfWAgJrsxTFXQzfAsoJSApCfw4pPUepOHkdBS6pK9mMlLnfCBalCV3tcf-Wj_70WZVYQC6tL6XOCoUkm_ySu8_8rxHAAa-_EaJQvl7F4E0Y2UsLlfdAUiWpDVx6ipZq0F51EBgKXbNPfBpZygQintT3K5TYNpSKQ6WRWPzIe8sAM435tuSPxn7z8bgJoeBLTWl8YV3oo0qMfzMFuar8xYPIyQ2KWoDeCk9f80CtNWXeNU6E0iddv544LoJUlMEMOrnu_lHTp_-eA9xElSBKjxpM9pPSCSfuVPtu3BULl5hVPlT9SrXgTCo2UlMji6cZMAiB9JwsdBCYTG4l3axQknbvx8E9hMKowwYTu0KYPVogeQID5u9a9DXi_ylwGIMSsjAYYo7g6AQTIwLI78Z_GOwvd3PwbvHydOxJ7RBbt73sbwq-zk3iaVIjTLdwvU-GJ5vI6OEQB5ryucc4ospsiInVzxT_tfjifmZ3VNO38OunvdrvGu3oLK6Z3YRpzOoZqsJOZI9m4smcOlIEmsI7fOW0x-hBS1BAJp6c_rZy_g1bQr4w

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BD02 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zdorovieledy.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:26 GMT
expires: Sat, 02 Nov 2024 21:00:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame BD02 4 KB
767 B 18ms
18ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 03 Nov 2023 21:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 19:13:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 03 Nov 2023 21:00:27 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E94B 14 KB
1 KB 18ms
17ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 03 Nov 2023 21:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 20:46:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 03 Nov 2023 21:00:27 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame E94B 2 KB
825 B 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:21:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5921
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 798
x-xss-protection: 0
server: cafe
etag: 15713038447858168282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:21:46 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame E94B 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite_fy2021.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:21:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5921
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9345
x-xss-protection: 0
server: cafe
etag: 15168757854195530193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:21:46 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C838 143 B
166 B 9ms
7ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3024
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 20:10:03 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame E94B 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 11:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35717
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 11:05:10 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F2C9 1 KB
643 B 9ms
8ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 67100
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 02:22:07 GMT
etag: 48472445140208031
expires: Sat, 04 Nov 2023 02:22:07 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame E94B 20 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:20:48 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E94B 0
0 15ms
14ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR8LQMt0iigojC10DI72MjA1XAPHbc_kch90CyHh5sGTJAP006RTD95wMWKba3CNYXkcQc-GL7W0Bbt8svxfVEId1LE1Q
Requested by: Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E94B 189 KB
59 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Nov 2023 21:00:27 GMT

GET
H2 200 ac1dbca482530a26bafc7a8c1241173a.js Show response
www.gstatic.com/mysidia/ Frame E94B 36 KB
15 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1dbca482530a26bafc7a8c1241173a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:58:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3698
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15099
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 17:23:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 19:58:49 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame BD02 21 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e67417b0b06b8190bcbc2063e7e5b70febd93586e820049fd4eda8e491fd9ec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:49:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 642
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8796
x-xss-protection: 0
server: cafe
etag: 1225823381704108053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 20:49:45 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame BD02 205 B
519 B 26ms
9ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 02:28:25 GMT
x-content-type-options: nosniff
age: 66722
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 02 Nov 2024 02:28:25 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame BD02 604 B
696 B 27ms
9ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 13:30:38 GMT
x-content-type-options: nosniff
age: 113389
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 01 Nov 2024 13:30:38 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F2C9
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEH53Jt1fUeYtVvZqYFwXNvY&google_cver=1&google_push=AXcoOmQ8TWa8mUvj0Dhse5Qr2xqD762WIGdecPMmGRGiNzaw2szHZsmK_xiKnURX-fxfuAgmNMeu8...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmQ8TWa8mUvj0Dhse5Qr2xqD762WIGdecPMmGRGiNzaw2szHZsmK_xiKnURX-fxfuAgmNMeu8UQ0WJDx3euCQWr-30CN5nx2

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmQ8TWa8mUvj0Dhse5Qr2xqD762WIGdecPMmGRGiNzaw2szHZsmK_xiKnURX-fxfuAgmNMeu8UQ0WJDx3euCQWr-30CN5nx2

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 03 Nov 2023 21:00:27 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 85DC0D3C93AC49C0B8ABCD79671F6C34 Ref B: FRAEDGE1307 Ref C: 2023-11-03T21:00:27Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmQ8TWa8mUvj0Dhse5Qr2xqD762WIGdecPMmGRGiNzaw2szHZsmK_xiKnURX-fxfuAgmNMeu8UQ0WJDx3euCQWr-30CN5nx2
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYJRctDgso1dQZrU9NZnA==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F2C9
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEMY37bfrg6_HJQ_fXNepsA0&google_cver=1&google_push=AXcoOmQzZJUod9_wYizAxJs31J96ewMrr_cFwf7_MoAA_x3lEs-Zkq2rRrUnYgh8MbXh78WRv2OW-u_YuYWWJygCgAriW3-...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEMY37bfrg6_HJQ_fXNepsA0&google_cver=1&google_push=AXcoOmQzZJUod9_wYizAxJs31J96ewMrr_cFwf7_MoAA_x3lEs-Zkq2rRrUnYgh8MbXh78WRv2OW-u_YuYWWJygCgAriW...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQzZJUod9_wYizAxJs31J96ewMrr_cFwf7_MoAA_x3lEs-Zkq2rRrUnYgh8MbXh78WRv2OW-u_YuYWWJygCgAriW3-DWoVO

170 B
188 B

18ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQzZJUod9_wYizAxJs31J96ewMrr_cFwf7_MoAA_x3lEs-Zkq2rRrUnYgh8MbXh78WRv2OW-u_YuYWWJygCgAriW3-DWoVO

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQzZJUod9_wYizAxJs31J96ewMrr_cFwf7_MoAA_x3lEs-Zkq2rRrUnYgh8MbXh78WRv2OW-u_YuYWWJygCgAriW3-DWoVO
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 dds
rtb.openx.net/sync/ Frame F2C9 43 B
245 B 35ms
15ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESED_OM01Fy8MG7WsV10dLt4k&google_cver=1&google_push=AXcoOmSYzw4MsJ511x23RjdfzuUU26UMSgzbV7hd3o-f2DnGeM-pg1okOJmABSNN3TAZYMr059zpu3qK2TEF6CfM7j3OFSA6zBpD
Requested by: Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame F2C9 0
41 B 15ms
11ms Image
text/html 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEL0HnXSpr4SxvBhXqRgPxLA&google_cver=1&google_push=AXcoOmQof78RJZgxS7ZvXDfjMKxX6R5ho_V9Fn_xu2VR4afoDk43aoWi-iQW5xTQQtIcoofxZPK4urlQMcQaNCe5f_XNqdIIowk
Requested by: Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Fri, 03 Nov 2023 21:00:27 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 204 -
s.ad.smaato.net/c/n/// Frame F2C9 0
237 B 114ms
50ms Image
text/plain 2600:9000:2362:8800:1b:5138:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEIJ5AKkjgMjC0w2BmwoHtnQ&google_cver=1&google_push=AXcoOmQBec6Wo-arh7RYNRbOygbQ81A4UBt-zkq9lNwxDES3yqq42LShrue5-ef0WrzLvf7yEdiw-DgLd5vXpaYxMtdLVqsXnkhe
Requested by: Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2362:8800:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:27 GMT
cache-control: no-cache, must-revalidate
via: 1.1 eb3d2bd89447108973b8d2779fc789e4.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: DYYlcnvIqZ7ta2k4-rL5PHhyd2bCBH_kDWxO2gX-t-yc_lKhKswsuQ==
x-cache: Miss from cloudfront

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F2C9
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESENuLkTYXlekJdA0JOOVX6jg&google_cver=1&google_push=AXcoOmQc3jNQ6mRMdvBFmsvKAO5pQC30FCnlR9-IbiQxtcyP8_96LiBRm0kvT_dZmBtG3FC_9Zm6ymb9V_shDMAd-XBPzhokG-mH
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzQyMDQ2ODI4NTQyODIyNzAwMFYxMA%3d%3d&mn_hm=MzQyMDQ2ODI4NTQyODIyNzAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmQc3jNQ6mRMdvBFmsvKAO5pQC3...

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzQyMDQ2ODI4NTQyODIyNzAwMFYxMA%3d%3d&mn_hm=MzQyMDQ2ODI4NTQyODIyNzAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmQc3jNQ6mRMdvBFmsvKAO5pQC30FCnlR9-IbiQxtcyP8_96LiBRm0kvT_dZmBtG3FC_9Zm6ymb9V_shDMAd-XBPzhokG-mH&gdpr=&gdpr_consent=

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 03 Nov 2023 21:00:28 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzQyMDQ2ODI4NTQyODIyNzAwMFYxMA%3d%3d&mn_hm=MzQyMDQ2ODI4NTQyODIyNzAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmQc3jNQ6mRMdvBFmsvKAO5pQC30FCnlR9-IbiQxtcyP8_96LiBRm0kvT_dZmBtG3FC_9Zm6ymb9V_shDMAd-XBPzhokG-mH&gdpr=&gdpr_consent=
Content-Type: text/html
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 154
x-mnet-hl2: E
Expires: Fri, 03 Nov 2023 21:00:28 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame F2C9
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEAPo0qSkwisujfUp-HJOv3s&google_cver=1&google_push=AXcoOmRcnuakJnTaZHv4zsqvCEHt0kimClz2H-KhL2xgWFtwQNibQxnx28V_tt6-taQ7t1lLuocWbjpGdoD...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmRcnuakJnTaZHv4zsqvCEHt0kimClz2H-KhL2xgWFtwQNibQxnx28V_tt6-taQ7t1lLuocWbjpGdoDWkBomPu1mdBUM6j5X5w
https://onetag-sys.com/match/?int_id=19&google_error=5

0
200 B

8ms
7ms

Image
text/plain

51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame F2C9 0
12 B 15ms
14ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KaIN92art6UB3uVgYbCwhzcq0H-qlKIUiA8oRcJhSYz3lZv4pssKbEtGN4GX-pXFiOcujXFQ

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:27 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C838
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

19ms
18ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:27 GMT
expires: Fri, 03 Nov 2023 21:00:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:27 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8CA7 42 B
64 B 48ms
47ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvSSASbr0rXe02BmiKjQ7H92CjjAj7BtODyoOuwh-JYJ7QRyXsb_71Y1XLKYwEzzl7lbxCw7pkbBR8DQ8U8_vRMbqVcOTW20poAbXPA6C1dAyjBzO4UXXH5slgRNeqeV2-9BvElpXllLebx&sai=AMfl-YQOhO8sXRmAZzM3-fiFsthZxJE37e2bAVpDN1ZVReZtNVq3Q2egNvA_Z66Z1gOckP2yDn6X30jKsL-VNf6vdmjncCHle0F0b2CLTlzg0pVVcgjf59cUy7AIzvk&sig=Cg0ArKJSzA_rvOc_lhpIEAE&cid=CAQSOwDICaaNp2pEDXuviOlh37vpTODneTvjjNw7jcxfbd4eg6xSRGLc80Zsq09icluv7VMfkByBNIw1nl6tGAE&id=lidar2&mcvt=1019&p=555,436,645,1164&mtos=1019,1019,1019,1019,1019&tos=1019,0,0,0,0&v=20231101&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=982550737&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699045226626&rpt=162&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Dq7XSZMeOny_zs0cDs__BulTyuvw0_s4UMxrCFcwjBQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 7B62 50 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dq7XSZMeOny_zs0cDs__BulTyuvw0_s4UMxrCFcwjBQ.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaed749931e3a7cbfcecd1c0ecfff06e953caebf0d3fb3850cc6b0857308c14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 19:38:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 177732
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19631
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Oct 2024 19:38:15 GMT

GET
H3 200 container.html Show response
eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2F3E 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zdorovieledy.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:26 GMT
expires: Sat, 02 Nov 2024 21:00:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7A26 624 B
242 B 48ms
47ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYxNPDmAEwAQ&v=APEucNU7EURQecXIqEMaRj7DWgi5DBHpE8mNlTqR_CJTmN3oA9MEOiCBZHyTOZHMFasF08LAMv5oU2YHmGF_JpQLTmL1MW8m94d2k2FgfStNq3FH1Z7FuhHSD5t11aSVp5s-0ecKGmvLw99c07FFeDFOG-x4E6VM1eLR-Xky1AaCjJDDyq-poYJxfrtep_x0hgi9KrH1VlF11un4RUhF6MWQBP3iDUxm0A

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 21:00:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 2F3E 111 KB
39 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Origin: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24149
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 14:17:59 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame 2F3E 7 KB
3 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:17:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2608
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 20:17:00 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame 2F3E 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite_fy2021.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:25:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5706
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9345
x-xss-protection: 0
server: cafe
etag: 15168757854195530193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:25:22 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 2F3E 41 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24149
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 14:17:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 2F3E 3 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 11:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35718
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 11:05:10 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8A03 1 KB
643 B 9ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 67101
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 02:22:07 GMT
etag: 48472445140208031
expires: Sat, 04 Nov 2023 02:22:07 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 2F3E 20 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5980
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:20:48 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2F3E 42 B
63 B 42ms
40ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Cm7UsVstHbuSrRQfeRIe03hFxfZw8Gm6rcspiHZ3gvj0y6hjgtkw4xuZ0egwOiSxpgQcGdugkEDHfhcrMOJ2Rf66f_iyeFjkKUZy9mwEpEUUq2YyA

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2F3E 0
0 16ms
14ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQuIZkMJdX75Wj4LpLnFyFU_-ifhS14_LAi4iQFbSgDhUrOegdyFynVnawBQ99FKQw8HHURXPZrQaFOxmrWbe2yeoPXrA
Requested by: Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2F3E 189 KB
59 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Nov 2023 21:00:28 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 36DB 38 KB
13 KB 7ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 19029
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 15:43:19 GMT
expires: Sat, 02 Nov 2024 15:43:19 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10494368969906787579/ Frame 1380 30 KB
6 KB 7ms
7ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1583a6565bdfb24969129960274ff657f4b20d716adcadc00a39c53bbd5797fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 22472
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5980
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 14:45:56 GMT
expires: Sat, 02 Nov 2024 14:45:56 GMT
last-modified: Fri, 03 Nov 2023 10:16:31 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2F3E 0
0 53ms
52ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstfClCsxhJrVyFMqLjIXYdmWZy6BuGwjKWhSaRmvodpdt7z9OLz8W2yhwZzyr29euQvWY767zc1MzQvyUAp0jSABbIJVSmbdmlkyObK8qlBvzq3txNSoNG-2DCnG-TqVHhEfT_SeuhklxCxz7mdNyITS7nLHlt1jgBynbwbRYWgi8Qkc0J5kbOes6GrC-D6cW-hFrcLH3rO-MoZcLQNtvVil32xAeNGsCxfHqRoInGZQF4DQ6zubuQX5jhdyaBooAJlQemuyekYvcg8faTHoIMCoUobw63nZYABdS5nKvYM_zecQNUahr7_SCVI8v5xJnH85vmDRJ9zuQP2KXeCBmBMTJBYeEnKwA19lipupdWFagu4TrGe1H6mcGR-X6EeIjXuVhMXoEo01QjC6GubE12x3-HisCVzn3QfBKtNp7tNBYX7eS-1JYbGXPHO6tAOLJYy_EbvhXUir5zw2tb1dDfMqbCYbOnBYGufZa0exsjFlnYDiTviNCwUfvSoiIGE0k9J5Qi32WLLmQzKKfycNdXXMwSFh4Cgezy6iGzrs1yO1p-kJ4Vf2KASYnn2i0Xv7QWnfxL7f4Sa4gmJVJZ1D1HKIRespxLZDfkn90YWVYK13Q05-fnTH0weDD-bt_MTGxaV5C6B2rkYC0pkUDp4gKnh9Q4zM5Lh5z9HP56ksSg_aoi_mFYJBMIjUObJFJbBJ5wUa65v72TMCD2HH2FEgaZpsrR2gAc3XjCMST5mWupxhjLdYF8iPbXWucdxH9h4XPmt2DL9-yzEva5IjlkluwNx2b2Z9me_3uzaOnjQM--s70i9QWe0KzvPQ2oiWjsTysbfp5J003Mflh8ntqRhM_fnsGTNJQu9P5R-yINuI4LO8dhBBUmbaCVkkpHdVGqOchLzJaGm_VDcM6RBWdLIr5k1i-smzLSTVCqR09Ercwjb3IzaFIggjReg1TOd2Y4rH4TwtUuoyO9j35FlztJAW7D3j-k2IHzipTChGCM1HDdlnvIcukhdTYOavuS58Jb8XDJs56SQ2HjSFHn6uoG-4uuslWVvEAO5a74qaSTwcogLeQXhhY1Z4RFVGWhyhG_fgIOdwypEl3wYIMZeiheFF29mU8nLXuY_qkXVyE2TH4HUST-tBAZBj15xFrfu_qonGrSIt_bnM-BFUvcSFbQPNxk9yR_6B-vRax0FCV3n04sQ88LfXtkWeYvXrPHvWE6pQeE2dEM5Zc3IKhuN3Hn60k8JQ4NmDij0mtb6LI_nW39zwhLB2QKVD33ILg3jsm45termnR6gL5tiqy31Z-aOFwYhpo8qQvDLL6cw8zZz0nLrI059X_HATfqE_rpIy7CzVBFFUKMCAlyeXHviDtKdHJMJVnhxu0iLBFAaEgTIVCM2zzrFEHXEOwb1OGCQlL0hitlzkzDUWQuc&sai=AMfl-YQF_LxsxBFPjU7csdKZ9s-V1OnJ5ePUXAl5WYiMNKDVUXWFLWxFd6eXcHhrxRW5UbpU3tD0W9AcXF_V15gIgU4HeA5Wv0EdOfTjFmIxUnQ7V8WEF4NLopERr3F5d69hZ8UJtxNxgHfEhGOIua-cKGqiG4GcPQOXJ6xnrJdzTD_nQ3_xoN1tP9B77WmuoBYgNmDASA1bRfRXNaE3VIg5wqbnK2Ch5vx4-Nd5gpj0zHsiKGf1sjZ3JYjtAdpx-WP75wPzL57RMxpAzefeaeemJVmXntZIRyV5hk1phuNAbN-aNHJyjbABcaDJtWfqMPaF1kTSsHx64oQP4ejWe8Vxj-84BnvqKpbieM97gC4niilIq_ugJ9C0xXDBfJ0jErHuxdxg9DzyEQrkwf8-etlVQhwr17xVwWqevEW_eSVq43U-kcM&sig=Cg0ArKJSzL_Y3clgjAKgEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=30&cbvp=1&cstd=27&cisv=r20231101.26844&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 03 Nov 2023 21:00:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2F3E 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 66a4f5185372406e0708a203e14a78ef647be884071c523020ce7a3d37f3d0ed

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8A03
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEE6ZP_y16Ep1n-P_56I5kB8&google_cver=1&google_push=AXcoOmTZpTGWGuICaPIdwkgkQh7jDDpG4_dlYBRaUsTpxH8cJq_EZWhHFVCVL9V4oCxvVoZylOwMdJU98zZqg71mqrEmyQVNa4x87A
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=MjNabmtHcmtCZE9pdk5OX2JGOUZaUQ%3D%3D&google_push=AXcoOmTZpTGWGuICaPIdwkgkQh7jDDpG4_dlYBRaUsTpxH8cJq_EZWhHFVCVL9V4oCxvVoZylOwMdJU98zZqg...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=MjNabmtHcmtCZE9pdk5OX2JGOUZaUQ%3D%3D&google_push=AXcoOmTZpTGWGuICaPIdwkgkQh7jDDpG4_dlYBRaUsTpxH8cJq_EZWhHFVCVL9V4oCxvVoZylOwMdJU98zZqg71mqrEmyQVNa4x87A

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 03 Nov 2023 21:00:28 GMT
server: nginx
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=MjNabmtHcmtCZE9pdk5OX2JGOUZaUQ%3D%3D&google_push=AXcoOmTZpTGWGuICaPIdwkgkQh7jDDpG4_dlYBRaUsTpxH8cJq_EZWhHFVCVL9V4oCxvVoZylOwMdJU98zZqg71mqrEmyQVNa4x87A
content-type: text/html; charset=utf-8
cache-control: no-store
content-length: 245

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8A03
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmRYm2...
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-EdrCmwMYIX0kyZMV4vbVJsHAcDo_MnJJaHWlrQ&google_push=AXcoOmRYm24UYmyKGODov4aJigqfitsmFLg3qxP7DszTnh-7Ut9NSlra1091EHaV_v98tBeMgm87jIojV17O...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-EdrCmwMYIX0kyZMV4vbVJsHAcDo_MnJJaHWlrQ&google_push=AXcoOmRYm24UYmyKGODov4aJigqfitsmFLg3qxP7DszTnh-7Ut9NSlra1091EHaV_v98tBeMgm87jIojV17OBR-XGrHCpuz064gMAw

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:27 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-EdrCmwMYIX0kyZMV4vbVJsHAcDo_MnJJaHWlrQ&google_push=AXcoOmRYm24UYmyKGODov4aJigqfitsmFLg3qxP7DszTnh-7Ut9NSlra1091EHaV_v98tBeMgm87jIojV17OBR-XGrHCpuz064gMAw
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1077794
content-length: 0
expires: Fri, 03 Nov 2023 00:00:00 GMT

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 8A03 0
41 B 14ms
13ms Image
text/html 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMJUsZk300dT6URchr23G00&google_cver=1&google_push=AXcoOmSwFTV34CDUid1B_-1qEMTGYDZMxbLWIjYpM5OLeQSaXliUyJ1MP0vFvnloW8twTEqcwNRFBVm55KMGCjPwqXOMJO4E2N9DoQ
Requested by: Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Fri, 03 Nov 2023 21:00:26 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8A03
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOqJ3rqlQTMv4qvo5CL_euc&google_cver=1&google_push=AXcoOmRsZ2Zsl8iFrND6ZXD_Vd3bVr9S6v4uCSbEudFXUejJDw6504W-6YvK6fe2zoPgsNRzQy7WifJG1hNKClnxsGS2kMXeXm...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzE1OTg3MjkzNTAxNTgzNDc5Njk3Mw%3D%3D&google_push=AXcoOmRsZ2Zsl8iFrND6ZXD_Vd3bVr9S6v4uCSbEudFXUejJDw6504W-...

170 B
188 B

19ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzE1OTg3MjkzNTAxNTgzNDc5Njk3Mw%3D%3D&google_push=AXcoOmRsZ2Zsl8iFrND6ZXD_Vd3bVr9S6v4uCSbEudFXUejJDw6504W-6YvK6fe2zoPgsNRzQy7WifJG1hNKClnxsGS2kMXeXm3H0w

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzE1OTg3MjkzNTAxNTgzNDc5Njk3Mw%3D%3D&google_push=AXcoOmRsZ2Zsl8iFrND6ZXD_Vd3bVr9S6v4uCSbEudFXUejJDw6504W-6YvK6fe2zoPgsNRzQy7WifJG1hNKClnxsGS2kMXeXm3H0w
date: Fri, 03 Nov 2023 21:00:28 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 8A03 0
44 B 781ms
232ms Image
text/plain 18.180.200.17
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEEfC6V26ZeH-8-vlRo6wgTM&google_cver=1&google_push=AXcoOmQc3k-tdiRjNU7svYxYMJqx6Qp07L66wPBJee61M-onbVajB2j2AZS-h8wS7qb7jMTOsTXswkvJuuCzwc4mBltpsibM5ORQ
Requested by: Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.200.17 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-200-17.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:28 GMT
server: awselb/2.0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8A03
Redirect Chain

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEC-dMiigZZkQE_jeqva1Dlo&google_cver=1&google_push=AXcoOmS-HF7TurfaHZLmH5u_6Y4zFjItjmeymK5Qodr-W_LRCFweJoSRz...
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS-HF7TurfaHZLmH5u_6Y4zFjItjmeymK5Qodr-W_LRCFweJoSRztXJy1GUNa3rXjevfHN3ILVfIJ_LIbiIcmGUdegVx--F4ik&google_hm=QlMuODEzNS05MjF...

170 B
188 B

19ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS-HF7TurfaHZLmH5u_6Y4zFjItjmeymK5Qodr-W_LRCFweJoSRztXJy1GUNa3rXjevfHN3ILVfIJ_LIbiIcmGUdegVx--F4ik&google_hm=QlMuODEzNS05MjFhLTRmYjEtYmFlYw==

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS-HF7TurfaHZLmH5u_6Y4zFjItjmeymK5Qodr-W_LRCFweJoSRztXJy1GUNa3rXjevfHN3ILVfIJ_LIbiIcmGUdegVx--F4ik&google_hm=QlMuODEzNS05MjFhLTRmYjEtYmFlYw==
Date: Fri, 03 Nov 2023 21:00:28 GMT
Server: openresty
Connection: close
Content-Length: 142
Content-Type: text/html

GET
H2 200 https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25
x.bidswitch.net/check_uuid/ Frame 8A03 43 B
146 B 29ms
7ms Image
image/gif 3.124.69.248
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEFrH8fMYNDxf-qZCqLhTTNA&google_cver=1&google_push=AXcoOmQIjmRxvXQ9-wRp0k7uQq0_Q7ITSc6uXYdRAN7Z0pLAvS7XL_UKKJI_gr15kfrQcxG2zzTBUGaSQThg805c_XkC-pfHzmvtkOs
Requested by: Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.69.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-69-248.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:28 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8A03 0
12 B 15ms
15ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IOHp5JkjHGT2W_eR-FIawmAkVghJhtwq7HEBlT9SZ20B5RD7Rtn38EvhxO5q3K-Gm2kj2q1BE

Requested by

Host: eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
URL: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:28 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 b4bcf46b7b11704ea2e88b3103a89404.js Show response
s0.2mdn.net/sadbundle/10494368969906787579/ Frame 1380 134 KB
38 KB 7ms
7ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10494368969906787579/b4bcf46b7b11704ea2e88b3103a89404.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1535347cab84b2b7431d22f29c356f5906552f565f5aa49d0e6922a5d0a4d5c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22472
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39043
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 10:16:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 14:45:56 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 7A26
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjyEH3VewhH3yzwc4_No7k&google_cver=1

43 B
740 B

31ms
31ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjyEH3VewhH3yzwc4_No7k&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYxNPDmAEwAQ&v=APEucNU7EURQecXIqEMaRj7DWgi5DBHpE8mNlTqR_CJTmN3oA9MEOiCBZHyTOZHMFasF08LAMv5oU2YHmGF_JpQLTmL1MW8m94d2k2FgfStNq3FH1Z7FuhHSD5t11aSVp5s-0ecKGmvLw99c07FFeDFOG-x4E6VM1eLR-Xky1AaCjJDDyq-poYJxfrtep_x0hgi9KrH1VlF11un4RUhF6MWQBP3iDUxm0A
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xjs2dC570wsF2HYM%2F%2BeARGAycwENzVLdcgcEC%2BZ91KpfPmf3CyV055DFKysYzfdiFjMXGB38jgZaeZ%2Baa%2FOxM3%2BTslMpnNqTMHdGuziOSBNjnRRbR4zHBl%2BZR5s1tTAErQvNx%2Fj4HGDMeA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82078c03c8515d59-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjyEH3VewhH3yzwc4_No7k&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 7A26
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUVfapsOLFUhjbf9MXldzAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjyEH3VewhH3yzwc4_No7k&google_cver=1

43 B
733 B

25ms
24ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjyEH3VewhH3yzwc4_No7k&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYxNPDmAEwAQ&v=APEucNU7EURQecXIqEMaRj7DWgi5DBHpE8mNlTqR_CJTmN3oA9MEOiCBZHyTOZHMFasF08LAMv5oU2YHmGF_JpQLTmL1MW8m94d2k2FgfStNq3FH1Z7FuhHSD5t11aSVp5s-0ecKGmvLw99c07FFeDFOG-x4E6VM1eLR-Xky1AaCjJDDyq-poYJxfrtep_x0hgi9KrH1VlF11un4RUhF6MWQBP3iDUxm0A
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r3rFAvyFxx1a9tgSc29dv657RETdenCkR3kD3dkHavDLYhJI6P0cxgnkMY0Opg5IMTNWPIvRw%2FnoMm2pUYw0XHvOf%2F9vLXYUW4ysAwibG9mywH2FMvLYk%2B1mxyyjMRTjxl8GPiZRqSCDAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82078c03e86b5d59-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjyEH3VewhH3yzwc4_No7k&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 7A26
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMCh2Ni7_KeF-I_hITsqtZc&google_cver=1

43 B
840 B

13ms
13ms

Image
image/gif

185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMCh2Ni7_KeF-I_hITsqtZc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYxNPDmAEwAQ&v=APEucNU7EURQecXIqEMaRj7DWgi5DBHpE8mNlTqR_CJTmN3oA9MEOiCBZHyTOZHMFasF08LAMv5oU2YHmGF_JpQLTmL1MW8m94d2k2FgfStNq3FH1Z7FuhHSD5t11aSVp5s-0ecKGmvLw99c07FFeDFOG-x4E6VM1eLR-Xky1AaCjJDDyq-poYJxfrtep_x0hgi9KrH1VlF11un4RUhF6MWQBP3iDUxm0A

Protocol

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
an-x-request-uuid: 100d6d5e-75d6-4fdb-84bf-b89f47fa3413
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.74; 45.141.152.74; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMCh2Ni7_KeF-I_hITsqtZc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7A26
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE2MTIwNTc2OTgxNTczMDI0

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE2MTIwNTc2OTgxNTczMDI0

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
an-x-request-uuid: 942f16d2-8672-47c8-a99b-6d1e4b05ca8c
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE2MTIwNTc2OTgxNTczMDI0
x-proxy-origin: 45.141.152.74; 45.141.152.74; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B9AA 42 B
64 B 50ms
50ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu3DE5GVd6bjyNoSmIKQsu6xvz3qRjh6C9qspitR6jzig77DFmyplAuEiQdAqEguLwisbUUFQ62l_S0-tKXueaP0ukXmwuOZOr4r1BAA9RTvUYGYR2YmbpfaNTiphSYM1RjoiMfgfVvrUYP&sai=AMfl-YRqgX2loR_tJneP3knRC6mskb4wpi3GC4E5qyJJi9j6Vfx4nYJnafzCrHwVoyXiJrjNLaWwKi2IbPLQmkCtjnqVx_CYQ5L4N7lWglfQAWw7MGkcaFbzVmsrnLA&sig=Cg0ArKJSzAm_o1ddeldkEAE&cid=CAQSOwDICaaNYnjafZEE8NQkBRXzQchWjlpqNGt0gWpszI5hFl2vz7gVIsHXzI-lrcDDohYwM8_6Rz3qWAuqGAE&id=lidar2&mcvt=1019&p=1110,315,1200,1285&mtos=1019,1019,1019,1019,1019&tos=1019,0,0,0,0&v=20231101&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=432837046&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699045226977&rpt=129&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 36DB 38 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6931
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 200 9c69f07deadda884c61396a404004929.svg
s0.2mdn.net/sadbundle/10494368969906787579/media/ Frame 1380 1 KB
646 B 10ms
9ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10494368969906787579/media/9c69f07deadda884c61396a404004929.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22472
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 613
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 10:16:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 14:45:56 GMT

GET
H3 200 704b2cda6f649834a899b80ef4c8e8e6.png
s0.2mdn.net/sadbundle/10494368969906787579/media/ Frame 1380 28 KB
28 KB 9ms
8ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10494368969906787579/media/704b2cda6f649834a899b80ef4c8e8e6.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76ca50d1ef630c1dcf2abcfd0f95d4fe86e5d5b50bc2721e974cf0a23b537b82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:45:56 GMT
x-content-type-options: nosniff
age: 22472
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28824
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 10:16:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 14:45:56 GMT

GET
H3 200 575b33c2d68789a903e5a275ac70c879.jpg
s0.2mdn.net/sadbundle/10494368969906787579/media/ Frame 1380 12 KB
12 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10494368969906787579/media/575b33c2d68789a903e5a275ac70c879.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9e3d293d21d325fadae91be7f19f56a0d8b938bd225230665f5011cad6e5450

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:45:56 GMT
x-content-type-options: nosniff
age: 22472
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12159
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 10:16:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 14:45:56 GMT

GET
H3 200 6d7052ff6df13eae564657f4b45cc79a.svg
s0.2mdn.net/sadbundle/10494368969906787579/media/ Frame 1380 5 KB
3 KB 11ms
11ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10494368969906787579/media/6d7052ff6df13eae564657f4b45cc79a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22472
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2640
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 10:16:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 14:45:56 GMT

GET
H3 200 ibm_plex_sans_500_normal.ttf
s0.2mdn.net/sadbundle/10494368969906787579/fonts/ Frame 1380 173 KB
80 KB 10ms
10ms Font
font/ttf 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10494368969906787579/fonts/ibm_plex_sans_500_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11ddde88c29ef7e51f5c03da7fde285085469879139d006f631a62dba9bbd069

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22472
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 81411
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 10:16:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 14:45:56 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2F3E 0
0 45ms
45ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstfClCsxhJrVyFMqLjIXYdmWZy6BuGwjKWhSaRmvodpdt7z9OLz8W2yhwZzyr29euQvWY767zc1MzQvyUAp0jSABbIJVSmbdmlkyObK8qlBvzq3txNSoNG-2DCnG-TqVHhEfT_SeuhklxCxz7mdNyITS7nLHlt1jgBynbwbRYWgi8Qkc0J5kbOes6GrC-D6cW-hFrcLH3rO-MoZcLQNtvVil32xAeNGsCxfHqRoInGZQF4DQ6zubuQX5jhdyaBooAJlQemuyekYvcg8faTHoIMCoUobw63nZYABdS5nKvYM_zecQNUahr7_SCVI8v5xJnH85vmDRJ9zuQP2KXeCBmBMTJBYeEnKwA19lipupdWFagu4TrGe1H6mcGR-X6EeIjXuVhMXoEo01QjC6GubE12x3-HisCVzn3QfBKtNp7tNBYX7eS-1JYbGXPHO6tAOLJYy_EbvhXUir5zw2tb1dDfMqbCYbOnBYGufZa0exsjFlnYDiTviNCwUfvSoiIGE0k9J5Qi32WLLmQzKKfycNdXXMwSFh4Cgezy6iGzrs1yO1p-kJ4Vf2KASYnn2i0Xv7QWnfxL7f4Sa4gmJVJZ1D1HKIRespxLZDfkn90YWVYK13Q05-fnTH0weDD-bt_MTGxaV5C6B2rkYC0pkUDp4gKnh9Q4zM5Lh5z9HP56ksSg_aoi_mFYJBMIjUObJFJbBJ5wUa65v72TMCD2HH2FEgaZpsrR2gAc3XjCMST5mWupxhjLdYF8iPbXWucdxH9h4XPmt2DL9-yzEva5IjlkluwNx2b2Z9me_3uzaOnjQM--s70i9QWe0KzvPQ2oiWjsTysbfp5J003Mflh8ntqRhM_fnsGTNJQu9P5R-yINuI4LO8dhBBUmbaCVkkpHdVGqOchLzJaGm_VDcM6RBWdLIr5k1i-smzLSTVCqR09Ercwjb3IzaFIggjReg1TOd2Y4rH4TwtUuoyO9j35FlztJAW7D3j-k2IHzipTChGCM1HDdlnvIcukhdTYOavuS58Jb8XDJs56SQ2HjSFHn6uoG-4uuslWVvEAO5a74qaSTwcogLeQXhhY1Z4RFVGWhyhG_fgIOdwypEl3wYIMZeiheFF29mU8nLXuY_qkXVyE2TH4HUST-tBAZBj15xFrfu_qonGrSIt_bnM-BFUvcSFbQPNxk9yR_6B-vRax0FCV3n04sQ88LfXtkWeYvXrPHvWE6pQeE2dEM5Zc3IKhuN3Hn60k8JQ4NmDij0mtb6LI_nW39zwhLB2QKVD33ILg3jsm45termnR6gL5tiqy31Z-aOFwYhpo8qQvDLL6cw8zZz0nLrI059X_HATfqE_rpIy7CzVBFFUKMCAlyeXHviDtKdHJMJVnhxu0iLBFAaEgTIVCM2zzrFEHXEOwb1OGCQlL0hitlzkzDUWQuc&sai=AMfl-YQF_LxsxBFPjU7csdKZ9s-V1OnJ5ePUXAl5WYiMNKDVUXWFLWxFd6eXcHhrxRW5UbpU3tD0W9AcXF_V15gIgU4HeA5Wv0EdOfTjFmIxUnQ7V8WEF4NLopERr3F5d69hZ8UJtxNxgHfEhGOIua-cKGqiG4GcPQOXJ6xnrJdzTD_nQ3_xoN1tP9B77WmuoBYgNmDASA1bRfRXNaE3VIg5wqbnK2Ch5vx4-Nd5gpj0zHsiKGf1sjZ3JYjtAdpx-WP75wPzL57RMxpAzefeaeemJVmXntZIRyV5hk1phuNAbN-aNHJyjbABcaDJtWfqMPaF1kTSsHx64oQP4ejWe8Vxj-84BnvqKpbieM97gC4niilIq_ugJ9C0xXDBfJ0jErHuxdxg9DzyEQrkwf8-etlVQhwr17xVwWqevEW_eSVq43U-kcM&sig=Cg0ArKJSzL_Y3clgjAKgEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=151&vt=11&dtpt=121&dett=3&cstd=27&cisv=r20231101.26844&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: zdorovieledy.ru
URL: https://zdorovieledy.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 9c69f07deadda884c61396a404004929.svg
s0.2mdn.net/sadbundle/10494368969906787579/media/ Frame 1380 1 KB
646 B 7ms
6ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10494368969906787579/media/9c69f07deadda884c61396a404004929.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10494368969906787579/b4bcf46b7b11704ea2e88b3103a89404.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22472
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 613
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 10:16:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 14:45:56 GMT

GET
H3 200 6d7052ff6df13eae564657f4b45cc79a.svg
s0.2mdn.net/sadbundle/10494368969906787579/media/ Frame 1380 5 KB
3 KB 9ms
8ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10494368969906787579/media/6d7052ff6df13eae564657f4b45cc79a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10494368969906787579/b4bcf46b7b11704ea2e88b3103a89404.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22472
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2640
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 10:16:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 14:45:56 GMT

GET
H3 200 b3a9999edc59d969e4e12d0141151799.png
s0.2mdn.net/sadbundle/10494368969906787579/media/ Frame 1380 8 KB
8 KB 8ms
7ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10494368969906787579/media/b3a9999edc59d969e4e12d0141151799.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36a34ece9862bc012cdd5d7260269258db3ff4f1eafbc534e5501b9dd80cc927

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:45:57 GMT
x-content-type-options: nosniff
age: 22471
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8362
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 10:16:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 14:45:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 36DB 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B1grda19FZaTYIpOAjuwP26GNIAAAAAA4AeAEAg&bg=!V1SlVBvNAAb4oU7C2KE7ADQBe5WfOH7hAvhNa6nqbQ0owbD3klGdCMgg5nXiAw_n-yRE8aXvTZrTQO7oB8m2V59xWSkTAgAAAG9SAAAAC2gBB5kDRxsa8OJC6j4VESr_fVqI_aTnZLP73a0kHieRxZZTvXlp54scyOkWs4re6MHDrPS_N5b-dTWhav5qhB-DkuKqY0AdgplAXUcBPReTU_eT6jIof49pDles-ISgx6WmMSMoNFUT0PbgbypHxdY1N_FXgvt-1aL7HPsnr-pZiIknciLtwZ99miGutqRR2CT676MqZEeBZqNj_a5bI0BOraOo5w0MKNgyVZmTEULvvKDmU_ZYQeTMKryMkO1qkegLA2F7Ofrg8XwvezX3GDX7CiMr4ugAOznBlRLJChR04zEeI7wVJGJ8D-MV_WyOLe7lADPmv3_clC_jzJRHbvuYy_pQWqqVMjvMWpJi4coHMOuI5rqu2Fz4OMQdUuZJMgUdz2VsGssHj_IlK_oOExkFu70ECiTHzakGffZNuJ9jNb36QR7dlWl8-mk5dX0HCBfyvfqpM1g-Hr3Rgua3-8Xyk6pcsN6tjbAaQz1GsKvcIxtf0WsPLLKu0F6_GnZ-7Q5ZXU6PQH6Ptp7rkMXZE3VmWDaiG_EgEWo072C6wOH5wv6Bwyxucemx8AqTr4pfm3MCSO1OVFbBZsv-bJlPIZLItsYRZctRaWUR5BYLkIP189svmC2xlW2tV4uAEzYX450AStgcxFWDiFTcXyhFiOVVmzdY1M49-J4RcS1TpWv9B5R3fBvfQG4QdxqNw-0tkUMS-ZlbPQL9mqDG-IjdgJMcN1uXSa7FJ1f1kPGcvjcNBBQQoknzlLs6pGUKz6h311oGA9HGqeGG9vARwCO51C2lpx-7AEIu_YPw3mHBsitePly5AUpDzrnzkZFwk5eZ4kVRYAA2QZJDjOQSGuv862oDlVedGVLVCEnckLoBD5VEDG--N746q-TnFBMvbSsRAmF0VdnbsOC2awMglJLL4RqfqePZeir1EvzZuIc2RkW2qgmPKblrA0I2RINvW3aest7ikET6mE9IIaF1pVJqEjqjshoFf9bTNEHNqw43gjLasR_zk98rJO-fYOgtXJyBljBcqtag8ohFKrqE4uxqIWYR7x6K3JZasdB-qvuDSl0L4CLLK7HvmgHwac-SYKcl5zAOqIGvvmEENZNCT4QIpDH-4pdiBDYwtwRh8PJ4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Skrinshot-20-04-2022-104512.jpg
zdorovieledy.ru/wp-content/uploads/2022/04/ 120 KB
120 KB 50ms
50ms Image
image/jpeg 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zdorovieledy.ru/wp-content/uploads/2022/04/Skrinshot-20-04-2022-104512.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: e026f9e1d345671637e70e5837fada9d217a06423611a1631b6a6a948f2b7e70

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:28 GMT
last-modified: Wed, 20 Apr 2022 07:38:21 GMT
server: Apache
accept-ranges: bytes
etag: "1de45-5dd1113dd3540"
content-length: 122437
content-type: image/jpeg

POST
H2 200 82692964
mc.yandex.ru/webvisor/ 43 B
0 386ms
114ms Fetch
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/webvisor/82692964?wv-part=1&wmode=0&wv-hit=292576548&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&rn=569396487&wv-type=7&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1699045229%3Aw%3A1600x1200%3Av%3A1150%3Az%3A60%3Ai%3A20231103220029%3Au%3A1699045225467725521%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Ast%3A1699045229&t=gdpr(14)ti(1)

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zdorovieledy.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:29 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 03-Nov-2023 21:00:29 GMT
content-type: image/gif
access-control-allow-origin: https://zdorovieledy.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 03-Nov-2023 21:00:29 GMT

POST
H2 200 82692964
mc.yandex.ru/webvisor/ 43 B
0 478ms
477ms Fetch
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/webvisor/82692964?wv-part=2&wmode=0&wv-hit=292576548&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&rn=855865243&wv-type=7&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1699045230%3Aw%3A1600x1200%3Av%3A1150%3Az%3A60%3Ai%3A20231103220029%3Au%3A1699045225467725521%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Ast%3A1699045230&t=gdpr(14)ti(1)

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zdorovieledy.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:30 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 03-Nov-2023 21:00:30 GMT
content-type: image/gif
access-control-allow-origin: https://zdorovieledy.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 03-Nov-2023 21:00:30 GMT

POST
H2 200 82692964
mc.yandex.ru/webvisor/ 43 B
0 380ms
379ms Fetch
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/webvisor/82692964?wv-part=1&wmode=0&wv-hit=292576548&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&rn=264985152&wv-type=7&browser-info=we%3A1%3Aet%3A1699045230%3Aw%3A1600x1200%3Av%3A1150%3Az%3A60%3Ai%3A20231103220029%3Au%3A1699045225467725521%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Ast%3A1699045230&t=gdpr(14)ti(1)

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zdorovieledy.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:30 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 03-Nov-2023 21:00:30 GMT
content-type: image/gif
access-control-allow-origin: https://zdorovieledy.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 03-Nov-2023 21:00:30 GMT

POST
H2 200 82692964
mc.yandex.ru/webvisor/ 43 B
0 171ms
169ms Fetch
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/webvisor/82692964?wv-part=3&wmode=0&wv-hit=292576548&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&rn=317631340&wv-type=7&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1699045230%3Aw%3A1600x1200%3Av%3A1150%3Az%3A60%3Ai%3A20231103220029%3Au%3A1699045225467725521%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Ast%3A1699045230&t=gdpr(14)ti(1)

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zdorovieledy.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:30 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 03-Nov-2023 21:00:30 GMT
content-type: image/gif
access-control-allow-origin: https://zdorovieledy.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 03-Nov-2023 21:00:30 GMT

GET
H3 200 6d7052ff6df13eae564657f4b45cc79a.svg
s0.2mdn.net/sadbundle/10494368969906787579/media/ Frame 1380 5 KB
3 KB 7ms
6ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10494368969906787579/media/6d7052ff6df13eae564657f4b45cc79a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10494368969906787579/b4bcf46b7b11704ea2e88b3103a89404.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22476
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2640
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 10:16:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 14:45:56 GMT

GET
H3 200 8e30ae50a312caf02b8595bceaf53179.png
s0.2mdn.net/sadbundle/10494368969906787579/media/ Frame 1380 17 KB
17 KB 7ms
7ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10494368969906787579/media/8e30ae50a312caf02b8595bceaf53179.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a24d2e6115ede07b9aa297f9b1cedc533f425519c696afd9001ee0035bdb24bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:46:01 GMT
x-content-type-options: nosniff
age: 22471
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17754
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 10:16:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 14:46:01 GMT

GET
H3 200 ibm_plex_sans_700_normal.ttf
s0.2mdn.net/sadbundle/10494368969906787579/fonts/ Frame 1380 172 KB
75 KB 9ms
8ms Font
font/ttf 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10494368969906787579/fonts/ibm_plex_sans_700_normal.ttf

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

856c41d7d47bba74b107e526ef8f49968fb2a3a129cdc3c5ef5899ba3c2dc181

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10494368969906787579/index.html?ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22471
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76650
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 10:16:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 14:46:01 GMT

GET
H2 200 Skrinshot-20-04-2022-104046.jpg
zdorovieledy.ru/wp-content/uploads/2022/04/ 145 KB
146 KB 50ms
50ms Image
image/jpeg 82.202.165.233
RU-JSCIOT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zdorovieledy.ru/wp-content/uploads/2022/04/Skrinshot-20-04-2022-104046.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 82.202.165.233 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS: bualvl25017.example.com
Software: Apache /
Resource Hash: c990092c0833fe4696dcd9a3a1cf486f4e2e9c55e13be85384a5b5f73806c56e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zdorovieledy.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:00:32 GMT
last-modified: Wed, 20 Apr 2022 07:34:00 GMT
server: Apache
accept-ranges: bytes
etag: "24351-5dd11044eaa00"
content-length: 148305
content-type: image/jpeg

POST
H2 200 82692964
mc.yandex.ru/webvisor/ 43 B
0 59ms
58ms Fetch
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/webvisor/82692964?wv-part=4&wmode=0&wv-hit=292576548&page-url=https%3A%2F%2Fzdorovieledy.ru%2F&rn=832156002&wv-type=7&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1699045234%3Aw%3A1600x1200%3Av%3A1150%3Az%3A60%3Ai%3A20231103220033%3Au%3A1699045225467725521%3Avf%3A1nabcoadxdzdljaz0wet9gpr%3Ast%3A1699045234&t=gdpr(14)ti(1)

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zdorovieledy.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 03 Nov 2023 21:00:34 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 03-Nov-2023 21:00:34 GMT
content-type: image/gif
access-control-allow-origin: https://zdorovieledy.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 03-Nov-2023 21:00:34 GMT

Verdicts & Comments Add Verdict or Comment

256 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

53 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
zdorovieledy.ru/	1969-12-31 23:59:59	Name: flat_r_mb Value: %2F%2F%2F%3Adirect
.zdorovieledy.ru/	1970-01-21 00:43:01	Name: _ym_uid Value: 1699045225467725521
.zdorovieledy.ru/	1970-01-21 00:43:01	Name: _ym_d Value: 1699045225
.yandex.ru/	1970-01-21 00:43:01	Name: yashr Value: 5752833381699045225
.yandex.ru/	1970-01-21 00:43:01	Name: bh Value: KgI/MA==
mc.yandex.ru/	1969-12-31 23:59:59	Name: yabs-sid Value: 195282291699045225
.yandex.ru/	1970-01-21 01:33:25	Name: i Value: BvZ0AW5YBzpMxjK7nfyfESXMA9mXhekaF4j+JYfeYbzBXTLTODSNFiWY7mQ0me8W3bl+LX/b6k/AXS91yS4kHvyOCwo=
.yandex.ru/	1970-01-21 01:33:25	Name: yandexuid Value: 5345094711699045225
.yandex.ru/	1970-01-21 00:43:01	Name: yuidss Value: 5345094711699045225
.yandex.ru/	1970-01-21 00:43:01	Name: ymex Value: 1730581225.yrts.1699045225#1730581225.yrtsi.1699045225
.zdorovieledy.ru/	1970-01-20 15:58:37	Name: _ym_isad Value: 2
.zdorovieledy.ru/	1970-01-20 15:57:27	Name: _ym_visorc Value: w
zdorovieledy.ru/	1970-01-20 15:58:51	Name: geo-cookie Value: DE
.zdorovieledy.ru/	1970-01-21 01:19:01	Name: __gads Value: ID=1198b4ecc1014cb7-22fce1cac5e40018:T=1699045225:RT=1699045225:S=ALNI_MbP1uL0IQDJFMzE5RS1-JPqkZrfKg
.zdorovieledy.ru/	1970-01-21 01:19:01	Name: __gpi Value: UID=00000d9f5f98df2e:T=1699045225:RT=1699045225:S=ALNI_MZIpNPcdgd0zYIHCPwP6H54z62UIQ
.mc.webvisor.org/	1970-01-20 15:57:25	Name: sync_cookie_csrf Value: 2509378938fake
.mc.yandex.ru/	1970-01-20 15:57:25	Name: sync_cookie_csrf Value: 1318580087fake
.webvisor.org/	1970-01-21 01:33:25	Name: yandexuid Value: 5345094711699045225
.webvisor.org/	1970-01-21 01:33:25	Name: yuidss Value: 5345094711699045225
.webvisor.org/	1970-01-21 01:33:25	Name: i Value: BvZ0AW5YBzpMxjK7nfyfESXMA9mXhekaF4j+JYfeYbzBXTLTODSNFiWY7mQ0me8W3bl+LX/b6k/AXS91yS4kHvyOCwo=
.mc.webvisor.org/	1970-01-20 15:58:51	Name: sync_cookie_ok Value: synced
.criteo.com/	1970-01-21 01:19:01	Name: uid Value: 38851138-3a99-44be-9227-f5070164f54a
.zdorovieledy.ru/	1970-01-21 01:19:01	Name: cto_bundle Value: XawGbF9VZldJcHA2R3hlUGVoaktzeUVScyUyQlNGanFaZnVUeTI5MkhVSyUyRldYdVNldlZsQ1BORVdXY1lxUkRxUDlTQ244U3BZQkVBOVNPVE9QMmFPckRlJTJGc1hWbzVwRUoyTHZLblZCcDVxS2pBbTMzYU44R1dRMXZWU3hocHc5TFFhZ2RBR3ZOanc1NkpFV1E2bmVnMWk5WVl1T3clM0QlM0Q
.openx.net/	1970-01-21 00:43:01	Name: i Value: 3dc491f4-1a85-4e57-857d-cc130b8526ed\|1699045226
.3lift.com/	1970-01-20 18:07:01	Name: tluid Value: 3159872935015834796973
.w55c.net/	1970-01-21 01:27:39	Name: wfivefivec Value: t6hOMCrb1QZ1hg5
.casalemedia.com/	1970-01-21 00:43:01	Name: CMID Value: ZUVfapsOLFUhjbf9MXldzAAA
.casalemedia.com/	1970-01-20 18:07:01	Name: CMPS Value: 1145
.casalemedia.com/	1970-01-20 18:07:01	Name: CMPRO Value: 1145
.adnxs.com/	1970-01-20 18:07:01	Name: uuid2 Value: 316120576981573024
.w55c.net/	1970-01-20 16:40:37	Name: matchgoogle Value: 5
.adform.net/	1970-01-20 16:40:37	Name: C Value: 1
.adform.net/	1970-01-20 17:23:49	Name: uid Value: 8823211459918700390
.adriver.ru/	1970-01-21 01:33:25	Name: cid Value: A9Gi8pp7eHR3Pd1blHM47fA
.adsby.bidtheatre.com/	1970-01-20 16:07:30	Name: __kuid Value: 646c3585-39a3-4ed6-8981-0b48c02a2595.468259227
.yahoo.com/	1970-01-21 00:43:22	Name: A3 Value: d=AQABBGtfRWUCEEGmkSvFWB_n9YAuyINXNWcFEgEBAQGwRmVPZQAAAAAA_eMAAA&S=AQAAArCN6Yb6z8TvEMdVm4nZKw0
.zemanta.com/	1970-01-21 00:43:01	Name: zuid Value: CIe2t6sAbZZgAGXbLlUQ
sync.srv.stackadapt.com/	1970-01-21 00:43:01	Name: sa-user-id Value: s%3A0-172b024b-84ae-58f5-5378-c41f12b7db03.SYpFlMI10WAYTF4MThwIbjJnP52bnaygfiDOPkXmf5Y
.srv.stackadapt.com/	1970-01-21 00:43:01	Name: sa-user-id Value: s%3A0-172b024b-84ae-58f5-5378-c41f12b7db03.SYpFlMI10WAYTF4MThwIbjJnP52bnaygfiDOPkXmf5Y
sync.srv.stackadapt.com/	1970-01-21 00:43:01	Name: sa-user-id-v2 Value: s%3AFysCS4SuWPVTeMQfErfbAy2NmEo.ngWHPJcp2XgEh7%2B17RnH5ZPsuIzq2eoOufNqoxpldFQ
.srv.stackadapt.com/	1970-01-21 00:43:01	Name: sa-user-id-v2 Value: s%3AFysCS4SuWPVTeMQfErfbAy2NmEo.ngWHPJcp2XgEh7%2B17RnH5ZPsuIzq2eoOufNqoxpldFQ
sync.srv.stackadapt.com/	1970-01-21 00:43:01	Name: sa-user-id-v3 Value: s%3AAQAKIEXD0lCYSv3CwNqDVrtRwMid_YC4a_epPQTSlTzjHpSIEHwYBCDrvpWqBjABOgTtVOP9QgTlgm3b.WKMWGmgJlVFGaj70NkObUygIOpHcIlbh0s3VTmqCjzc
.srv.stackadapt.com/	1970-01-21 00:43:01	Name: sa-user-id-v3 Value: s%3AAQAKIEXD0lCYSv3CwNqDVrtRwMid_YC4a_epPQTSlTzjHpSIEHwYBCDrvpWqBjABOgTtVOP9QgTlgm3b.WKMWGmgJlVFGaj70NkObUygIOpHcIlbh0s3VTmqCjzc
.doubleclick.net/	1970-01-20 15:57:28	Name: DSID Value: NO_DATA
.de17a.com/	1970-01-21 00:35:49	Name: guid Value: 1.9093731379977979569
.linkedin.com/	1970-01-21 00:43:01	Name: bcookie Value: "v=2&9df16ac3-fdf3-4591-8468-891733987eb4"
.linkedin.com/	1970-01-20 20:16:37	Name: li_gc Value: MTswOzE2OTkwNDUyMjc7MjswMjGdrlHdhBAbMbrg88h33kw2aBJpYZZ3wqhBBtj7bAVaGw==
.linkedin.com/	1970-01-20 15:58:51	Name: lidc Value: "b=VGST03:s=V:r=V:a=V:p=V:g=3003:u=1:x=1:i=1699045227:t=1699131627:v=2:sig=AQFsx_y6wXjxAp4uNV_8vvqbph62UXIW"
.doubleclick.net/	1970-01-21 01:19:01	Name: IDE Value: AHWqTUnk_iAP8oa3kPFqoGqLnXnxy-PU6sLM4X56DlhfavKquLvwpGHvZ05St04PR3A
.adnxs.com/	1970-01-20 18:07:01	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?bs$Dr$!]tb$8i_iqf!oN/@E'zz<Z0QCkvmFcN.9Hrt58ShmMuuSU.0C[.>L@vplR-TD._PlZ[C[-kX-FK53h
.media.net/	1970-01-21 00:43:01	Name: visitor-id Value: 3420468285428227000V10
.c.appier.net/	1970-01-21 00:43:01	Name: _auid Value: 23ZnkGrkBdOivNN_bF9FZQ
.c.appier.net/	1970-01-20 16:40:37	Name: _gu Value: CAESEE6ZP_y16Ep1n-P_56I5kB8

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://zdorovieledy.ru/ Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2169694473459397&output=html&adk=1812271804&adf=1573534164&lmt=1650440532&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C188x945_r&format=0x0&url=https%3A%2F%2Fzdorovieledy.ru%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699045225500&bpp=4&bdt=390&idt=265&shv=r20231101&mjsv=m202310310101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4149270551015&frm=20&pv=2&ga_vid=1842509259.1699045226&ga_sid=1699045226&ga_hid=1451533323&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079307%2C31079345%2C44795922%2C44807048%2C44807334%2C44807455%2C44807461%2C31078301&oid=2&pvsid=2726199759630939&tmod=1169782769&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=301 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.c.appier.net
ad.adriver.ru
b1sync.zemanta.com
bcp.crwdcntrl.net
c1.adform.net
cc.adingo.jp
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cm.g.doubleclick.net
content.adriver.ru
cs.media.net
d5p.de17a.com
dis.criteo.com
dsum-sec.casalemedia.com
eac34dd8ade821361848d2db64759291.safeframe.googlesyndication.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
get.optad360.io
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
id5-sync.com
im.bluevoox.com
image6.pubmatic.com
invstatic101.creativecdn.com
ipgeo.service.qvant.ru
match.360yield.com
match.adsby.bidtheatre.com
match.sharethrough.com
matchid.adfox.yandex.ru
mc.webvisor.org
mc.yandex.ru
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pm.w55c.net
portal.o2online.de
pr-bh.ybp.yahoo.com
push.24olimp.ru
px.ads.linkedin.com
rtb.openx.net
s.ad.smaato.net
s0.2mdn.net
s3.wi-fi.ru
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static.criteo.net
sync.inmobi.com
sync.srv.stackadapt.com
tags.crwdcntrl.net
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
yandex.ru
yastatic.net
zdorovieledy.ru
104.119.108.27
104.18.36.155
116.202.32.31
13.248.245.213
141.101.90.98
141.95.33.111
142.250.184.194
142.250.185.66
172.105.221.240
178.250.1.9
18.155.129.34
18.180.200.17
18.196.149.165
185.86.139.101
185.89.210.244
195.209.108.51
198.47.127.19
20.127.253.7
213.155.156.180
2600:9000:218c:c400:11:a4de:2580:93a1
2600:9000:2250:f000:a:e047:753:a221
2600:9000:2362:8800:1b:5138:8a40:93a1
2606:4700:10::6816:3556
2606:4700::6810:5814
2620:1ec:21::14
2a00:1450:4001:803::200a
2a00:1450:4001:808::2002
2a00:1450:4001:809::2001
2a00:1450:4001:810::2004
2a00:1450:4001:810::2006
2a00:1450:4001:811::2002
2a00:1450:4001:81c::2003
2a00:1450:4001:827::2001
2a00:1450:4001:827::2002
2a00:1450:4001:829::2002
2a00:1450:4001:830::2002
2a00:1450:4001:830::2003
2a02:2638:3::3
2a02:2638:3::c
2a02:6b8:20::215
2a02:6b8::16b
2a02:6b8::1:119
2a02:6b8:a::a
2a05:d018:d29:3601:4c00:85ae:82c6:552b
3.124.69.248
3.67.250.230
34.102.146.192
34.120.135.53
34.249.63.196
34.96.70.87
35.227.252.103
35.244.159.8
37.157.4.29
50.31.142.127
51.75.86.98
52.45.175.185
54.165.78.186
54.76.77.157
64.227.64.62
80.239.201.54
82.202.165.233
88.218.242.3
91.220.120.21
91.220.120.249
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
011e3c5d05b1f8220f59241e57ac65c49b382e8ed8eff99149e2eda18e36a660
0197a9926027170f8a4772e279eeaa0d3f52ba03ab805203ab993b6b2551bae3
02600a23c6f383880f5706af53e035423140c8b23c83025ccc780d53e29c4019
0321b2b62b565b3d740cbf32490953fd7acf455bedb700e1f354a95121db0f78
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
056184e342b1bede64bada8c779b3b08c3a51aa6c7270a79d1f151cd7f0bf45c
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0eaed749931e3a7cbfcecd1c0ecfff06e953caebf0d3fb3850cc6b0857308c14
0f089d447baa9f51a7ae8dff56d3e16f75326e6b1923d9cfc8bb2a4247805ea9
0fab57543f51269755c854c09e1a361e6a3c04ae97b28b483ae00f13de630e9d
11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459
11cd8d40d84f166242c75509f56a74ba9745c45a93fc08ee1589c178b4a497ed
11ddde88c29ef7e51f5c03da7fde285085469879139d006f631a62dba9bbd069
131a40c0c1dfac9b88c487d37b4507545414b974b2a3f3a221071e6144035e7f
141b37e87db8ffd665b2348c155f3a6b40551bbb736184a37dd4067d1eadc2ab
1535347cab84b2b7431d22f29c356f5906552f565f5aa49d0e6922a5d0a4d5c9
1583a6565bdfb24969129960274ff657f4b20d716adcadc00a39c53bbd5797fa
15dbcdac0428cd2f0fe0908ef712b07aaa30ba4423918551435fe453b61bd859
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
188c418e2e9a82efd8859aca963e14be1bc4a271508c7f06f692501702c132c2
19aed234ef7080013c9cfc81584327bc6d47f827919eee10a4b69fed424638ff
20ac558ae4e736f5a22d58c1bcdab41693e106fb485d0c582be711621ef6456d
236fd6b0385c46e3bc1fc318ee68d7eeb6beaf2037d6626224d06771b39c1b7c
25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2d632eb27d61780aff41bf3e17337770767afe6c3114216d2a663489775c9b1e
2dade26d313a48dd8fa7c2f6bb81d8fa246f38dfd0121956753af28c29f4414c
2e6509c398b04f81c0979e33ff15739ab107d9a3a761ac4f3497e70a3c6c3a03
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
330428bfbf80e592f0577e954484fdba3dc04724d53ec26a86fb4aa4f8163ba5
34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55
361165fff8e72d8aaf3ca4776fa347631befb6364b8d1788a6144be6a36eb584
36a34ece9862bc012cdd5d7260269258db3ff4f1eafbc534e5501b9dd80cc927
3ccf1dd1f6ec2de31523d52d59e8862af3b44539e2386eccd4d3a4b16f8e1b8c
3ea22e25aea5cd66209b403f9b7c8589b5d82d59a4e19238d61b1420a98febb6
417094a113e794b806f92acee255768391a3c9c2957685bec3007bfd0e996d4b
42d19ded94a5695c5aafbd79adfc488217628ec7bb865db032aa94c9aa445c56
4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
459ae4c6b63a4bb2cb02c4bade60e24c482293e0876bd71aa088ced2fd4aa1f9
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4b468b6be87ef872e5210ed17bdc1a769e27dc72a0da47635570c0e5fc58a1bd
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bdfa4a8506ade8df9ce261876bfb544940ef11b2cebd5faef1a7b664dd5a298
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fcb12b30ac6ce5d33b15062021a0dee67ad759e0020d2db332386ddec0c7807
513fce28ef11f555cc363b63aa670f2bc0427d4f1f4d2a3fd47b64c99261713b
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55d2d2872c3dcbe870c90c4b7d9e942456e8809e9cb5885ae42cc4e70edbc01e
5782cc466ec0473bc17c3bb0573c32fc1a478015596f1c8bfdcac765c06fb9ce
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
60280b8ab4c8d489c74567c55e14945b935c2f5937855f808163ee40a65f065f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1
66a4f5185372406e0708a203e14a78ef647be884071c523020ce7a3d37f3d0ed
6720fb9ead71bae3b623dc8943f9609cefd11203330684d64c79c301c330ac8a
6855da45f19bcfd04a2b0ff634c343ab601e4973c37d7f42cf2531c5969b3bc1
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
6ab75e8a88cd6f9795dec64f50748838a54b4e9a645e43b673542fa1199eaa16
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41
6f6c147644314f78829327cf7d47bcc7a8f0a2b7b41f1e2515b9c142952236c0
6f741883eafc84067b80014e53fbfab2505aca4f7cf767b17404a291fffb79d4
70748a51411b299311fd16f79fda2b8824bf27c2bc883869db0961836a35fe0c
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
76ca50d1ef630c1dcf2abcfd0f95d4fe86e5d5b50bc2721e974cf0a23b537b82
77289abd38d4fdc1a383e94959fa88d6e9daf30c175446e42ec6c719f90695b2
7c1b93943f2c358ea10bc315255008a18d0d5b1ca54f13c3be9c7bcd5e422d69
7cf3664a2c648d0618c909a9173a9e6a3f5dd27168764e037d3c2374485a8d5f
7ec0de8d3390ed6caee667281dd61d50ddec8184eec891bb994059fd7867b464
856c41d7d47bba74b107e526ef8f49968fb2a3a129cdc3c5ef5899ba3c2dc181
87dd283afe75a225a5d554f0a7440a95838783bdb33d4c2bbb2b7cc6d25f9145
8cd5aa76b102f5d10d5add1663eef2c3ce0dc699ae264f7aaf093f7033982d8e
8e5a090344c3e521f2feb3cabf31c02707032881cb462cba100ef0261ff2e1a2
95342e68634196ba4cacad22852b250fe7ff1196b4d0e45d513dccd7bc8e09db
9550f150e8cc0ab3ec70ed82b41bdb7c9162902b8abd2e2092bed0b497c5b565
961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914
973408bd1a1da181c7eaa9293c0cd095f3836a76b626bc76af21e1cd96b5dcde
97f3fe872af5afde41784c06c54eef0952565322032c9ba3a3dd82c7a4cc02de
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9cc9bad784b24501e0317284a1827d4c8127c998c60ff5a39f687ecc6a1e74ff
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9
a24d2e6115ede07b9aa297f9b1cedc533f425519c696afd9001ee0035bdb24bd
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a55b438b428508aeb2eb74f0a11ad7bc9ed76a020fcca76fe0c38b62a21ec267
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1
a9e3d293d21d325fadae91be7f19f56a0d8b938bd225230665f5011cad6e5450
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ad7f10cde03cdfc268b84174d2db61be7425c662fc959f013b958320be3c1398
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2c5ec720589f442589df568f5dc92932bb95482274cff3d7acf8a9ec37663f9
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
ba05d287658833589d3a45e0c5346e6194bf9d153c49392786330c023eaef896
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c6ba28d5afb3ad12e1d599e609dcc3f1fc633f63c9d55f337214083ba6e4a6b1
c990092c0833fe4696dcd9a3a1cf486f4e2e9c55e13be85384a5b5f73806c56e
c9c1caceee24c82513919d61734ad3ccb66800fa0a92f71da617c49b8a872fb1
caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150
cc8838761387ce639c31012496f42fc618a92847b8896b6b9dc2c79f3ef74ed7
cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3
d2230cb1c1cb867cdf4d79eeb340d32e5fc0dec2936f8963140e6845cf268770
d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731
d85c3f3cfd83940b22f53ec01130fed54c31d6ee8ff19ecc66fc95196fe6e0fa
e026f9e1d345671637e70e5837fada9d217a06423611a1631b6a6a948f2b7e70
e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e4ef3c595ac266ec231f79cb3beaef7bf618c2aa87afb678e738ba906dcb74ad
e55db54a397fd4c54ceacb1fd97497392d2e6f13a1a50837176c1b3feb98dc0e
e67417b0b06b8190bcbc2063e7e5b70febd93586e820049fd4eda8e491fd9ec7
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
e8cf20f6e98c91ff5a877209649b0839bb06e5751793babfb0dbbbb60a9e811a
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f36d57f91502963d51a7ae4940fb267364d9c1805bf5f973d327257bb4084024
f4ae5d08fa5921e9f45874deec71da3fb5222c06710ce6015efe1ed9bcc41fbf
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f7b8af9b735073ec39e38018ae49ba7396286cd7e2cb2c4d457885ff41ad755f
fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

zdorovieledy.ru Open in urlscan Pro 82.202.165.233 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

229 Requests

85 %HTTPS

39 %IPv6

50 Domains

65 Subdomains

51 IPs

10 Countries

3794 kBTransfer

8877 kBSize

53 Cookies

0 Outgoing links

Page URL History

Redirected requests

229 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

zdorovieledy.ru Open in urlscan Pro
82.202.165.233 Public Scan

Screenshot
Live screenshot

Full Image

229
Requests

85 %
HTTPS

39 %
IPv6

50
Domains

65
Subdomains

51
IPs

10
Countries

3794 kB
Transfer

8877 kB
Size

53
Cookies

229 HTTP transactions
6 data transactions