legas.com.ua Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://legas.com.ua/
Effective URL:
https://legas.com.ua/
Submission: On November 25 via api (November 25th 2022, 5:10:21 am UTC) from GB — Scanned from GB

Summary HTTP 231 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 48 IPs in 11 countries across 44 domains to perform 231 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is legas.com.ua.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 24th 2022. Valid for: a year.

This is the only time legas.com.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
20 30	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	31.131.16.29 31.131.16.29	56851 (VPS-UA-AS) (VPS-UA-AS)
1 2	49.12.116.255 49.12.116.255	24940 (HETZNER-AS) (HETZNER-AS)
27	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:6b8::130 2a02:6b8::130	208722 (GLOBAL_DC) (GLOBAL_DC)
1	2606:4700:303... 2606:4700:3033::6815:2c6c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
13	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
1 1	192.102.6.73 192.102.6.73	57682 (HVDS-AS) (HVDS-AS)
1 1	176.9.60.211 176.9.60.211	24940 (HETZNER-AS) (HETZNER-AS)
1 1	142.132.202.70 142.132.202.70	24940 (HETZNER-AS) (HETZNER-AS)
1 2	2a02:26f0:170... 2a02:26f0:1700:384::277d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.18.2.81 104.18.2.81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:6b8::14 2a02:6b8::14	208722 (GLOBAL_DC) (GLOBAL_DC)
19	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
3	103.229.205.243 103.229.205.243	30419 (MEDIAMATH...) (MEDIAMATH-INC)
32	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
2 5	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	46.4.10.47 46.4.10.47	24940 (HETZNER-AS) (HETZNER-AS)
12	52.19.198.230 52.19.198.230	16509 (AMAZON-02) (AMAZON-02)
1	88.221.168.207 88.221.168.207	16625 (AKAMAI-AS) (AKAMAI-AS)
4	138.201.84.244 138.201.84.244	24940 (HETZNER-AS) (HETZNER-AS)
2	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
4	37.157.6.242 37.157.6.242	198622 (ADFORM) (ADFORM)
17	37.157.5.72 37.157.5.72	198622 (ADFORM) (ADFORM)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 13	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	37.252.171.149 37.252.171.149	29990 (ASN-APPNEX) (ASN-APPNEX)
8	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1 2	2620:116:800d... 2620:116:800d:21:7eb1:3826:be7e:d981	16509 (AMAZON-02) (AMAZON-02)
2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3 3	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	104.18.33.19 104.18.33.19	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8100:3d7c:b3e5:1d0f:44c5	16509 (AMAZON-02) (AMAZON-02)
2	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4002:82e::2003	() ()
1	64.233.184.156 64.233.184.156	15169 (GOOGLE) (GOOGLE)
1	34.98.67.61 34.98.67.61	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:12::a	() ()
2	2600:9000:223... 2600:9000:223c:c600:b:90c6:35c0:21	() ()
231	48

30 2a06:98c1:3121::3 (United States) 20 redirects

ASN13335 (CLOUDFLARENET, US)

legas.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.131.16.29 (Ukraine)

ASN56851 (VPS-UA-AS, UA)
PTR: 29.16.131.31.uashared05.twinservers.net

caddy.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 49.12.116.255 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.255.116.12.49.clients.your-server.de

www.meteoprog.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.meteoprog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8::130 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

info.maps.yandex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::6815:2c6c (United States)

ASN13335 (CLOUDFLARENET, US)

cpa.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.102.6.73 (Kyiv, Ukraine) 1 redirects

ASN57682 (HVDS-AS, UA)
PTR: s1.zevshost.net

040510111616.c.mystat-in.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 176.9.60.211 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.211.60.9.176.clients.your-server.de

resistcorrectly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.132.202.70 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.70.202.132.142.clients.your-server.de

hlmiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:1700:384::277d (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

de.hotels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ch.hotels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.2.81 (None, )

ASN13335 (CLOUDFLARENET, US)

r.i.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8::14 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

clck.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 103.229.205.243 (Singapore)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.4.10.47 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.47.10.4.46.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 52.19.198.230 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-198-230.eu-west-1.compute.amazonaws.com

s.update.mediamathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.221.168.207 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-168-207.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.84.244 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.244.84.201.138.clients.your-server.de

hal900026.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.242 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 37.157.5.72 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 172.217.18.2 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.149 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:7eb1:3826:be7e:d981 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.47.127.19 (United States) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.33.19 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8100:3d7c:b3e5:1d0f:44c5 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4002:82e::2003 (None, )

ASN- ()

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.184.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wa-in-f156.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:12::a (None, )

ASN- ()

r5---sn-4g5lzne6.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223c:c600:b:90c6:35c0:21 (None, )

ASN- ()

d1dgf5fdrpyfo7.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 116 tpc.googlesyndication.com — Cisco Umbrella Rank: 147	663 KB
36	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 stats.g.doubleclick.net — Cisco Umbrella Rank: 94 cm.g.doubleclick.net — Cisco Umbrella Rank: 207 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 294 bid.g.doubleclick.net — Cisco Umbrella Rank: 668	180 KB
30	legas.com.ua 20 redirects legas.com.ua	161 KB
21	adform.net track.adform.net — Cisco Umbrella Rank: 3098 s1.adform.net — Cisco Umbrella Rank: 6541	169 KB
13	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 40	40 KB
12	mediamathtag.com s.update.mediamathtag.com — Cisco Umbrella Rank: 8299	58 KB
11	2mdn.net 1 redirects s0.2mdn.net — Cisco Umbrella Rank: 274 gcdn.2mdn.net — Cisco Umbrella Rank: 946 r5---sn-4g5lzne6.c.2mdn.net	273 KB
8	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 52 ajax.googleapis.com — Cisco Umbrella Rank: 257 imasdk.googleapis.com — Cisco Umbrella Rank: 421	176 KB
8	gstatic.com www.gstatic.com fonts.gstatic.com csi.gstatic.com	116 KB
8	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 83 www.google.com — Cisco Umbrella Rank: 2	2 KB
6	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 540 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 450	5 KB
5	redintelligence.net hal9000.redintelligence.net — Cisco Umbrella Rank: 36299 hal900026.redintelligence.net — Cisco Umbrella Rank: 328040	7 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 178	189 KB
4	mathtag.com tags.mathtag.com — Cisco Umbrella Rank: 3381 pixel.mathtag.com — Cisco Umbrella Rank: 867	3 KB
3	pubmatic.com 3 redirects image6.pubmatic.com — Cisco Umbrella Rank: 681	1 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 208	3 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	25 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 7898	1 KB
2	cloudfront.net d1dgf5fdrpyfo7.cloudfront.net	110 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 314	920 B
2	openx.net rtb.openx.net — Cisco Umbrella Rank: 1486	414 B
2	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 649	793 B
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 737	141 KB
2	hotels.com 1 redirects de.hotels.com — Cisco Umbrella Rank: 227207 ch.hotels.com — Cisco Umbrella Rank: 380787	2 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 144	89 KB
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 932	356 B
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1473	296 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 110	18 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 860	695 B
1	yandex.ru clck.yandex.ru — Cisco Umbrella Rank: 44501	587 B
1	i.ua r.i.ua — Cisco Umbrella Rank: 159767	3 KB
1	hlmiq.com 1 redirects hlmiq.com — Cisco Umbrella Rank: 240278	579 B
1	resistcorrectly.com 1 redirects resistcorrectly.com — Cisco Umbrella Rank: 240617	343 B
1	mystat-in.net 1 redirects 040510111616.c.mystat-in.net	319 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 67	55 KB
1	cpa.com.ua cpa.com.ua
1	yandex.net info.maps.yandex.net
1	meteoprog.com www.meteoprog.com — Cisco Umbrella Rank: 878210	171 B
1	meteoprog.ua 1 redirects www.meteoprog.ua — Cisco Umbrella Rank: 695791	129 B
1	caddy.com.ua caddy.com.ua
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
0	novostimira.biz Failed g.novostimira.biz Failed
0	bigmir.net Failed c.bigmir.net Failed
0	admaster.net Failed a1.admaster.net Failed
231	44

	Domain	Requested by
32	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com legas.com.ua pagead2.googlesyndication.com imasdk.googleapis.com s0.2mdn.net
30	legas.com.ua	20 redirects legas.com.ua
27	pagead2.googlesyndication.com	legas.com.ua pagead2.googlesyndication.com www.gstatic.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com s0.2mdn.net
17	s1.adform.net	track.adform.net s1.adform.net legas.com.ua
17	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net legas.com.ua
13	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
13	www.google-analytics.com	legas.com.ua www.google-analytics.com www.googletagmanager.com
12	s.update.mediamathtag.com	tags.mathtag.com s.update.mediamathtag.com
8	s0.2mdn.net	legas.com.ua s0.2mdn.net
5	www.google.com	2 redirects legas.com.ua tpc.googlesyndication.com googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	track.adform.net	hal900026.redintelligence.net s1.adform.net
4	hal900026.redintelligence.net	hal9000.redintelligence.net hal900026.redintelligence.net
4	fonts.googleapis.com	googleads.g.doubleclick.net tpc.googlesyndication.com
4	www.gstatic.com	googleads.g.doubleclick.net
4	www.googletagservices.com	googleads.g.doubleclick.net legas.com.ua
3	image6.pubmatic.com	3 redirects
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	cdnjs.cloudflare.com	s1.adform.net
3	fonts.gstatic.com	fonts.googleapis.com
3	tags.mathtag.com	googleads.g.doubleclick.net tags.mathtag.com
3	stats.g.doubleclick.net	www.google-analytics.com
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
2	d1dgf5fdrpyfo7.cloudfront.net
2	r5---sn-4g5lzne6.c.2mdn.net
2	googleads4.g.doubleclick.net	legas.com.ua
2	ssum-sec.casalemedia.com	2 redirects
2	pixel.rubiconproject.com	2 redirects
2	rtb.openx.net	googleads.g.doubleclick.net
2	cms.quantserve.com	1 redirects googleads.g.doubleclick.net
2	imasdk.googleapis.com	googleads.g.doubleclick.net
2	static.xx.fbcdn.net	www.facebook.com
2	ajax.googleapis.com	hal900026.redintelligence.net s0.2mdn.net
2	connect.facebook.net	legas.com.ua connect.facebook.net
1	gcdn.2mdn.net	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	csi.gstatic.com	imasdk.googleapis.com
1	ag.innovid.com	googleads.g.doubleclick.net
1	www.facebook.com	connect.facebook.net
1	pixel.mathtag.com	tags.mathtag.com
1	hal9000.redintelligence.net	legas.com.ua
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	clck.yandex.ru	legas.com.ua
1	r.i.ua	legas.com.ua
1	ch.hotels.com	legas.com.ua
1	de.hotels.com	1 redirects
1	hlmiq.com	1 redirects
1	resistcorrectly.com	1 redirects
1	040510111616.c.mystat-in.net	1 redirects
1	www.googletagmanager.com	legas.com.ua
1	cpa.com.ua	legas.com.ua
1	info.maps.yandex.net	legas.com.ua
1	www.meteoprog.com	legas.com.ua
1	www.meteoprog.ua	1 redirects
1	caddy.com.ua	legas.com.ua
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
0	g.novostimira.biz Failed	legas.com.ua
0	c.bigmir.net Failed	legas.com.ua
0	a1.admaster.net Failed	legas.com.ua
231	61

This site contains links to these domains. Also see Links.

Domain
caddy.com.ua
salutes.com.ua
forum.legas.com.ua
www.meteoprog.ua
mytop-in.net
www.i.ua
banner.kiev.ua
www.novostimira.com.ua
clck.yandex.ru

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-02-24` - `2023-02-24`	a year	crt.sh
caddy.com.ua R3	`2022-11-23` - `2023-02-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
core-jams-info.maps.yandex.net GlobalSign RSA OV SSL CA 2018	`2022-06-29` - `2022-12-18`	6 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-03` - `2022-12-02`	3 months	crt.sh
i.ua R3	`2022-10-05` - `2023-01-03`	3 months	crt.sh
clck.yandex.ru GlobalSign ECC OV SSL CA 2018	`2022-08-26` - `2023-01-28`	5 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-18` - `2023-04-25`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
redintelligence.net R3	`2022-10-04` - `2023-01-02`	3 months	crt.sh
update.mediamathtag.com R3	`2022-10-22` - `2023-01-20`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.innovid.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-15` - `2023-04-15`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.c.docs.google.com GTS CA 1C3	`2022-11-08` - `2023-01-17`	2 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh

This page contains 28 frames:

Primary Page: https://legas.com.ua/
Frame ID: 63217BC3D73ADD983FBC2AC5F93ED742
Requests: 53 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
Frame ID: 502F4EABA13B82CC4EE202F08BADA731
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1486316043&pi=t.ma~as.2642460384&w=468&lmt=1669353015&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015304&bpp=16&bdt=1107&idt=347&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&correlator=4076884363074&frm=20&pv=2&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=EvLvJQ9AmK&p=https%3A//legas.com.ua&dtd=385
Frame ID: 3E4D9323D46346C46E615D4D1CD19833
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1365725250&pi=t.ma~as.2642460384&w=468&lmt=1669353015&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015326&bpp=4&bdt=1130&idt=368&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=mmU4kfP8SO&p=https%3A//legas.com.ua&dtd=374
Frame ID: 25B79CA1002AAC07CD78BED18A29D8DA
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=600&slotname=3398747635&adk=240658524&adf=1605720054&pi=t.ma~as.3398747635&w=160&lmt=1669353015&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015340&bpp=12&bdt=1143&idt=376&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384%2C2642460384&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1179&ady=2285&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=niggdgF3jh&p=https%3A//legas.com.ua&dtd=380
Frame ID: A2CA485422CC706314BD6E22D809C448
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=250&slotname=8161031849&adk=4210853449&adf=3405296861&pi=t.ma~as.8161031849&w=300&lmt=1669353015&format=300x250&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015603&bpp=2&bdt=1407&idt=123&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&prev_slotnames=2642460384%2C2642460384%2C3398747635&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1109&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=vJwtd18H85&p=https%3A//legas.com.ua&dtd=131
Frame ID: 6B20AF7BE8F5DF271631B46140EAC151
Requests: 26 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/index.html
Frame ID: F69B20517CE554E6E2847917BF27EAD7
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D90AEE3419615BBEBBC6D2F51B246377
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 3CB96274599098054E1BF8B5500E65EC
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js
Frame ID: 1BAC06FB026F70FD09699BA381872A7C
Requests: 1 HTTP requests in this frame

Frame: https://hal900026.redintelligence.net/request_content.php?s=11162600010773006352827012154026&a=aa6192c0
Frame ID: 571BA1B2F0BFA0D27DD44F5B9629EF8E
Requests: 11 HTTP requests in this frame

Frame: blob://https://googleads.g.doubleclick.net/49587fa7-6a44-4e92-8f14-501a86e6c03a
Frame ID: 6348BD669557396AC9ADF44821DE60A1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&adk=1812271804&adf=3025194257&lmt=1669353018&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Flegas.com.ua%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353018768&bpp=2&bdt=4572&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D4bafd428082bfc3f-22a107f38dd700db%3AT%3D1669353015%3ART%3D1669353015%3AS%3DALNI_MbsQFr0dyyyC5Cqz_9-JIvfOy5m1w&gpic=UID%3D00000b86c09366a6%3AT%3D1669353015%3ART%3D1669353015%3AS%3DALNI_Mbxw9rs_s7fvjiFQvD660djbnQR9g&prev_fmts=300x250&prev_slotnames=2642460384%2C2642460384%2C3398747635&nras=1&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&psts=AMjMPc1aAGgrNQXu-zrHbqwRX_d5vO7ArS9GB_meOVuJRpZ7c653kssxdObWdUrfRHLPTEXmeYiRS2cvCX6xO9V4GQ%2CAMjMPc3-qi4U6vg_6q5KNvshmJ1G1iKS31LvlQdHpHHwKWuLfCrD2183KMjHweoJJ89svzmFvpIUkGmjQyXINSY%2CAMjMPc2PgKGOO8_pgqGJSjwJkoNDeJXcSfCtqac_nH3Ly8NfIiZ_mOzXtgA5u_twDeCgAKsAyRfv6tG78-NnEw&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=5&uci=a!5&fsb=1&dtd=20
Frame ID: 47B1735D6D3BFFB1805A9CB5D0B144AF
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df15def152a13a24%26domain%3Dlegas.com.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Flegas.com.ua%252Ff223b2ea35a6878%26relation%3Dparent.parent&container_width=300&href=http%3A%2F%2Flegas.com.ua%2F&layout=standard&locale=en_US&sdk=joey&share=true&show_faces=true&width=230
Frame ID: CFCEF89013E3DB05A249542450FB75BF
Requests: 3 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/160090/12038844/12038844.js?ADFassetID=12038844&bv=258
Frame ID: D00113238977DC2F5D31E19A79B65819
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Frame ID: 5EB47A1457EDDEAD5AE3567F6BE44CAC
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Frame ID: BE49FB954989B82E1047CC8FD520525C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNUdA1qWTVOlastp_aI7d_wuKOPCJ5vCIzbVUbpkSwzCF8Ot4-cfcGj3GAlrPnOm029VK5lipg6OGJ6qEizmwwoXDgnoD-7-17gzFObN4MGFeRUJlkkE94cTMOhZU2Ap5hCe2_lmg4zi1iXBLz23a8QayLIsaOqVEwRtpjTa_IJc4bMlq58
Frame ID: 674CA9805C5DE590462EF3103A2E6D40
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D3QjmqrxL1QoiGxFs9OXpPQAvAZPjwxWXabLqpNx6QwkHV-D304VntnEHqPsQqI1CATtEeYDNvTCBfEbo1L_AZhKSlYxUXMvzAgiZ5jAP1a0fIENqxw51lID7z1mKqp3IgSQw-o1DA3akpnPROpVq_YLBTa0AJov10uQsznXLAI563xY4&dbm_d=AKAmf-CTZUV_n0IAGSwlmfFAlT3bnuGfCfuLTspgFqzYthDBmdumnMOtgDsBP0fFSlBSEOf-rWPXczGOe__qNLdz7CL0kuE0_ITCFQ1MU9toXOlTJM2fCb7Q4jdcJnbjV4NkxL-tBlPGgmfnkLfyoWQWIfxiGAuPolbF5h3qBn7ju_Dx9pVQ1TiRsrRGtjBIs4HwOmZ2pN8qbor2_XCIxULeuewmb0K7MWGvJp40l3Y7PBNhvdosqFjawl2pbfeRfaVT-g8kcDqr4sLFj_x8uZGlXg-5UOH1bpIeNfTcl2hTBleLzohMQj5yS_QXqNAG89uHCyGTcKMCrqqsvs41sjQPOYpcZ1LM-MXNfG24fT9FGVREXdqmAMxus6y-r3cjNcd_TtSJTBgIcXH1Mxhniwkdv53NkqGVNFEzjIqsAs_1JNwiVtMiH4ANq7mBqxgURD7z-3Aq9to9ewwGgBIzZ3CVymQK1GQULSnWg_0Swq0AXbJsRWp419Y_-gsjDaBAPo1lbUxOna9x46Qgn1TFcO-X7wZxp0DQlg3CBFo9kcSM0w5Op6122bmsK3PBRxP5Q247pB2HenHA8XFyUNWltN-DFPCDx5QrqnIgYl23dJJ546-Q5VXMy_6QTbHEMU9_IwYK0T-6oyfbE43lVgGyJCu-CgILM90LFK6bSxR_9l9pdsQpi24lWOStnmQ1P47l2Pk1XgPyeJRO_9JQ5F4mXxbDzQIKPSPK9JzRjqP44m6H-vEm9rjX8FU0V57rmEbIFv41cmGSM2KlcJJIm-HT2fNDhCPVmyGtRayEVHw99xUE8X2BxoMP7HRsI1DnHlLWioWnBmTC7q24tdeqzlt2W_yCdt4jy7QGWMpMlkAGP9o1Tef8kkbRJGuNsj2sxy5xRweqM3k46SJG-16gmK_VWMRC4mr5E9vxixxNoJLFYsTXKkcIpwZzlqt67gKtHd7vhggAfmchtrfVr3LDq7JLSLi63kXS2wxCz52Fn-S0AIat8Ny02vzu7IlE_WdZZSwLUM_ui5XS42mNZPtrJg_-DrUbpobtghHp2ZP65Gxw6ySIElsPa8h7fGIr3O3oxSQfNUEvT7hfPQkt9blvYZ_epWIuoWMGhLt02zswXXjWHR64wMnUOSKg7SIuollI1-5iHvU4KQVE8-5GlLFJwoDXAlFrAoGcY5j215ATDprXWRxEAbDvg8_ce5TnrjBOcE1qv5ziHJGzUrVNT85I2M2RCrZMSU8huShNLAh6M_wds6xrmfHI8sXmknn7wySykytE_PUrxGkqt_QHlZw82rj-huDeELmeTBh954Pc4zwfOTLoAhOUAw1b6ZGuXfGi-oILSdZrdNIRY8XPlRHGXXmdXgMen61hazBUU2dOZ4DuuJTHt7FoZ_vBJc45DnnfoSHNepO1rR57hdFiA60Dvo-QFJFz7oeqysYDJS5XCYonj7WgU8e0nerriGz-VbIm6sxMA2OVr1_IoahpGFbxg4dqCnoxZJKrVXbDcONxajj_rVAIsq984SENL3-8ykOQKrEe24032jaZbsQ1SvZXvyCB8OD6c-xdb7gHyjRq3x838ki2x7YVgdg3uTWWY1JBmXWaqVswmXMoSVuDs7xZ8ZUxq5O-5lmKmlMCul87_rTawfZ-R2deWu9YiamGt3OWvG7JTY5Cz-v1cfAXhjj2v46mXyk8Yn2-ynKOHjAKFD2OxCN6fDvaHPmmbhtUG6Et_0Wcd0JSewTH3urCwmcjyH3Z7DGXH1uvvwuGZkH9mS0CObk-Q4YqqSUL7sC5rysAOY036VXQPs23rjjnA_82UEIrrmiznc6v4Px3mlxva9E4bua7eTeRu6I9_fho5J49kqhVfsuabvf1WvxM12zTXiSZ8cmglOsHGL-4t5e3gTtEOBUxzTDvAwiELTI3KHxM7gGh-C-2Ltvo2g-pgp9EK3-3xcud-6Kj0umKr8Qz3vRGkk8nki36ncDMGeNfaBk5CfK7pqm0T-QWPFavM-SidIqN4Dlun87NUECqFeql8HGQgjBWIGSRB4_e9DhjHHY1envxw38NG6GMiK1leeEXOm4Cz4lqirA5A-B4-c1cNub4fnHn6XAyG7hT_mpKT1pj-0QwWaz1GI3s5lrgbxpznxBSRhYSOOPLPvYYlbExfq8ghRqi8vPgHf-dQBjHfUhrPoeT_PmR3gJfVMQGmMID6Bb_ntVSc4Xm6icpE8ksIeAtEgWH3gNzzg8MWVPOv5WlTYCavwU1uGR7-qxMOBW-KY7-FQQDOJ3MaydHfQRr1LrHVcRrFeTyb2jPxZ22h0_LKkh05cO7QHvwtGJWgE1u4WK7Xuk0g-gCgxv1DLEu15ZkUBFKLskn8Hqxn6gMm_C63hMPfRa6hxXKQp3SIWY-1XzhtMXs5sO1WaFC88sNcWXBZL7xB6YAoADqnXhfvomPLb44Az1oQIvuSb2bzsYrVFlI2w70THWyMNaa_NWrZhSrqhwYaISbS1vqbDwayJe0k8aqOp2K4ty4_N_BE74L0oKmFNQ9rwllJA-XxLHlUqRLuqlnww3YatdehZNtG_bN0VSoxYdOTNSqP5_1CMKYsFozUL1PU4W9BD1B1DltBtWeUydXIGHayZ4ju83vF1B4mhUWlM2-pOSTuU7jD7n3qmPdP1otYkZ4tHqwRW7_nEgC_1pfpBYaVtYg99CZ6dd3NKUMcHyU6VZhgDeyk38X6LSFqfXStJYnlwdcRQ-_VhMbOFmmIjwlxsbcOZekgq5LJJxY9-HsCUUL36ReCXpHkqEy80VQZmy2B4sF59B904ZHeNui_C_S20FQgV5riBtDHqrASATGZX4ePjgRFhH74oUNwZCHY7yOf7CNXWepOjzZBeqFeUncg5SNcSbEfNOllDa9gtSVjzCO_G24kKdKM6ALqhSKt8fcVdGcJunQ_QP8D18SCoyc7iz5_oBAnebYIcTmjxGOfyzkMs9s9OOzC-lFnwv9F-Hj2TG8W3XERgIY1nWgf3GB_VSgKa2wFfIo8GKgsDOMd4PxaL-tLvcJtdEJ5ojdHRYnJotJF5tj7eTX_4Jg_J37Qtpq0HcpthtA24cN4Cf6yJ--put0OYzdxg0FLkgt5TngcmB5SbXrpBT7GXObHli6kCfvnfV9VNRFUTcvg0qdDv--LztWRVMjbQ62wCun5dy4ZAtJJxOUiDzIXRTcF1GMyAUk_MfE30-miZGAQb11l9r_XvBKHOoYoIDS5J6Z37vzODmAljVSdhhFtSo3KtmftTjUBauSdHO_rV5y0k-LIzlOyAz_qbNcY5DfsUr-aYODKzH2Fnk4ft8yibe9q3nDWI-9F9Hy0N6sCwRAe7vxbzRe3topFzLnWUcn59kAak1_J0ffmfQE-UXajHn3RW-9nwODH1Z0XO-u9sB6zTPb39e00afqFwHG_yfnMAALL-EL9uVZvsYCgXk_YgGc-3FjdRlu8wQRjJZs-DssNfUau9EFc0-_D6-zYUF6PY8ahNIQ0j9AMShqFDk5bT05LGNLpMDIz9-3gbhDAssiaYPUmO46HHgUi29hv_EbI6b8UyA7x86YH7rHKscN2O1hgKRoGfAw56lekVW-TOjFzpxXU4jtcHnhMrN_ysT-otYsQNCo-KSAt9Nf6k0zasjdDRzenQsPEnQ70Gc4o_b-Y4gJR6D8G5U2mtNEWvtZGkLWmb98XO4H7bxP-sxu0LJbw8XsUmgspYR0RGV1tzRUuwkRiT1Iep6eNZhNGclLaWREVgQFzrLiidY0-G8uGsa-gMguDfpAvnPV1vgmYoZtozCUCYCMlA2o&cid=CAQSOwDq26N9hxioGh9bOXkVSCfzyHDuv32_XoFbguJD8RnFyJ2aX5Z6TQDVnuUoJxsOpYaKs0id9VBoTTZVGAEgEw&rfl=2%2Chttps%253A%252F%252Flegas.com.ua%252F%240
Frame ID: 76769B1CC7AFFC9D1D77B3DF1D26ECB6
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6771B7F009D696FDA7B80A65B7EB2009
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7ADCE5E15801FA6BE3EB112CD111135C
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js
Frame ID: BC98F037470B8C2CB1F7EF3810E338E0
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D6E3713380984EFE4693CFFED28A4519
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 63BB4C79CC3FF680FE821E484384CE86
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=worNpKXqZu&t=1&renderingType=2&ev=01_247
Frame ID: 40BFF471048FA690BD4A1BDB2E9BA57E
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E8DAA5970CAA56CBE122BF94E862FD30
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 2423E28DD43E907F9BC4B7D29D878C40
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js
Frame ID: 01E39C98C2B73F1594A9545E9DECBC55
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Правовой портал

Page URL History Show full URLs

http://legas.com.ua/ HTTP 301
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+name="__VIEWSTATE

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

231
Requests

87 %
HTTPS

57 %
IPv6

44
Domains

61
Subdomains

48
IPs

11
Countries

2473 kB
Transfer

6672 kB
Size

42
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: http://caddy.com.ua/magazin/category/view/5.html

Search URL Search Domain Scan URL

URL: http://salutes.com.ua/
Title: Наш магазин

Search URL Search Domain Scan URL

URL: http://forum.legas.com.ua/
Title: ФОРУМ

Search URL Search Domain Scan URL

URL: http://caddy.com.ua/magazin/product/view/5/98.html
Title: Audi A6 Allroad (2500 грн)www.caddy.com.ua

Search URL Search Domain Scan URL

URL: http://www.meteoprog.ua/ua/weather/Kyiv/

Search URL Search Domain Scan URL

URL: http://mytop-in.net/

Search URL Search Domain Scan URL

URL: http://www.i.ua/
Title:

Search URL Search Domain Scan URL

URL: http://banner.kiev.ua/
Title: Украинская Баннерная Сеть

Search URL Search Domain Scan URL

URL: http://www.novostimira.com.ua/
Title: Новости

Search URL Search Domain Scan URL

URL: https://clck.yandex.ru/redir/dtype=stred/pid=30/cid=1531/*http://maps.yandex.ru/kiev_traffic

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://legas.com.ua/ HTTP 301
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://legas.com.ua/css/style.css HTTP 302
https://legas.com.ua/css/style.css

Request Chain 1

https://legas.com.ua/js/jquery-1.4.2.min.js HTTP 302
https://legas.com.ua/js/jquery-1.4.2.min.js HTTP 302
https://legas.com.ua/js/jquery-1.4.2.min.js

Request Chain 2

https://legas.com.ua/images/logo.jpg HTTP 302
https://legas.com.ua/images/logo.jpg

Request Chain 3

https://legas.com.ua/images/ad/caddy_seats_new2.gif HTTP 302
https://legas.com.ua/images/ad/caddy_seats_new2.gif HTTP 302
https://legas.com.ua/images/ad/caddy_seats_new2.gif

Request Chain 5

https://www.meteoprog.ua/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00 HTTP 301
https://www.meteoprog.com/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00

Request Chain 6

https://legas.com.ua/images/poll.jpg HTTP 302
https://legas.com.ua/images/poll.jpg

Request Chain 7

https://legas.com.ua/images/arrow.jpg HTTP 302
https://legas.com.ua/images/arrow.jpg HTTP 302
https://legas.com.ua/images/arrow.jpg

Request Chain 16

https://legas.com.ua/images/bg.jpg HTTP 302
https://legas.com.ua/images/bg.jpg HTTP 302
https://legas.com.ua/images/bg.jpg

Request Chain 17

https://legas.com.ua/images/menu_bg.jpg HTTP 302
https://legas.com.ua/images/menu_bg.jpg HTTP 302
https://legas.com.ua/images/menu_bg.jpg

Request Chain 18

https://040510111616.c.mystat-in.net/?i040510111616&t4&g27&w1600&c24&r&v3&j0 HTTP 301
https://resistcorrectly.com/w HTTP 302
https://hlmiq.com/to2/hotels.ch/ HTTP 307
https://de.hotels.com/?locale=de_CH&pos=HCOM_CH&rffrid=aff.hcom.CH.038.000.1100l95727.kwrd=1011lwnjmvSU&affcid=HCOM-CH.DIRECT.PHG.1100l95727&afflid=1011lwnjmvSU&original_destination=https://de.hotels.com/?locale=de_CH&pos=HCOM_CH&rffrid=aff.hcom.CH.038.000.1100l95727.kwrd=1011lwnjmvSU&affcid=HCOM-CH.DIRECT.PHG.1100l95727&afflid=1011lwnjmvSU HTTP 302
https://ch.hotels.com/?afflid=1011lwnjmvSU%2C1011lwnjmvSU&pos=HCOM_CH&original_destination=https%3A%2F%2Fde.hotels.com%2F%3Flocale%3Dde_CH&locale=de_CH&affcid=HCOM-CH.DIRECT.PHG.1100l95727%2CHCOM-CH.DIRECT.PHG.1100l95727&rffrid=aff.hcom.CH.038.000.1100l95727.kwrd%3D1011lwnjmvSU%2Caff.hcom.CH.038.000.1100l95727.kwrd%3D1011lwnjmvSU&siteid=300000014

Request Chain 24

https://legas.com.ua/images/footer_bg.jpg HTTP 302
https://legas.com.ua/images/footer_bg.jpg HTTP 302
https://legas.com.ua/images/footer_bg.jpg

Request Chain 61

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 66

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 166

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC0iuh6P5QwokxPbHoI62I4&google_cver=1

Request Chain 167

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y4BOO6q71zLOKv1Z4u-igQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC0iuh6P5QwokxPbHoI62I4&google_cver=1

Request Chain 168

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEFJnmYpOLPPX8uwTX9tPmK4&google_cver=1

Request Chain 169

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY3MjU3NTIyNjY5MTE5ODExNw%3D%3D

Request Chain 189

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJi5WOdht9AHF7ZRFkLCOto&google_cver=1&google_push=ASkJ3FaUBoSdIdX5U5-v_pxmV7OqaFEffmtVFb_d3aePRq13rYFQw7OReIK1gujeJybFIdcnCEQTsTvmARnqFmJsM3q36cRYo6g HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJi5WOdht9AHF7ZRFkLCOto&google_cver=1&google_push=ASkJ3FaUBoSdIdX5U5-v_pxmV7OqaFEffmtVFb_d3aePRq13rYFQw7OReIK1gujeJybFIdcnCEQTsTvmARnqFmJsM3q36cRYo6g&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=P5eVgRJFQFacobx_qiA3NA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FaUBoSdIdX5U5-v_pxmV7OqaFEffmtVFb_d3aePRq13rYFQw7OReIK1gujeJybFIdcnCEQTsTvmARnqFmJsM3q36cRYo6g

Request Chain 190

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIHqBMK_jOVFlV1LkWbLQwU&google_cver=1&google_push=ASkJ3FYtf6UWte2UkETU1Pe7dzsbAJthpBZ75-gspT135bNFgu4oxbySfo-T34FRMMz8p4C0i_VKWI_-v9idB0gMuE0uySdu-uU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEFXMU9QVVotMVktNVdFRQ==&google_push=ASkJ3FYtf6UWte2UkETU1Pe7dzsbAJthpBZ75-gspT135bNFgu4oxbySfo-T34FRMMz8p4C0i_VKWI_-v9idB0gMuE0uySdu-uU

Request Chain 191

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFmAq6gsN59c3kv_dZps1gI&google_cver=1&google_push=ASkJ3FbqwVVEv3nJsyTQhXxmodzgOkxrirFwDuiFGr6cwmjFz9k7grB2VjtaHk9uvphBIY-X7uPzcxsLAHwIm8noycmRbiav2zQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFmAq6gsN59c3kv_dZps1gI&google_hm=Y4BOO6q71zLOKv1Z4u_igQAADRkAAAAB&google_nid=index&google_push=ASkJ3FbqwVVEv3nJsyTQhXxmodzgOkxrirFwDuiFGr6cwmjFz9k7grB2VjtaHk9uvphBIY-X7uPzcxsLAHwIm8noycmRbiav2zQ

Request Chain 203

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEM0bAqayRZrBSX237Zf95R8&google_cver=1&google_push=ASkJ3Fbn8eDi1PXpBLJrQmYLCB8T5MQ_8ak2Me--fKpqOrMFZS62Wn6jnufQpEABTXj4iHWx1ruoij5kpucTCvDxU2cFXGZpU_Ub HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ASkJ3Fbn8eDi1PXpBLJrQmYLCB8T5MQ_8ak2Me--fKpqOrMFZS62Wn6jnufQpEABTXj4iHWx1ruoij5kpucTCvDxU2cFXGZpU_Ub&google_hm=0s4vkShdXuPmwpiaSY4awg

Request Chain 206

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJi5WOdht9AHF7ZRFkLCOto&google_cver=1&google_push=ASkJ3FbLxvndanE1ixreW5JefKlXNEn41ffMklAVkU93xopF0S1a7vORInu4A3CA_sAqELnnQ1EhDVZ5p3524weUYoFSqauSmSO- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=P5eVgRJFQFacobx_qiA3NA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FbLxvndanE1ixreW5JefKlXNEn41ffMklAVkU93xopF0S1a7vORInu4A3CA_sAqELnnQ1EhDVZ5p3524weUYoFSqauSmSO-

Request Chain 207

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIHqBMK_jOVFlV1LkWbLQwU&google_cver=1&google_push=ASkJ3FYuot_7RiooQobHQeHf45WzwNeTbN-g7WoO3gC5sqN-Ih8qLGI8sOizCBtgE_JqS5MaIu6VHpEYNp4ugRiSiO5-KDpADQE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEFXMU9QWVctMVUtM01CUg==&google_push=ASkJ3FYuot_7RiooQobHQeHf45WzwNeTbN-g7WoO3gC5sqN-Ih8qLGI8sOizCBtgE_JqS5MaIu6VHpEYNp4ugRiSiO5-KDpADQE

Request Chain 208

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFmAq6gsN59c3kv_dZps1gI&google_cver=1&google_push=ASkJ3FY7DgM2ru-5DIS3L042Wg_UWtmODUGbTNzhW-1tSJKWIaGnpNHMkapqWPSvtWHVYtBkIoNtlMCVafVTjyOOOvuaP7kXCHg HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFmAq6gsN59c3kv_dZps1gI&google_hm=Y4BOO6q71zLOKv1Z4u_igQAADRkAAAAB&google_nid=index&google_push=ASkJ3FY7DgM2ru-5DIS3L042Wg_UWtmODUGbTNzhW-1tSJKWIaGnpNHMkapqWPSvtWHVYtBkIoNtlMCVafVTjyOOOvuaP7kXCHg

Request Chain 216

https://gcdn.2mdn.net/videoplayback/id/5e49592713959872/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1700889020/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/96AC59E423A1E2F979B3EA5D7C0AA5D371C71D30.63FF5A373F221479A0D29FC75296FF001976DC32/key/ck2/file/file.mp4 HTTP 302
https://r5---sn-4g5lzne6.c.2mdn.net/videoplayback/id/5e49592713959872/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1700889020/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/46DE75120A7C1437D179101BBB568DE4E3334A7A.71DA52F0E7609761F0DD7EAD61F5A68B9C556979/key/cms1/cms_redirect/yes/mh/F6/mip/2a01:4a0:2c::6/mm/42/mn/sn-4g5lzne6/ms/onc/mt/1669352848/mv/u/mvi/5/pl/43/file/file.mp4

231 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
legas.com.ua/
Redirect Chain

http://legas.com.ua/
https://legas.com.ua/
https://legas.com.ua/
https://legas.com.ua/
https://legas.com.ua/
https://legas.com.ua/

85 KB
17 KB

731ms
731ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://legas.com.ua/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6e669fff4c88abc4386df50eeb04a23eafc9e5d3a79fa8b9d71a08ce9b027802

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 76f7e06e4dae7566-LHR
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 25 Nov 2022 05:10:14 GMT
expires: -1
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LexG9udCbkiV3sdfG7cUteKOXG36QzS5xEbxJ6Wwf47bYLyIgZuWoFUjZAnd0ykDXhy2pw5IjhfuYHS79baZlhcAy7RZbbNYy8tpmff6CJ%2BSIxL6lAtdcfAM1uOSjd6j0vIpufV28o0Pnbw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-aspnet-version: 2.0.50727
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 76f7e06cfd077566-LHR
date: Fri, 25 Nov 2022 05:10:13 GMT
location: /
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J71XC6qAFMyCyvnIdR7RsTTRqxw0%2F9cgCeL4LUeYFBUHm1vD9jtAmMxq%2BKXa%2BgBRnvVEVWOgJwIBI1mlrqFT0OjLmTP4ECwviCY%2BhUL6qrqaFmq9qrF5lgvRJHX9TLCsFnF4eRKqPDOudQo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3

200

style.css
legas.com.ua/css/
Redirect Chain

https://legas.com.ua/css/style.css
https://legas.com.ua/css/style.css

5 KB
1 KB

352ms
352ms

Stylesheet
text/css

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://legas.com.ua/css/style.css
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 64f4ced5d55df1d2b68756fbeffafd50b5d09c3ad7703f89a0660269a4ea3a54

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Fri, 25 Nov 2022 05:10:14 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 04 Jan 2021 23:58:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"f6485582f5e2d61:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tb1q5efxIInSCu5w68CgHwmKLLa52st13zBGdwRK9WrNWWFftbV%2FV4lz6kSVhxKBol2VQSRrNEUGVU49rYengXsvkTWj9znRJ%2BdskhQZppQ4rthJfks3fOU8VIjmI7QnGiDj%2B0p4poZ%2BNb4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 76f7e074287d7566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:14 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T5kwq2sIi02M6a4MgNcK%2FdjVSCXSir5LNG3ZgLKDX7TaEpqwLrEgbXgnrjGHGKW015X9Z%2B9wFcWIxumCuuPmPrlVrGifmr8voWEeIDOfE3otF1x5Uh6bldIhbNrf9TMSHYQLrx1L5Gp4yBU%3D"}],"group":"cf-nel","max_age":604800}
location: /css/style.css
cache-control: max-age=14400
cf-ray: 76f7e072efe77566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3

200

jquery-1.4.2.min.js Show response
legas.com.ua/js/
Redirect Chain

https://legas.com.ua/js/jquery-1.4.2.min.js
https://legas.com.ua/js/jquery-1.4.2.min.js
https://legas.com.ua/js/jquery-1.4.2.min.js

87 KB
28 KB

597ms
597ms

Script
application/javascript

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://legas.com.ua/js/jquery-1.4.2.min.js
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 8d61bc67c5b06bbd0e0787fc1e661c2fb58ba72c46b7b05ca3ee94c20e599130

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Fri, 25 Nov 2022 05:10:15 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 04 Jan 2021 23:59:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"567c5795f5e2d61:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oivCenm6qlUmJ1J2Jt7gHMn2T6BiG8w8VsI8VoClmQtKVlnucxaEYRaByZh0cwI5gVyIoBUPXxaM9hv3AtpbB1BuXkKZKBK0u8nvZ0TjbQmQy%2FSaI6Sui6HtlRFENEtZdoLhK7sbsjTuvRo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 76f7e07589217566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:14 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LN0vOO31rVPAlKNKlrM4v7I3DPsT3OIEnj7QJEHGrNpY2UbzD%2B2OmTbKiPObCsaUW5VaVSIrleqTCuHkhxGugPNsn38XIDdsHDvZHYJxVIANLYYPYyGKM53JWNNn%2FxXa4tJmeOFHQYloHds%3D"}],"group":"cf-nel","max_age":604800}
location: /js/jquery-1.4.2.min.js
cache-control: max-age=14400
cf-ray: 76f7e07438897566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3

200

logo.jpg
legas.com.ua/images/
Redirect Chain

https://legas.com.ua/images/logo.jpg
https://legas.com.ua/images/logo.jpg

30 KB
30 KB

482ms
480ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/logo.jpg
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 79d43d860bcaf8b62c343669b1c7c7acf20a83d0a35ade74f875c8157e71bbd4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:15 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 30504
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:58:58 GMT
server: cloudflare
etag: "1fa77791f5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z6kI%2BBYQl%2B1%2F%2Bxi1naUIefeVBgVCBisj9PJNW7SEZpJIvMxwAo%2FYfzvyGKEat29qDjFlU8K8kQ9TH%2B7qpTK5whU8b7Dy2nZv15LXqu%2F1%2Bjma6djWdAOlPeWflgmelQblc7FT%2Fzitr6lUxNU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f7e07afb797566-LHR

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:15 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zmw7gx479fRGIpy2T%2BabzhkHxYS0Zl6PVG9pZn3dLucI5O2AkeMltnSO0YuXiqpwsnnS8fmtK36pmW3OQMNtteZobsyqbJBjpqi6tG5J0ANnyBzPIjJfVcCsJRLC7VEpQoMgrH8O%2BKaY9UQ%3D"}],"group":"cf-nel","max_age":604800}
location: /images/logo.jpg
cache-control: max-age=14400
cf-ray: 76f7e0799aef7566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3

200

caddy_seats_new2.gif
legas.com.ua/images/ad/
Redirect Chain

https://legas.com.ua/images/ad/caddy_seats_new2.gif
https://legas.com.ua/images/ad/caddy_seats_new2.gif
https://legas.com.ua/images/ad/caddy_seats_new2.gif

69 KB
69 KB

601ms
601ms

Image
image/gif

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/ad/caddy_seats_new2.gif
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 21583f7002df3434278d0ac87cde6b062999b39689e75945e152f8a5e75ef7fe

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:16 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 70616
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:59:03 GMT
server: cloudflare
etag: "beb02894f5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8aPoxPnGDc%2BErxdCghep7ud%2FVq9gvKp5Wfw229MuyW1RDTuqxSDiIhJd2mv19hiizX6xNQz%2BSKfyC5ccswlYFo%2BcTCFCX6cathfzlYc8%2F8lMG1%2BbBYEHmvnZ2OkDpc5WJFQOt%2FVhbpQ8GmI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f7e07c5bf67566-LHR

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:15 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y76ylOX7ry4DE3XTQEwG0OLPzg6NlfnxbgnE%2BICBMcI8Ha07Sg2QbBae5BPh%2FqpPVttyECrefKiDihCXHd64U9ohTeG8rq27hwTVEJxmUYzsyJQmlnRtojIbtIIMYJHVTeM7tHSLwugtcEY%3D"}],"group":"cf-nel","max_age":604800}
location: /images/ad/caddy_seats_new2.gif
cache-control: max-age=14400
cf-ray: 76f7e07afb7a7566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 404 AAR-1.gif
caddy.com.ua/components/com_jshopping/files/img_products/ 0
0 961ms
77ms Image
text/html 31.131.16.29
VPS-UA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://caddy.com.ua/components/com_jshopping/files/img_products/AAR-1.gif
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 31.131.16.29 , Ukraine, ASN56851 (VPS-UA-AS, UA),
Reverse DNS: 29.16.131.31.uashared05.twinservers.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2

500

/
www.meteoprog.com/ua/informerget/
Redirect Chain

https://www.meteoprog.ua/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00
https://www.meteoprog.com/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00

0
171 B

217ms
82ms

Image
text/html

49.12.116.255
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.meteoprog.com/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H2
Server: 49.12.116.255 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.255.116.12.49.clients.your-server.de
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:15 GMT
last-modified: Fri, 25 Nov 2022 05:10:15GMT
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://www.meteoprog.com/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00
date: Fri, 25 Nov 2022 05:10:15 GMT
server: nginx
content-length: 162
content-type: text/html

GET
H3

200

poll.jpg
legas.com.ua/images/
Redirect Chain

https://legas.com.ua/images/poll.jpg
https://legas.com.ua/images/poll.jpg

2 KB
2 KB

350ms
349ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/poll.jpg
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a6e648923be27227370e476a3fe1b29b7d43f486b80ffb409a04d7b6ef3909ca

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:15 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1616
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:58:59 GMT
server: cloudflare
etag: "6e56a791f5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NWN4zfjlJAen0CsOgqNoeGolCEHNCh%2F%2FpR0PQTGnAMxidUkYIXCrKjq%2FEE1udLnWlxmzaX8Re%2FYyv1Bjl7IeuuKhTIW5oZX6ZXjIQU2zAUU7LDxuFzS2GtwHBF1UFT%2BxOYcAgq3HREBs4qY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f7e07afb7c7566-LHR

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:15 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xUqTrYUyjkRBw0PU4Py9cIAFx9CaZVTCNzzhmSuNT6AZJmndyk5K%2BQpknvfMAPLnWX1qw0UCXWF5Oc4sOYutAyNNxrRr7YGHxSIlli9pu8wVseU0hu9TbYBxb1dgJVeSPPfrXjN6onpf5fs%3D"}],"group":"cf-nel","max_age":604800}
location: /images/poll.jpg
cache-control: max-age=14400
cf-ray: 76f7e079aaf47566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3

200

arrow.jpg
legas.com.ua/images/
Redirect Chain

https://legas.com.ua/images/arrow.jpg
https://legas.com.ua/images/arrow.jpg
https://legas.com.ua/images/arrow.jpg

349 B
874 B

327ms
320ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/arrow.jpg
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6edbf13af2f07f3ff6cf1b7ab649b8c6c28d247f2d7750a8593bd534de07d744

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:16 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 349
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:58:51 GMT
server: cloudflare
etag: "a7af18df5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kf8nCZ%2FMnjbsNIhzScm%2FQjozAXlWlZQDRwvXR4tXdmUApODKARcBmvc0LMb5Jf%2BrqixZh%2F1DWjGiFjEIig3RdvlLwmRmV0yuUWPQZaBsxKRoV6SpjnC2CYYXRI3rC1rtsG3PAkzXtwmr5bU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f7e07c7bff7566-LHR

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:15 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FOaVYKr0NGC7bMAnx11jcqGdVZ4kRmtUcOF%2BpuJdbAEMBpSCPgQswbrcObnbO335rXFJzBisa6tGBIDqZRE7JTujbLiiTcQGjYTYLv9eh2aK9jPVROx5cB8f5sohEE0cxJ6vR5SxGKAOhJ4%3D"}],"group":"cf-nel","max_age":604800}
location: /images/arrow.jpg
cache-control: max-age=14400
cf-ray: 76f7e07afb7b7566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 99 KB
34 KB 216ms
94ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47fc690a1d42ae135b682d2b2e2c8d6657f9f4639cbfc9ff05c3779424381397

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34208
x-xss-protection: 0
server: cafe
etag: 4621386458030002599
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 25 Nov 2022 05:10:14 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
48 KB 202ms
83ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16557bd84fd793d59a2c7602d94157cfeae2a155d71b2aa01755f9216e379eba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49239
x-xss-protection: 0
server: cafe
etag: 5878567845285872368
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 25 Nov 2022 05:10:15 GMT

GET
H2 404 current_traffic_150.gif
info.maps.yandex.net/traffic/kiev/ 0
0 403ms
102ms Image
text/html 2a02:6b8::130
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://info.maps.yandex.net/traffic/kiev/current_traffic_150.gif
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6b8::130 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 404 script.js
cpa.com.ua/get_js/ 0
0 643ms
481ms Script
text/html 2606:4700:3033::6815:2c6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpa.com.ua/get_js/script.js?aid=90
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2c6c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 149 KB
55 KB 198ms
75ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N2VDHS

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

23159ebe826dccc3e40a82e4517027fc3a29ad226b585fbfc3b2097754b6a48f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55420
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 25 Nov 2022 05:10:15 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 182ms
59ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5d62faa1903e4b62b39a6d686fdeb3d4328f315ec5e6c7d3f71d5b6d6b857734

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 25 Nov 2022 05:10:15 GMT
content-md5: UjdioSj/ULoBHgkUz/WGhQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1684
x-fb-rlafr: 0
x-fb-debug: KEoIi097bUHmlvaMYexoG7Ejw9uMouHRwjaku3M+V+bztUOaHuanlNTmTF1k8vFXyKrAf0eXFxErsng5xkJfHw==
x-fb-trip-id: 686109401
x-fb-content-md5: 35b4fd4f082a82e41927a015753c010c
cross-origin-opener-policy: same-origin-allow-popups
etag: "fce2b5900201ec9275ee35ccbf6e47c0"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
priority: u=3,i
expires: Fri, 25 Nov 2022 05:28:25 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 171ms
54ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 25 Nov 2022 03:15:54 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 6861
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Fri, 25 Nov 2022 05:15:54 GMT

GET 155
a1.admaster.net/a/10507/ 0
0

GET
H3

200

bg.jpg
legas.com.ua/images/
Redirect Chain

https://legas.com.ua/images/bg.jpg
https://legas.com.ua/images/bg.jpg
https://legas.com.ua/images/bg.jpg

374 B
897 B

326ms
324ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/bg.jpg
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/css/style.css
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a86b3a844dad8b4c5673af644a74b9046f920772bfc75d0f5fa0704d19510d2e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:16 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 374
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:58:53 GMT
server: cloudflare
etag: "4fb55d8ef5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2J76kyeCXh32lkePbeQLynx0d3BON7wm8prZ72Zcd4hd8aI7X7hos7fOj051d%2BM9RdPgZxMbePjD7qyHusAPq1J0KOjHwk%2BvmnlEzc%2BlFEvYkFTjIyQL06aMYPrLD5nhSIYBEtX8bGXuQOU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f7e07c6bfb7566-LHR

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:15 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EK3EbQ53l3f%2BwLE7mV2zz3pynPzBkeuR3q3O45C37p%2FNZ3KeqpDYouNqbRtNRU4Fkj%2BtvuunMiJRMdKxTGGkkca1w1%2BIWYRDDTbnwZsdmtonQ5v6gc1kFv4fM6KqVGw7OrhsmD7WMCA%2BWCc%3D"}],"group":"cf-nel","max_age":604800}
location: /images/bg.jpg
cache-control: max-age=14400
cf-ray: 76f7e07afb7e7566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3

200

menu_bg.jpg
legas.com.ua/images/
Redirect Chain

https://legas.com.ua/images/menu_bg.jpg
https://legas.com.ua/images/menu_bg.jpg
https://legas.com.ua/images/menu_bg.jpg

1 KB
2 KB

321ms
319ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/menu_bg.jpg
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/css/style.css
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 720b21233cc3f5ac1443ecb48e8807913f0927ee4ffd04d805b76aa2b93bed2b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:16 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1106
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:58:59 GMT
server: cloudflare
etag: "c4928391f5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B31vGD0%2FwXinPrgnNo7Lp9jlVxnh7O3FSh7JkvZ0W56c18KRlDGob3YqcLNH%2FCaZf%2FzFfVROuf9GGioM0UskdIIqegFmM92b6WUPN9yWIvSk%2B%2FytvKSkHAmbVcTgAjugyGWGc0EiBjvTQrg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f7e07c6bfc7566-LHR

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:15 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ytTFH9KcapiKkm9q2sZ07RW77Epm6C4GrD2q4u4FqzIJeF1BVF0ur6vj8TYwAQ%2FVhPNQ51wRHzOsZ%2Fk6A%2FmPNqqF4RXFLAaNRu%2FQwUbf1vAN01QVGxQ0eWhqHVeykIc%2FmAygeTuffv83oWU%3D"}],"group":"cf-nel","max_age":604800}
location: /images/menu_bg.jpg
cache-control: max-age=14400
cf-ray: 76f7e07afb7f7566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

200

/
ch.hotels.com/
Redirect Chain

https://040510111616.c.mystat-in.net/?i040510111616&t4&g27&w1600&c24&r&v3&j0
https://resistcorrectly.com/w
https://hlmiq.com/to2/hotels.ch/
https://de.hotels.com/?locale=de_CH&pos=HCOM_CH&rffrid=aff.hcom.CH.038.000.1100l95727.kwrd=1011lwnjmvSU&affcid=HCOM-CH.DIRECT.PHG.1100l95727&afflid=1011lwnjmvSU&original_destination=https://de.hote...
https://ch.hotels.com/?afflid=1011lwnjmvSU%2C1011lwnjmvSU&pos=HCOM_CH&original_destination=https%3A%2F%2Fde.hotels.com%2F%3Flocale%3Dde_CH&locale=de_CH&affcid=HCOM-CH.DIRECT.PHG.1100l95727%2CHCOM-C...

0
0

688ms
663ms

Image
text/html

2a02:26f0:1700:384::277d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ch.hotels.com/?afflid=1011lwnjmvSU%2C1011lwnjmvSU&pos=HCOM_CH&original_destination=https%3A%2F%2Fde.hotels.com%2F%3Flocale%3Dde_CH&locale=de_CH&affcid=HCOM-CH.DIRECT.PHG.1100l95727%2CHCOM-CH.DIRECT.PHG.1100l95727&rffrid=aff.hcom.CH.038.000.1100l95727.kwrd%3D1011lwnjmvSU%2Caff.hcom.CH.038.000.1100l95727.kwrd%3D1011lwnjmvSU&siteid=300000014
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H2
Server: 2a02:26f0:1700:384::277d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:17 GMT
strict-transport-security: max-age=31536000
x-b3-traceid: 41fcd73b857e42ce9ed04c896e761d91, b7bf4aa25304d0e4b5d08531e0c98f67
vary: User-Agent
location: https://ch.hotels.com/?afflid=1011lwnjmvSU%2C1011lwnjmvSU&pos=HCOM_CH&original_destination=https%3A%2F%2Fde.hotels.com%2F%3Flocale%3Dde_CH&locale=de_CH&affcid=HCOM-CH.DIRECT.PHG.1100l95727%2CHCOM-CH.DIRECT.PHG.1100l95727&rffrid=aff.hcom.CH.038.000.1100l95727.kwrd%3D1011lwnjmvSU%2Caff.hcom.CH.038.000.1100l95727.kwrd%3D1011lwnjmvSU&siteid=300000014
x-edgeconnect_guid_debug: ,
cache-control: max-age=0, no-cache, no-store
x-cgp-info: noJvmRouteSet;736ca6a4-6c7f-11ed-ab76-0242922fae80
trace-id: 41fcd73b-857e-42ce-9ed0-4c896e761d91
content-length: 0
x-client-ipv6: true
expires: Fri, 25 Nov 2022 05:10:17 GMT

GET /
c.bigmir.net/ 0
0

GET
H2 200 s
r.i.ua/ 2 KB
3 KB 334ms
231ms Image
image/png 104.18.2.81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.i.ua/s?u66180&p62&n0.11438201470665899&c1&d24&w1600&h1200&r/legas.com.ua/
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.81 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7aa592ceada24a186390ab6bdad0e999d1ddb96f5fb77b8da7f2d68bb538268c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:15 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/png
p3p: policyref="http://i.i.ua/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
cache-control: no-cache, must-revalidate
cf-ray: 76f7e07a5cf074ed-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/ 354 KB
116 KB 179ms
95ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_with_ama_fy2021.js?client=pub-8431813121812491&plah=legas.com.ua&bust=31070969

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e4a4326209997a077d9078967eb02c86ac6dd7780d0871ae7739c5e49f21526f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119174
x-xss-protection: 0
server: cafe
etag: 7046955651309407837
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 25 Nov 2022 05:10:15 GMT

GET 1322
g.novostimira.biz/l/ 0
0

GET
H/1.1 200
Ok ya.ru
clck.yandex.ru/click/dtype=stred/pid=30/cid=1529/*http:// 43 B
587 B 336ms
101ms Image
image/gif 2a02:6b8::14
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://clck.yandex.ru/click/dtype=stred/pid=30/cid=1529/*http://ya.ru

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::14 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

7e928161cd626935d39ff08188caa3f3a918811ca87194082dedf28b697ce6fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Cache-Control: no-cache
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Content-Type: image/gif

GET
H3

200

footer_bg.jpg
legas.com.ua/images/
Redirect Chain

https://legas.com.ua/images/footer_bg.jpg
https://legas.com.ua/images/footer_bg.jpg
https://legas.com.ua/images/footer_bg.jpg

307 B
831 B

316ms
316ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/footer_bg.jpg
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/css/style.css
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 59729251e018160eeed443c848fa5fd802b40e984b5afe60560c3cbe9d7b4612

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:16 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 307
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:58:56 GMT
server: cloudflare
etag: "a93d4b90f5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yg2UhCaxG1qCjTQ2ABmoOMJMaYWaWf%2BGVN37j8ZeTLrJdOX99DkAiiX9vPrMLr%2FlpXaAFCnCWVGfWCi3UXupln4pUN34GYjIOs9W3VRaVb0zlxx%2B2IeiYZXNa6N8j3heMX2AhyJZs8S2Ing%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f7e07cac1b7566-LHR

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:15 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q%2Bi6eLKW62B0%2BeWKYlmMFgF7MWDF%2B30lOSd%2F6NbdayL8QJ3zANEa1aRtIhZRkjYIdOt0adQcOB%2BZOHFvnsXYEB%2B%2FfTVMHBkBWys3aiXyBgfLMxDmTO4Q6w95xrghVdBFSuG77evrPiPmUP0%3D"}],"group":"cf-nel","max_age":604800}
location: /images/footer_bg.jpg
cache-control: max-age=14400
cf-ray: 76f7e07b6ba47566-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 306 KB
86 KB 123ms
57ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=d4ddd1429bf0e7a6a799deafff31abee

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9922364eff0c3700217ea21618f38bb4137d17a27615c0b54f5c60e1171eb1a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://legas.com.ua/
Origin: https://legas.com.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 25 Nov 2022 05:10:15 GMT
content-md5: L+PRn3RBPJzBJB1jCa0cfw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88357
x-fb-rlafr: 0
x-fb-debug: arPsKIp6RDmlFPNR1NrYpOi+LJ3iWgLX1ummhVgLqI4muicykOBR70jhXbQZj6DMGrWIaydaaPaaI0KoWmcgkw==
x-fb-content-md5: 143aa07746e53fb254feb88a2eded4fe
cross-origin-opener-policy: same-origin-allow-popups
etag: "2e1b7150e509e4aca4ca4e3989a9254c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 25 Nov 2023 03:37:52 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 179ms
64ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1745263470&t=pageview&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1583205892&gjid=1863644850&cid=1703342002.1669353015&tid=UA-9703351-1&_gid=987223809.1669353015&_r=1&_slc=1&z=160557066

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://legas.com.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://legas.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/ Frame 502F 10 KB
5 KB 180ms
56ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 59385
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 24 Nov 2022 12:40:30 GMT
etag: 10353107486223812946
expires: Thu, 08 Dec 2022 12:40:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 391 B
695 B 182ms
65ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=legas.com.ua&callback=_gfp_s_&client=ca-pub-8431813121812491&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_with_ama_fy2021.js?client=pub-8431813121812491&plah=legas.com.ua&bust=31070969

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05273e9bb8ec0f8f92a9c1895e85fa5a2c18c9b0ae9a6e510c15a3c9d56ed09f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 251
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 186ms
62ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=legas.com.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 195ms
64ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=legas.com.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3E4D 430 B
406 B 245ms
191ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1486316043&pi=t.ma~as.2642460384&w=468&lmt=1669353015&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015304&bpp=16&bdt=1107&idt=347&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&correlator=4076884363074&frm=20&pv=2&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=EvLvJQ9AmK&p=https%3A//legas.com.ua&dtd=385

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4fc2e6d03d7326e141d3c0926e3bd8b92629d69d60c11ace027b64454d45ae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 207
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 05:10:15 GMT
expires: Fri, 25 Nov 2022 05:10:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 25B7 93 KB
34 KB 482ms
439ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1365725250&pi=t.ma~as.2642460384&w=468&lmt=1669353015&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015326&bpp=4&bdt=1130&idt=368&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=mmU4kfP8SO&p=https%3A//legas.com.ua&dtd=374

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9fc982811791831f2f9189914d4a77fd8b2864d18ae90701ecadc281742ed3d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 34689
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 05:10:16 GMT
expires: Fri, 25 Nov 2022 05:10:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
436 B 179ms
56ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-9703351-1&cid=1703342002.1669353015&jid=1583205892&gjid=1863644850&_gid=987223809.1669353015&_u=IEBAAEAAAAAAACAAI~&z=660495660

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://legas.com.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 25 Nov 2022 05:10:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://legas.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A2CA 79 KB
27 KB 328ms
304ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=600&slotname=3398747635&adk=240658524&adf=1605720054&pi=t.ma~as.3398747635&w=160&lmt=1669353015&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015340&bpp=12&bdt=1143&idt=376&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384%2C2642460384&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1179&ady=2285&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=niggdgF3jh&p=https%3A//legas.com.ua&dtd=380

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffa6dd5ebd840a9a1953cb5e601dc36207d79f31dbab0443e2a5fb6a2c94b5e1

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CL_8iszIyPsCFdTdEQgdCpAEeg&gqi=N06AY-e0L7CK9u8P6a2r-Ao&layout=/sadbundle/%24csp%253Der3%24/4687128324995022848/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 26983
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CL_8iszIyPsCFdTdEQgdCpAEeg&gqi=N06AY-e0L7CK9u8P6a2r-Ao&layout=/sadbundle/%24csp%253Der3%24/4687128324995022848/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 05:10:16 GMT
expires: Fri, 25 Nov 2022 05:10:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6B20 23 KB
10 KB 210ms
201ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=250&slotname=8161031849&adk=4210853449&adf=3405296861&pi=t.ma~as.8161031849&w=300&lmt=1669353015&format=300x250&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015603&bpp=2&bdt=1407&idt=123&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&prev_slotnames=2642460384%2C2642460384%2C3398747635&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1109&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=vJwtd18H85&p=https%3A//legas.com.ua&dtd=131

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe695186b12c42f2be6b19592b5171c3396030f5db022e996cda2a22a27a13b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 10485
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 05:10:15 GMT
expires: Fri, 25 Nov 2022 05:10:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 6B20 3 KB
2 KB 1240ms
544ms Script
application/x-javascript 103.229.205.243
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVRoaE1EZ3dNVFl0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg2NjU3OTEyMzg3MjM5NDE2MzAvMTExNDc2MTEvMTI2NzM3MjAvNC9LaWFtVm4zck9OX25EQmZGQ3oxTFRZT0NPbmNZZkhZOFJfMWFZcm9COENBLzEvNC8wLzAvMjAyNTA5My8wLzIxNTU0My8xMjUxMzY2LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODY2NTc5MTIzODcyMzk0MTYzMC96cmgvMC85MTc4LzE3Lzk5OS8yNTgvMmEwMTo0YTA6MmM6Oi8wLjAwMC8xNjY5MzUzMDE1LzE2NjkzNjU2MTUvNC9wdWItODQzMTgxMzEyMTgxMjQ5MS8/ViqVho3O_3UE7cYV26jtEqJPX_A&nodeid=3753&group=zrh&auctionid=8665791238723941630&pbs_auctionid=8665791238723941630&shardkey=8665791238723941630&sid=12673720&cid=11147611&bp=a_befcig&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.146&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8a_EN06AY5mVMNeZgQfwmp7wDM-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItODQzMTgxMzEyMTgxMjQ5McgBCagDAaoE1QFP0MpwZnLRCQ1FhPFWCyBs_PyM-qyxyQfyJgioJx9NkZyKk-RCnio4G4DVoe48CMBJnHdYBMpPF_mgOSXpZwLpRzAGarq1CjNBiWfSfgr2h9LgubiCQVkiOrTGYvDdY-woUAEjapvsiXM3wZnq8UaMnD-OrxEYirwroysHCZbpqiAiSFuCkcUkQi7WqSvp14ZOiInU9jqPr9Vk0HIhgc-ail7BL0p63gbmXKIRPsMHDBnb8zqMBhyGQ94Tghpgq-m0BLaLbx7f5s-QACTU-FGkOU_E9XKABrHqh6yLmZXE6QGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2X3pmMCZxeSgXifUqRPUzNMDB7hg%26client%3Dca-pub-8431813121812491%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=250&slotname=8161031849&adk=4210853449&adf=3405296861&pi=t.ma~as.8161031849&w=300&lmt=1669353015&format=300x250&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015603&bpp=2&bdt=1407&idt=123&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&prev_slotnames=2642460384%2C2642460384%2C3398747635&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1109&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=vJwtd18H85&p=https%3A//legas.com.ua&dtd=131
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.229.205.243 , Singapore, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.372.0 /
Resource Hash: 6e40736d8d08da2e2779248322d55fc631d5dbc2c7899d1aeae0079594ea869a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Nov 2022 05:10:17 GMT
x-mm-nodeid: 3753
Content-Encoding: gzip
x-mm-bid-request-time: 1669353015
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: close
x-mm-handled-by-owner: true
Last-Modified: Fri, 25 Nov 2022 05:10:15 GMT
Server: MMBD/3.372.0
x-mm-latency: 260 (1)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: nrt-router-x13, zrh-bidder-x14
x-mm-lag: 1
Expires: Fri, 25 Nov 2022 05:10:16 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 6B20 3 KB
1 KB 230ms
107ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=250&slotname=8161031849&adk=4210853449&adf=3405296861&pi=t.ma~as.8161031849&w=300&lmt=1669353015&format=300x250&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015603&bpp=2&bdt=1407&idt=123&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&prev_slotnames=2642460384%2C2642460384%2C3398747635&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1109&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=vJwtd18H85&p=https%3A//legas.com.ua&dtd=131

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 20:49:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30040
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 20:49:36 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 6B20 18 KB
8 KB 176ms
53ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 16:34:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45364
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 16:34:12 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6B20 154 KB
48 KB 327ms
77ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 05:10:16 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6B20 0
0 217ms
101ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cq0p8N06AY5mVMNeZgQfwmp7wDM-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItODQzMTgxMzEyMTgxMjQ5McgBCagDAaoE0gFP0MpwZnLRCQ1FhPFWCyBs_PyM-qyxyQfyJgioJx9NkZyKk-RCnio4G4DVoe48CMBJnHdYBMpPF_mgOSXpZwLpRzAGarq1CjNBiWfSfgr2h9LgubiCQVkiOrTGYvDdY-woUAEjapvsiXM3wZnq8UaMnD-OrxEYirwroysHCZbpqiAiSFuCkcUkQi7WqSvp14ZOiInU9jqPr9Vk0HIhgc-ail7BL0p63gbmXKIRfMEmnrVnVz0BolQtm568cgd0oVW-Kq5q0t6fSTUxHgjMVsgYPsKABrHqh6yLmZXE6QGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTg0MzE4MTMxMjE4MTI0OTEYAA&sigh=CMI-c4ZCwUY&uach_m=[UACH]&cid=CAQSGwDq26N9ru_vEGNYSxUFRZIhgcvWFuJ0q4lDjxgBIBM&tpd=AGWhJmuKD3B671LJY9tLVvaxluDTtvumuhslN6BYihlBx6vvXYJCTB-qnnzYlFptPHz9TFb7EJeChZQYRLeO7Pe84XIUZy_SL8_ehreAg23ARVNHNm5zKYRcDZQwveRt8idsAP2AdPYSX2dEvuw9iFI_cNoeSN7YwpBIbHnbJz5sVoNGjx24ZPejcB-fu-n-oXoGaEhrZtjiI6_ki5DhVepQXjY7FohxlpNnQLlzu9Gsb9c2pAUYH7q89j2RJPzXv9YvgCEVxN_Y4E8VUKQGmgmzovHI8hadsE1yd743L0BdQk6aDR6uvA_tkjX3U0X4jEH9zIazIgdx6r89fpi_c_83fPXZHPDHFYHlZXtt2HzF_phaSFHdFg-AfIcU-YNq7rOF-nFsUOteYO0xorQ-HuiqMa03FmOKPesHIJfmfN3zkZot8FSD5nbN6j806wh7sYyU-Zs0oqZp2nWqbdIBMgi1-MjSIs4hRJHtFY8aZYn091b0Sg_0UQEo510YEEa6U_3gpciEXTNbIFDjJw2s6ChvopRS6_TgXSQ6XmR-o0xkUN0bRWzofM1U92u3VBSg00RDjmfbWXqP6uGI254gu4wXPuolbBUWyFt_SmRZkO6KaXJrIYFNMqSE4womXKc2tkSphFBtdifCHorJakVB82uR-sguqFcj0ZUTn9c9E6UPoGyGYhKNxKg7Noh7mO_PstbZoLoFORL7v-5b01P7098eUdMNY2XZY2KnMC482X97UClYXEfWJ3u19vswXoUpuvfsqOlwyCs_ToroP_ukK3zl4Bmctjkofi9-hsYTqNDYutqRx-CaJ90rtQACIfVmX6i4ZwwpbKuqQUdCrzfVov1nimW2HNHYOrM72Q-hS8B0wbB_O7kJ2yc5w1i4m8tpaoXJTcghzv9-xE4Mc3nWfwsy5WnIQhDiOlh5xI5w41ezBDTpe2BVxcSRaYO3z4gNhRiTFgoVcIH3xkGbqieybHWtSnqI03A74YTSyAo5rQhJKZuzHl-Hi0FgqP_ZvJbb_Mtv3z6GMRMrin2zSAJ-Yz2RHHzEi6D7R_bbTpQawm3T8ejugWmjKIhQCQewyxCVrkdiM0-OZGqJ6kDX-S_dMPnjrnXx8ufpfYl49o8wcxNaGGMzMTM4MB_zZTZWjca3YA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=250&slotname=8161031849&adk=4210853449&adf=3405296861&pi=t.ma~as.8161031849&w=300&lmt=1669353015&format=300x250&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015603&bpp=2&bdt=1407&idt=123&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&prev_slotnames=2642460384%2C2642460384%2C3398747635&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1109&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=vJwtd18H85&p=https%3A//legas.com.ua&dtd=131
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 25 Nov 2022 05:10:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 25 Nov 2022 05:10:16 GMT

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/ Frame F69B 728 KB
64 KB 207ms
111ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=600&slotname=3398747635&adk=240658524&adf=1605720054&pi=t.ma~as.3398747635&w=160&lmt=1669353015&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015340&bpp=12&bdt=1143&idt=376&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384%2C2642460384&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1179&ady=2285&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=niggdgF3jh&p=https%3A//legas.com.ua&dtd=380

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22dc7c8c81b9f9f71547187665865406a2b782c54b0bc43d26f3a823987abd32

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 133729
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 63764
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Wed, 23 Nov 2022 16:01:27 GMT
expires: Thu, 23 Nov 2023 16:01:27 GMT
last-modified: Wed, 12 Oct 2022 11:17:37 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame A2CA 0
0 201ms
103ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C4AeLN06AY_-EMNS7x_APiqCS0AfWm9abbfG7jr_aEOz3no2GNhABIPnjvxlglQKgAbrV4-UByAEJqQKYI_vPXHexPqgDAcgDAqoE4QFP0B7SH6SxXWlQNsfl51xR-W31x82WvD7qe_AAS602WZQ-MOM2W-k_oHGkwet0CBmFp223ZHtoZv1saROWR-WwIRoEUsuA-4c1Orz2IMrsTt2ry2q7pZVYz7eUMXgZRjWxq8ffVTADFGvbZX9wl-MyLaQk7jQw7GE1lka0FTfgzbo9yTkch0PJ0k0VVJwulyLVJlEvdgZrVzB5Z12BRHi2r_ydNDUDxAllghIOCOJ9DkCjW8RtxoBonZ2yfnS8TPGBgiAssFmkli9Q8K0cJQV1LRzgCRNsWThZm2zBgTBDtXnABOPB0budBJIFBAgEGAGSBQQIBRgEoAZdgAeuqpyaAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEENODBNIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTg0MzE4MTMxMjE4MTI0OTEYAA&sigh=yR2ztxq8F8w&uach_m=[UACH]&cid=CAQSGwDq26N9gjIGmdru-ayjNS7QYhtZ9ouee1h2RBgBIBM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=600&slotname=3398747635&adk=240658524&adf=1605720054&pi=t.ma~as.3398747635&w=160&lmt=1669353015&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015340&bpp=12&bdt=1143&idt=376&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384%2C2642460384&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1179&ady=2285&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=niggdgF3jh&p=https%3A//legas.com.ua&dtd=380
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 25 Nov 2022 05:10:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 25 Nov 2022 05:10:16 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D90A 143 B
166 B 283ms
69ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=600&slotname=3398747635&adk=240658524&adf=1605720054&pi=t.ma~as.3398747635&w=160&lmt=1669353015&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015340&bpp=12&bdt=1143&idt=376&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384%2C2642460384&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1179&ady=2285&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=niggdgF3jh&p=https%3A//legas.com.ua&dtd=380
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 868
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 04:55:48 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame A2CA 3 KB
1 KB 199ms
106ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 20:49:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30040
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 20:49:36 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame A2CA 18 KB
7 KB 152ms
59ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 16:34:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45364
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 16:34:12 GMT

GET
H2 200 92d0eacbdd534f81de4b06016912d49f.js Show response
www.gstatic.com/mysidia/ Frame 25B7 9 KB
5 KB 276ms
63ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/92d0eacbdd534f81de4b06016912d49f.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1365725250&pi=t.ma~as.2642460384&w=468&lmt=1669353015&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015326&bpp=4&bdt=1130&idt=368&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=mmU4kfP8SO&p=https%3A//legas.com.ua&dtd=374

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdd929f4e7f24ceca1f21a2548a5b7ed985acf6a294ae92beab97c07558de1fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 15:56:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47609
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4142
x-xss-protection: 0
last-modified: Mon, 14 Nov 2022 13:59:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 22 Feb 2023 15:56:47 GMT

GET
H2 200 cc1b8d1e1903d75e43ed2b2152915588.js Show response
www.gstatic.com/mysidia/ Frame 25B7 18 KB
8 KB 279ms
66ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cc1b8d1e1903d75e43ed2b2152915588.js?tag=pingback

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfde0dff7c17f03aab9949cb2d2e922610484ab4f4be0a3cb3f39ee2d0c9203e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 18 Nov 2022 08:18:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 593484
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
last-modified: Fri, 11 Nov 2022 21:18:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 08:18:52 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 25B7 8 KB
1 KB 286ms
74ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 25 Nov 2022 05:10:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 03:36:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Nov 2022 05:10:16 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 25B7 2 KB
765 B 127ms
60ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 11:55:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62101
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 11:55:15 GMT

GET
H2 200 2c96be29c806e6a30d72c34b34031cd2.js Show response
www.gstatic.com/mysidia/ Frame 25B7 5 KB
2 KB 284ms
72ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/2c96be29c806e6a30d72c34b34031cd2.js?tag=analytics_pingback_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

909e4f36928b8676e7947d125e90b8c2baee1afc6c0dead2ddc05a665811470a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 19 Nov 2022 03:02:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 526046
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2003
x-xss-protection: 0
last-modified: Tue, 15 Nov 2022 00:08:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 17 Feb 2023 03:02:50 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame 25B7 23 KB
9 KB 254ms
177ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 11:28:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63699
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9428
x-xss-protection: 0
server: cafe
etag: 246362764157784863
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 11:28:37 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 25B7 3 KB
1 KB 123ms
56ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 20:49:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30040
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 20:49:36 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 25B7 18 KB
7 KB 143ms
66ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 16:34:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45364
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 16:34:12 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 25B7 154 KB
47 KB 386ms
183ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 05:10:16 GMT

GET
H3 200 f7733d2b54a65c984752ab0a98c7def9.js Show response
www.gstatic.com/mysidia/ Frame 25B7 34 KB
14 KB 204ms
57ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f7733d2b54a65c984752ab0a98c7def9.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d028ff06991dab0e77014a91995a9c0d6672a90e68edc339cd62a566fe361ace

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 15:56:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47645
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14118
x-xss-protection: 0
last-modified: Mon, 14 Nov 2022 13:59:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 22 Feb 2023 15:56:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A2CA 154 KB
47 KB 209ms
151ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 05:10:16 GMT

GET
DATA 200
OK truncated
/ Frame A2CA 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 304fdb8852051f3310a9453c526fc28bab0c32c5e55c6216d677ca2290baea31

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame F69B 6 KB
674 B 73ms
73ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway:800,300,600,700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3a4961c1ae6e8496067150f54acfa06b0026a5525978c24075d5636d33531fb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 25 Nov 2022 05:10:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 04:39:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Nov 2022 05:10:16 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame F69B 16 KB
6 KB 208ms
77ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 04:14:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3372
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 26 Nov 2022 04:14:04 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame F69B 34 KB
13 KB 211ms
81ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 19:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33430
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 25 Nov 2022 19:53:06 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D90A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

75ms
75ms

Document
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 05:10:16 GMT
expires: Fri, 25 Nov 2022 05:10:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 05:10:16 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 25B7 0
0 119ms
119ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CBIYtN06AY6-FMJSHgAe80ZbAAfLo1MVtupzRwIQR5-OivcABEAEg-eO_GWCVAqAB2bLcjQPIAQGpAirusN3IC10-qAMByAPLBKoE4QFP0B2Kt9_txNczodNFUZsbJNoQQPeSYuTH2u8ntheQD9f6r14wxxM65SdQ649yYuwYOqTPyB8_RUs31s7z45O4pTlILKtzDTnRghD8QWbr9wWmlFsRwR8TJp_eHx_uo7TLyiDj-ZWFFBHu9iwcRrQHMqBREZrW3CSEH8qBRg1YsLK7rYmfa1r8VP1YjLRF4yRajt6jngg_Hpj4nMSiyncgh63jFWgae4A4O7ZNdnhVd0vy82-z-BjIKWPK1N8Bm-JXp-r7pv_yUm55L7jxrRxJTlZs0UgCwxP84UBeXOSus0bABOyftpu3BIAHj82jcqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEKyjA9IIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMDiBQD0BUBgBcBshccChoIABIUcHViLTg0MzE4MTMxMjE4MTI0OTEYAA&sigh=VnKPcKZnGQM&uach_m=[UACH]&cid=CAQSGwDq26N9djQfPrcfVCYIOcdY52DRp3IcN68TcRgBIBM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1365725250&pi=t.ma~as.2642460384&w=468&lmt=1669353015&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015326&bpp=4&bdt=1130&idt=368&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=mmU4kfP8SO&p=https%3A//legas.com.ua&dtd=374
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 25 Nov 2022 05:10:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3CB9 143 B
166 B 62ms
61ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1365725250&pi=t.ma~as.2642460384&w=468&lmt=1669353015&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015326&bpp=4&bdt=1130&idt=368&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=mmU4kfP8SO&p=https%3A//legas.com.ua&dtd=374
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 868
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 04:55:48 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 25B7 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0a424d3190a0f0ce7b936d49c43a67cfbb149beed7c88e7d27e42707bdb4eb47

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 25B7 0
20 B 92ms
92ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoRCAEqDWJhbm5lci1ub2xvZ28KCggCKgZzZXJ2ZXIKFQgEKhFteXNpZGlhX2FuYWx5dGljcwoNECshAAAAAAAAIEAwBAoNEAMhAACAZmbOiUAwBAoNEAohAAAA0MxMMEAwBAoNEA0hAAAAAAAAAAAwBAoMEB4qBjQ2OHg2MDAECgwQGSoGNDY4eDYwMAQKDRAOIQAAAAAAAAAAMAQKDRAEIQAAAM3MYIpAMAQKDRAPIQAAAAAAAAAAMAQKDRArIQAAAAAAADtAMAQKDRAFIQAAgDMzY4pAMAQSGkNPXzhpc3pJeVBzQ0ZaUUQ0QW9kdktnRkdBIhx0ZXh0L21hY2F3X3dpbGRjYXRfbG9uZ3RpdGxlKBU=

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/cc1b8d1e1903d75e43ed2b2152915588.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3CB9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

96ms
95ms

Document
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 05:10:16 GMT
expires: Fri, 25 Nov 2022 05:10:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 05:10:16 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 25B7 28 KB
28 KB 264ms
133ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 09:03:51 GMT
x-content-type-options: nosniff
age: 158785
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Nov 2023 09:03:51 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjYUvaYr.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 25B7 14 KB
14 KB 248ms
118ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjYUvaYr.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15e749617a3856bfaa4d2cea0c50d88366d2b579841bd5a45bd2d34062babc51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 23:42:34 GMT
x-content-type-options: nosniff
age: 278862
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:04:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Nov 2023 23:42:34 GMT

GET
H2 200 1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v28/ Frame F69B 45 KB
46 KB 175ms
55ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:800,300,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 18 Nov 2022 08:23:46 GMT
x-content-type-options: nosniff
age: 593190
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46524
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Nov 2023 08:23:46 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 25B7 0
20 B 91ms
91ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/cc1b8d1e1903d75e43ed2b2152915588.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js Show response
pagead2.googlesyndication.com/bg/ Frame 1BAC 36 KB
16 KB 77ms
75ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 18:46:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123803
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16085
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 23 Nov 2023 18:46:54 GMT

GET
H3 200 Algovir_Packagings.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/ Frame F69B 26 KB
26 KB 65ms
64ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/Algovir_Packagings.png

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ba645c358687e7cd2018456d3691e703613aa27fa2fa2e54d9396cdf4c55b3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 23 Nov 2022 16:01:39 GMT
x-content-type-options: nosniff
age: 133718
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27097
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 11:17:37 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 16:01:39 GMT

GET
H3 200 Check.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/ Frame F69B 585 B
390 B 150ms
148ms Image
image/svg+xml 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/Check.svg

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f60b30f2c5ddad9a137a0bebdbcdd2df24cf8e1c3f229764e987d72d56aed439

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 23 Nov 2022 16:01:46 GMT
age: 133711
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 360
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 11:17:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 16:01:46 GMT

GET
H3 200 CTA_mehr_erfahren_einzeilig.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/ Frame F69B 5 KB
2 KB 149ms
146ms Image
image/svg+xml 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/CTA_mehr_erfahren_einzeilig.svg

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eba07c8aaf4516406fe82ace06334844f851e93b3efb12ef6ee69f190a5c4f67

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 23 Nov 2022 16:01:46 GMT
age: 133711
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1689
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 11:17:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 16:01:46 GMT

GET
H3 200 CTA_mehr_erfahren_zweizeilig.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/ Frame F69B 4 KB
1 KB 88ms
85ms Image
image/svg+xml 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/CTA_mehr_erfahren_zweizeilig.svg

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66e9c7e2345cb50b8e2eed66f19e4ca73427ec6b96b78ecf9387ad152003474b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 22 Nov 2022 19:21:36 GMT
age: 208121
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1265
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 11:17:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 22 Nov 2023 19:21:36 GMT

GET
H3 200 Bubbles.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/ Frame F69B 15 KB
15 KB 117ms
114ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/Bubbles.png

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

42e15b92dfd5ed76464a31a7e57706652db1f05e4287b112170f0f57c3aeb8f7

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sat, 19 Nov 2022 13:43:02 GMT
x-content-type-options: nosniff
age: 487635
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15028
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 11:17:37 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 19 Nov 2023 13:43:02 GMT

GET
H3 200 algovir_Visual_Spruehstoss.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/ Frame F69B 14 KB
14 KB 98ms
96ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/algovir_Visual_Spruehstoss.png

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21b2c55e517d80205308da0a13befc68d57b05b7f077646058b1b584ee872a5c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 23 Nov 2022 16:01:39 GMT
x-content-type-options: nosniff
age: 133718
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14241
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 11:17:37 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 16:01:39 GMT

GET
H3 200 algovir_flasche.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/ Frame F69B 20 KB
20 KB 150ms
148ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/algovir_flasche.png

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c45eea5e6944436e8762d9c18bde4591ac33efd2bfbda1ff9d064712cadaa1ce

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Tue, 22 Nov 2022 19:21:36 GMT
x-content-type-options: nosniff
age: 208121
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20835
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 11:17:37 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 22 Nov 2023 19:21:36 GMT

GET
H3 200 Viren.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/ Frame F69B 8 KB
8 KB 88ms
86ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4687128324995022848/Viren.png

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1c08ac4601146baf8c5c89c7ce57be133c9fa8cf02d02904f0a20d57b0d1e99

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 23 Nov 2022 16:01:39 GMT
x-content-type-options: nosniff
age: 133718
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7856
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 11:17:37 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 16:01:39 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 25B7 0
20 B 91ms
91ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoRCAEqDWJhbm5lci1ub2xvZ28KCggCKgZzZXJ2ZXIKFQgEKhFteXNpZGlhX2FuYWx5dGljcwoNEBQhAAAAAAB11UAwBAoNEBUhAAAAAAAAKEAwBAoNEBYhAAAAAAAAFEAwBAoNEBghAADAmZmHlkAwBAoNEDIhAAAAADQz0z8wBAoNEDMhAAAAADQz0z8wBAoNEDQhAAAAADQz0z8wBAoNEDUhAAAAADQz0z8wBAoNEDYhAAAAADQz0z8wBAoNEDchAAAAADQz0z8wBAoNEDghAAAAaGZmRkAwBAoNEDkhAAAAMzNDfkAwBAoNEDohAAAAzcxAgEAwBAoNEDshAAAAAABUkUAwBAoNEDwhAAAAAABUkUAwBAoNED0hAADAmZlZkUAwBAoNED4hAADAzMxalkAwBAoNED8hAADAzMxalkAwBAoNEEAhAACAZmaYlkAwBBIaQ09fOGlzekl5UHNDRlpRRDRBb2R2S2dGR0EiHHRleHQvbWFjYXdfd2lsZGNhdF9sb25ndGl0bGUoFQ==

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/cc1b8d1e1903d75e43ed2b2152915588.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK u2deohv8be4d Show response
hal9000.redintelligence.net/zone/ Frame 6B20 10 KB
3 KB 195ms
59ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/u2deohv8be4d?subid=&gdpr=1&gdpr_consent=li&rnd=8665791238723941630&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DVblgCjDxNHK1RA4D6-hTHw%26exch_seat%3D20035004448%26mt_aid%3D8665791238723941630%26mt_id%3D11147611%26mt_adid%3D215543%26mt_sid%3D12673720%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Df6046380-4e39-4501-a383-707fcf579d59%26mt_cid%3Df6046380-4e39-4501-a383-707fcf579d59%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8a_EN06AY5mVMNeZgQfwmp7wDM-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItODQzMTgxMzEyMTgxMjQ5McgBCagDAaoE1QFP0MpwZnLRCQ1FhPFWCyBs_PyM-qyxyQfyJgioJx9NkZyKk-RCnio4G4DVoe48CMBJnHdYBMpPF_mgOSXpZwLpRzAGarq1CjNBiWfSfgr2h9LgubiCQVkiOrTGYvDdY-woUAEjapvsiXM3wZnq8UaMnD-OrxEYirwroysHCZbpqiAiSFuCkcUkQi7WqSvp14ZOiInU9jqPr9Vk0HIhgc-ail7BL0p63gbmXKIRPsMHDBnb8zqMBhyGQ94Tghpgq-m0BLaLbx7f5s-QACTU-FGkOU_E9XKABrHqh6yLmZXE6QGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2X3pmMCZxeSgXifUqRPUzNMDB7hg%2526client%253Dca-pub-8431813121812491%2526adurl%253D%26redirect%3D
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 4c172ad40b3cedd336665b2162ac95c7a34f9c98d54c5ae6e583c5ad9c592f42

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Nov 2022 05:10:17 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3341
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 6B20 49 B
329 B 542ms
541ms Image
image/gif 103.229.205.243
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=8665791238723941630&node_id=3753&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVRoaE1EZ3dNVFl0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg2NjU3OTEyMzg3MjM5NDE2MzAvMTExNDc2MTEvMTI2NzM3MjAvNC9LaWFtVm4zck9OX25EQmZGQ3oxTFRZT0NPbmNZZkhZOFJfMWFZcm9COENBLzEvNC8wLzAvMjAyNTA5My8wLzIxNTU0My8xMjUxMzY2LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODY2NTc5MTIzODcyMzk0MTYzMC96cmgvMC85MTc4LzE3Lzk5OS8yNTgvMmEwMTo0YTA6MmM6Oi8wLjAwMC8xNjY5MzUzMDE1LzE2NjkzNjU2MTUvNC9wdWItODQzMTgxMzEyMTgxMjQ5MS8/ViqVho3O_3UE7cYV26jtEqJPX_A&nodeid=3753&group=zrh&auctionid=8665791238723941630&pbs_auctionid=8665791238723941630&shardkey=8665791238723941630&sid=12673720&cid=11147611&bp=a_befcig&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.146&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8a_EN06AY5mVMNeZgQfwmp7wDM-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItODQzMTgxMzEyMTgxMjQ5McgBCagDAaoE1QFP0MpwZnLRCQ1FhPFWCyBs_PyM-qyxyQfyJgioJx9NkZyKk-RCnio4G4DVoe48CMBJnHdYBMpPF_mgOSXpZwLpRzAGarq1CjNBiWfSfgr2h9LgubiCQVkiOrTGYvDdY-woUAEjapvsiXM3wZnq8UaMnD-OrxEYirwroysHCZbpqiAiSFuCkcUkQi7WqSvp14ZOiInU9jqPr9Vk0HIhgc-ail7BL0p63gbmXKIRPsMHDBnb8zqMBhyGQ94Tghpgq-m0BLaLbx7f5s-QACTU-FGkOU_E9XKABrHqh6yLmZXE6QGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2X3pmMCZxeSgXifUqRPUzNMDB7hg%26client%3Dca-pub-8431813121812491%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.229.205.243 , Singapore, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.372.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Nov 2022 05:10:17 GMT
Server: MMBD/3.372.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: nrt-router-x12, zrh-bidder-x14
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Fri, 25 Nov 2022 05:10:16 GMT

GET
H/1.1 200
OK analytics.js Show response
s.update.mediamathtag.com/2/619621/ Frame 6B20 6 KB
3 KB 284ms
55ms Script
text/javascript 52.19.198.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.mediamathtag.com/2/619621/analytics.js?dt=6196211556140246740000&pd=avt&di=https%3A//legas.com.ua&ui=a8a08016-0000-0000-0000-000000000000&ap=&ti=8665791238723941630&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&de=43003&si=406632678&dm=300x250&ac=1251366&cr=11147611&ai=215543&c1=12673720&r1=2a01:4a0:2c::&r2=&r3=

Requested by

Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVRoaE1EZ3dNVFl0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg2NjU3OTEyMzg3MjM5NDE2MzAvMTExNDc2MTEvMTI2NzM3MjAvNC9LaWFtVm4zck9OX25EQmZGQ3oxTFRZT0NPbmNZZkhZOFJfMWFZcm9COENBLzEvNC8wLzAvMjAyNTA5My8wLzIxNTU0My8xMjUxMzY2LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODY2NTc5MTIzODcyMzk0MTYzMC96cmgvMC85MTc4LzE3Lzk5OS8yNTgvMmEwMTo0YTA6MmM6Oi8wLjAwMC8xNjY5MzUzMDE1LzE2NjkzNjU2MTUvNC9wdWItODQzMTgxMzEyMTgxMjQ5MS8/ViqVho3O_3UE7cYV26jtEqJPX_A&nodeid=3753&group=zrh&auctionid=8665791238723941630&pbs_auctionid=8665791238723941630&shardkey=8665791238723941630&sid=12673720&cid=11147611&bp=a_befcig&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.146&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8a_EN06AY5mVMNeZgQfwmp7wDM-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItODQzMTgxMzEyMTgxMjQ5McgBCagDAaoE1QFP0MpwZnLRCQ1FhPFWCyBs_PyM-qyxyQfyJgioJx9NkZyKk-RCnio4G4DVoe48CMBJnHdYBMpPF_mgOSXpZwLpRzAGarq1CjNBiWfSfgr2h9LgubiCQVkiOrTGYvDdY-woUAEjapvsiXM3wZnq8UaMnD-OrxEYirwroysHCZbpqiAiSFuCkcUkQi7WqSvp14ZOiInU9jqPr9Vk0HIhgc-ail7BL0p63gbmXKIRPsMHDBnb8zqMBhyGQ94Tghpgq-m0BLaLbx7f5s-QACTU-FGkOU_E9XKABrHqh6yLmZXE6QGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2X3pmMCZxeSgXifUqRPUzNMDB7hg%26client%3Dca-pub-8431813121812491%26adurl%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

52.19.198.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-198-230.eu-west-1.compute.amazonaws.com

Software

Resource Hash

8ebb42f7961800b335cc59e31253f69ba914ba2731cd9970480a03576a3b1e9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Nov 2022 05:10:16 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: *
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Timing-Allow-Origin: *
Content-Length: 2984
Expires: 0

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 6B20 43 B
404 B 253ms
98ms Image
image/gif 88.221.168.207
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=8665791238723941630&v3=1251366&v4=12673720&v5=11147611&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVRoaE1EZ3dNVFl0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg2NjU3OTEyMzg3MjM5NDE2MzAvMTExNDc2MTEvMTI2NzM3MjAvNC9LaWFtVm4zck9OX25EQmZGQ3oxTFRZT0NPbmNZZkhZOFJfMWFZcm9COENBLzEvNC8wLzAvMjAyNTA5My8wLzIxNTU0My8xMjUxMzY2LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODY2NTc5MTIzODcyMzk0MTYzMC96cmgvMC85MTc4LzE3Lzk5OS8yNTgvMmEwMTo0YTA6MmM6Oi8wLjAwMC8xNjY5MzUzMDE1LzE2NjkzNjU2MTUvNC9wdWItODQzMTgxMzEyMTgxMjQ5MS8/ViqVho3O_3UE7cYV26jtEqJPX_A&nodeid=3753&group=zrh&auctionid=8665791238723941630&pbs_auctionid=8665791238723941630&shardkey=8665791238723941630&sid=12673720&cid=11147611&bp=a_befcig&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.146&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8a_EN06AY5mVMNeZgQfwmp7wDM-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItODQzMTgxMzEyMTgxMjQ5McgBCagDAaoE1QFP0MpwZnLRCQ1FhPFWCyBs_PyM-qyxyQfyJgioJx9NkZyKk-RCnio4G4DVoe48CMBJnHdYBMpPF_mgOSXpZwLpRzAGarq1CjNBiWfSfgr2h9LgubiCQVkiOrTGYvDdY-woUAEjapvsiXM3wZnq8UaMnD-OrxEYirwroysHCZbpqiAiSFuCkcUkQi7WqSvp14ZOiInU9jqPr9Vk0HIhgc-ail7BL0p63gbmXKIRPsMHDBnb8zqMBhyGQ94Tghpgq-m0BLaLbx7f5s-QACTU-FGkOU_E9XKABrHqh6yLmZXE6QGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2X3pmMCZxeSgXifUqRPUzNMDB7hg%26client%3Dca-pub-8431813121812491%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.168.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-168-207.deploy.static.akamaitechnologies.com
Software: MT3 169 32252b7 master cdg-pixel-x12 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Nov 2022 05:10:17 GMT
Server: MT3 169 32252b7 master cdg-pixel-x12 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Fri, 25 Nov 2022 05:10:16 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 6B20 49 B
329 B 1344ms
801ms Image
image/gif 103.229.205.243
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=8665791238723941630&st=12673720&time=1669353017&nodeid=3753
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVRoaE1EZ3dNVFl0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg2NjU3OTEyMzg3MjM5NDE2MzAvMTExNDc2MTEvMTI2NzM3MjAvNC9LaWFtVm4zck9OX25EQmZGQ3oxTFRZT0NPbmNZZkhZOFJfMWFZcm9COENBLzEvNC8wLzAvMjAyNTA5My8wLzIxNTU0My8xMjUxMzY2LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODY2NTc5MTIzODcyMzk0MTYzMC96cmgvMC85MTc4LzE3Lzk5OS8yNTgvMmEwMTo0YTA6MmM6Oi8wLjAwMC8xNjY5MzUzMDE1LzE2NjkzNjU2MTUvNC9wdWItODQzMTgxMzEyMTgxMjQ5MS8/ViqVho3O_3UE7cYV26jtEqJPX_A&nodeid=3753&group=zrh&auctionid=8665791238723941630&pbs_auctionid=8665791238723941630&shardkey=8665791238723941630&sid=12673720&cid=11147611&bp=a_befcig&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.146&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8a_EN06AY5mVMNeZgQfwmp7wDM-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItODQzMTgxMzEyMTgxMjQ5McgBCagDAaoE1QFP0MpwZnLRCQ1FhPFWCyBs_PyM-qyxyQfyJgioJx9NkZyKk-RCnio4G4DVoe48CMBJnHdYBMpPF_mgOSXpZwLpRzAGarq1CjNBiWfSfgr2h9LgubiCQVkiOrTGYvDdY-woUAEjapvsiXM3wZnq8UaMnD-OrxEYirwroysHCZbpqiAiSFuCkcUkQi7WqSvp14ZOiInU9jqPr9Vk0HIhgc-ail7BL0p63gbmXKIRPsMHDBnb8zqMBhyGQ94Tghpgq-m0BLaLbx7f5s-QACTU-FGkOU_E9XKABrHqh6yLmZXE6QGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2X3pmMCZxeSgXifUqRPUzNMDB7hg%26client%3Dca-pub-8431813121812491%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.229.205.243 , Singapore, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.372.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Nov 2022 05:10:18 GMT
Server: MMBD/3.372.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: nrt-router-x10, zrh-bidder-x14
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Fri, 25 Nov 2022 05:10:17 GMT

GET
H/1.1 200
OK request.php Show response
hal900026.redintelligence.net/ Frame 6B20 613 B
773 B 229ms
99ms Script
application/x-javascript 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request.php?zone=u2deohv8be4d&nw=20&renderingType=javascript&namespace=de149bcb97&subid=&uid=a82c7fbb3b93e7f3&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DVblgCjDxNHK1RA4D6-hTHw%26exch_seat%3D20035004448%26mt_aid%3D8665791238723941630%26mt_id%3D11147611%26mt_adid%3D215543%26mt_sid%3D12673720%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Df6046380-4e39-4501-a383-707fcf579d59%26mt_cid%3Df6046380-4e39-4501-a383-707fcf579d59%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8a_EN06AY5mVMNeZgQfwmp7wDM-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItODQzMTgxMzEyMTgxMjQ5McgBCagDAaoE1QFP0MpwZnLRCQ1FhPFWCyBs_PyM-qyxyQfyJgioJx9NkZyKk-RCnio4G4DVoe48CMBJnHdYBMpPF_mgOSXpZwLpRzAGarq1CjNBiWfSfgr2h9LgubiCQVkiOrTGYvDdY-woUAEjapvsiXM3wZnq8UaMnD-OrxEYirwroysHCZbpqiAiSFuCkcUkQi7WqSvp14ZOiInU9jqPr9Vk0HIhgc-ail7BL0p63gbmXKIRPsMHDBnb8zqMBhyGQ94Tghpgq-m0BLaLbx7f5s-QACTU-FGkOU_E9XKABrHqh6yLmZXE6QGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2X3pmMCZxeSgXifUqRPUzNMDB7hg%2526client%253Dca-pub-8431813121812491%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-8431813121812491%26output%3Dhtml%26h%3D250%26slotname%3D8161031849%26adk%3D4210853449%26adf%3D3405296861%26pi%3Dt.ma~as.8161031849%26w%3D300%26lmt%3D1669353015%26format%3D300x250%26url%3Dhttps%253A%252F%252Flegas.com.ua%252F%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1669353015603%26bpp%3D2%26bdt%3D1407%26idt%3D123%26shv%3Dr20221110%26mjsv%3Dm202211150101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_slotnames%3D2642460384%252C2642460384%252C3398747635%26correlator%3D4076884363074%26frm%3D20%26pv%3D1%26ga_vid%3D1703342002.1669353015%26ga_sid%3D1669353016%26ga_hid%3D1745263470%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D1109%26ady%3D110%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759837%252C42531706%252C31070969%252C44777948%26oid%3D2%26pvsid%3D2614634184975198%26tmod%3D1309139445%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D640%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3Dd%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D4%26uci%3Da!4%26fsb%3D1%26xpc%3DvJwtd18H85%26p%3Dhttps%253A%2F%2Flegas.com.ua%26dtd%3D131&ancestorOrigins=null&random=8774601397183&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/u2deohv8be4d?subid=&gdpr=1&gdpr_consent=li&rnd=8665791238723941630&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DVblgCjDxNHK1RA4D6-hTHw%26exch_seat%3D20035004448%26mt_aid%3D8665791238723941630%26mt_id%3D11147611%26mt_adid%3D215543%26mt_sid%3D12673720%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Df6046380-4e39-4501-a383-707fcf579d59%26mt_cid%3Df6046380-4e39-4501-a383-707fcf579d59%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8a_EN06AY5mVMNeZgQfwmp7wDM-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItODQzMTgxMzEyMTgxMjQ5McgBCagDAaoE1QFP0MpwZnLRCQ1FhPFWCyBs_PyM-qyxyQfyJgioJx9NkZyKk-RCnio4G4DVoe48CMBJnHdYBMpPF_mgOSXpZwLpRzAGarq1CjNBiWfSfgr2h9LgubiCQVkiOrTGYvDdY-woUAEjapvsiXM3wZnq8UaMnD-OrxEYirwroysHCZbpqiAiSFuCkcUkQi7WqSvp14ZOiInU9jqPr9Vk0HIhgc-ail7BL0p63gbmXKIRPsMHDBnb8zqMBhyGQ94Tghpgq-m0BLaLbx7f5s-QACTU-FGkOU_E9XKABrHqh6yLmZXE6QGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2X3pmMCZxeSgXifUqRPUzNMDB7hg%2526client%253Dca-pub-8431813121812491%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d464e3962df1445f4b1dd527259d9c2bb50f15f6999bc823f8cd2c56a3fd0d56

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Nov 2022 05:10:17 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 11162600010773006352827012154026
Connection: close
Content-Length: 330
Expires: Fri, 25 Nov 2022 05:10:17 +0100

GET
H/1.1 200
OK request_content.php Show response
hal900026.redintelligence.net/ Frame 571B 7 KB
3 KB 179ms
62ms Document
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request_content.php?s=11162600010773006352827012154026&a=aa6192c0
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=u2deohv8be4d&nw=20&renderingType=javascript&namespace=de149bcb97&subid=&uid=a82c7fbb3b93e7f3&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DVblgCjDxNHK1RA4D6-hTHw%26exch_seat%3D20035004448%26mt_aid%3D8665791238723941630%26mt_id%3D11147611%26mt_adid%3D215543%26mt_sid%3D12673720%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Df6046380-4e39-4501-a383-707fcf579d59%26mt_cid%3Df6046380-4e39-4501-a383-707fcf579d59%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8a_EN06AY5mVMNeZgQfwmp7wDM-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItODQzMTgxMzEyMTgxMjQ5McgBCagDAaoE1QFP0MpwZnLRCQ1FhPFWCyBs_PyM-qyxyQfyJgioJx9NkZyKk-RCnio4G4DVoe48CMBJnHdYBMpPF_mgOSXpZwLpRzAGarq1CjNBiWfSfgr2h9LgubiCQVkiOrTGYvDdY-woUAEjapvsiXM3wZnq8UaMnD-OrxEYirwroysHCZbpqiAiSFuCkcUkQi7WqSvp14ZOiInU9jqPr9Vk0HIhgc-ail7BL0p63gbmXKIRPsMHDBnb8zqMBhyGQ94Tghpgq-m0BLaLbx7f5s-QACTU-FGkOU_E9XKABrHqh6yLmZXE6QGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2X3pmMCZxeSgXifUqRPUzNMDB7hg%2526client%253Dca-pub-8431813121812491%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-8431813121812491%26output%3Dhtml%26h%3D250%26slotname%3D8161031849%26adk%3D4210853449%26adf%3D3405296861%26pi%3Dt.ma~as.8161031849%26w%3D300%26lmt%3D1669353015%26format%3D300x250%26url%3Dhttps%253A%252F%252Flegas.com.ua%252F%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1669353015603%26bpp%3D2%26bdt%3D1407%26idt%3D123%26shv%3Dr20221110%26mjsv%3Dm202211150101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_slotnames%3D2642460384%252C2642460384%252C3398747635%26correlator%3D4076884363074%26frm%3D20%26pv%3D1%26ga_vid%3D1703342002.1669353015%26ga_sid%3D1669353016%26ga_hid%3D1745263470%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D1109%26ady%3D110%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759837%252C42531706%252C31070969%252C44777948%26oid%3D2%26pvsid%3D2614634184975198%26tmod%3D1309139445%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D640%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3Dd%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D4%26uci%3Da!4%26fsb%3D1%26xpc%3DvJwtd18H85%26p%3Dhttps%253A%2F%2Flegas.com.ua%26dtd%3D131&ancestorOrigins=null&random=8774601397183&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 0029c0cc39dd2f714404c89dfc146a9fef4e2d72b8f2724b50b6625eb973198b

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2283
Content-Type: text/html; charset=utf-8
Date: Fri, 25 Nov 2022 05:10:17 GMT
Expires: Fri, 25 Nov 2022 05:10:17 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 6B20 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65268eba6f906ae2598abc2faa6ebd764d374a8e98d4fe8d19f0531b06cad557

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/ Frame 6B20 0
145 B 215ms
53ms XHR
text/plain 52.19.198.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/postback?oz_pl=1&di=https%3A%2F%2Flegas.com.ua&ac=1251366&ci=619621&dt=6196211556140246740000&ti=8665791238723941630&cr=11147611&c1=12673720&r1=2a01%3A4a0%3A2c%3A%3A&r2=&ui=a8a08016-0000-0000-0000-000000000000&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&ai=215543&r3=&pd=avt&ap=&de=43003&si=406632678&dm=300x250&_x=1
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/619621/analytics.js?dt=6196211556140246740000&pd=avt&di=https%3A//legas.com.ua&ui=a8a08016-0000-0000-0000-000000000000&ap=&ti=8665791238723941630&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&de=43003&si=406632678&dm=300x250&ac=1251366&cr=11147611&ai=215543&c1=12673720&r1=2a01:4a0:2c::&r2=&r3=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.19.198.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-198-230.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 25 Nov 2022 05:10:17 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK main.js Show response
s.update.mediamathtag.com/2/2.82.0/ Frame 6B20 169 KB
53 KB 54ms
54ms Script
text/javascript 52.19.198.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.mediamathtag.com/2/2.82.0/main.js

Requested by

Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/619621/analytics.js?dt=6196211556140246740000&pd=avt&di=https%3A//legas.com.ua&ui=a8a08016-0000-0000-0000-000000000000&ap=&ti=8665791238723941630&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&de=43003&si=406632678&dm=300x250&ac=1251366&cr=11147611&ai=215543&c1=12673720&r1=2a01:4a0:2c::&r2=&r3=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

52.19.198.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-198-230.eu-west-1.compute.amazonaws.com

Software

Resource Hash

d2cb6c4ce0b2ef4fb404019c0792255259d1b723c01cda789e5412da48fe1541

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Nov 2022 05:10:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: br
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: Origin, Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, no-transform, immutable, max-age=999999999
Timing-Allow-Origin: *
Content-Length: 54050
Expires: Mon, 03 Aug 2054 05:36:40 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 571B 89 KB
32 KB 185ms
57ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=11162600010773006352827012154026&a=aa6192c0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 23:14:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21372
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Nov 2023 23:14:06 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 571B 732 B
924 B 246ms
73ms Script
text/javascript 37.157.6.242
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=59631611;click=https://hal900026.redintelligence.net/c/pds3c8pageapv0t?tprd=

Requested by

Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=11162600010773006352827012154026&a=aa6192c0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e370293e768be9a266c8613ad139fbaaf30f598f036b56fd5431394122f0d459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 531
expires: -1

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/ Frame 6B20 0
145 B 56ms
53ms XHR
text/plain 52.19.198.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/postback?oz_pl=1&di=https%3A%2F%2Flegas.com.ua&ac=1251366&ci=619621&dt=6196211556140246740000&ti=8665791238723941630&cr=11147611&c1=12673720&r1=2a01%3A4a0%3A2c%3A%3A&r2=&ui=a8a08016-0000-0000-0000-000000000000&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&ai=215543&r3=&pd=avt&ap=&de=43003&si=406632678&dm=300x250&_x=1
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/619621/analytics.js?dt=6196211556140246740000&pd=avt&di=https%3A//legas.com.ua&ui=a8a08016-0000-0000-0000-000000000000&ap=&ti=8665791238723941630&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&de=43003&si=406632678&dm=300x250&ac=1251366&cr=11147611&ai=215543&c1=12673720&r1=2a01:4a0:2c::&r2=&r3=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.19.198.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-198-230.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 25 Nov 2022 05:10:17 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/ Frame 6B20 0
145 B 99ms
53ms XHR
text/plain 52.19.198.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/postback?di=https%3A%2F%2Flegas.com.ua&ac=1251366&ci=619621&dt=6196211556140246740000&ti=8665791238723941630&cr=11147611&c1=12673720&r1=2a01%3A4a0%3A2c%3A%3A&r2=&ui=a8a08016-0000-0000-0000-000000000000&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&ai=215543&r3=&pd=avt&ap=&de=43003&si=406632678&dm=300x250&sid=AafxYocQEPNNPfOV&oz_sc=0507b9224bc4e554ab6e3e00&oz_df=1669353018091&oz_l=1125&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.82.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.19.198.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-198-230.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 25 Nov 2022 05:10:17 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 25B7 42 B
64 B 210ms
94ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuEjiCLEzmYHAYl7wIFiKDyMe_jOGXwfBFJRSWUygjjkhUpqzPGDFAryxO2ZX87-Mx1ZlZbAzwbbDFG9n9KhwqnjK_nXPvZLoRbJlhnrJRnI56wsd5EC0JWJD1YcD7lDFj_m9zKTJiNySQSiEmbJeCprjgBHuqVoh2TC1giy_AtZt2_GQtKvBIycAl14KomljNHu33RQHBPsJ3SOZy_VzQlxjWXJ-2r2l8UUM9l1Hhgh1WdcixCw31O6Bfe1GHopLHtH-yy69eRflDth7MhxUxLjVQ0Ps39UgMMzzTqcgtkrt266Jia-SpAPN0YHZJZbW1UmARvsTnuBUP8yGWU9VFHlmh9-1rOqFC-KcwMOEiIm1rkgZt4rUgFS81xukjORtto8E1AuhylRYy9abK_4Ni9hjmh9z9YBv59YMLYhwm4IW0DBehJe7b7ZQ3dI5p_xQ3Zlnqkze_ueIEes7jzcjq2WnN29YxRAZh6bfwyps3ntJoIOrodNYk3aKfi_ebSxfSlYyuHHZ6jnrLGg7Jmbbru7VQHdl_Zi9vKlehyAj4gMoNFqmKRnLJqXlA3QaMs29QbYKKRlerkaYpWmXsGPWKujNErdx65ANhClYqpCAVoHPgyp4mBJ4VaEs_EVCkS9k0bkWwkOFa2DPXazmelb3n7ZHSuz04MrxJnSfnshOorQFs-qzv0j9hAI6PQYwMWOO-rPMxGOelddQGWRVgQsYJIjyEzlDDhrHrIcG_BaB9JIXwHeBTJfEqPahSB1LzIQN1y2oHV_i3jypKhMfrbxxYN4Py8FzpUUdX76K-xyk3OpF5oN-hFx7FreVuUnnhmDvgQtDvRInDPzrkYbN3k12ULnI9v3dDruw-PNKtubEZaI21H13enDvf5UjDCIGDXD1VpLMr5drlQyvJXQGVtkOZzxEIQ3_KlFDjl78RG4JKx1msrzXlCaP65SzFiUfON6rGkxxv5yt9oz1l_QK4&sai=AMfl-YTCCJt14Xfv33C0XMCDLFNrOeNTUPju1RxHJTgmR8qC26IsjIdbKk9bjJEzNEYHRodPZcYMSeSA_RxxfrLPpStRT7R82KjTNGkt&sig=Cg0ArKJSzLzb8CV9DdWlEAE&cid=CAQSGwDq26N9djQfPrcfVCYIOcdY52DRp3IcN68TcRgBIBM&id=lidar2&mcvt=1005&p=0,0,60,468&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20221110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=903195660&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1669353015701&rpt=1443&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK 49587fa7-6a44-4e92-8f14-501a86e6c03a
https://googleads.g.doubleclick.net/ Frame 6348 185 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://googleads.g.doubleclick.net/49587fa7-6a44-4e92-8f14-501a86e6c03a
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=250&slotname=8161031849&adk=4210853449&adf=3405296861&pi=t.ma~as.8161031849&w=300&lmt=1669353015&format=300x250&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015603&bpp=2&bdt=1407&idt=123&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&prev_slotnames=2642460384%2C2642460384%2C3398747635&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1109&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=vJwtd18H85&p=https%3A//legas.com.ua&dtd=131
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 848fe19ed492948709b881f504ce2eb6274baa694606ca88eb9b2990a2460caf

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Length: 185
Content-Type: application/javascript

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/ Frame 6B20 0
145 B 54ms
54ms XHR
text/plain 52.19.198.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/postback?di=https%3A%2F%2Flegas.com.ua&ac=1251366&ci=619621&dt=6196211556140246740000&ti=8665791238723941630&cr=11147611&c1=12673720&r1=2a01%3A4a0%3A2c%3A%3A&r2=&ui=a8a08016-0000-0000-0000-000000000000&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&ai=215543&r3=&pd=avt&ap=&de=43003&si=406632678&dm=300x250&sid=AafxYocQEPNNPfOV&oz_sc=0507b9224bc4e554ab6e3e00&oz_df=1669353018277&oz_l=5649&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.82.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.19.198.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-198-230.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 25 Nov 2022 05:10:17 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK viewability Show response
hal900026.redintelligence.net/ Frame 571B 0
150 B 181ms
63ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/viewability?s=11162600010773006352827012154026&a=cae98655&vb=m
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=11162600010773006352827012154026&a=aa6192c0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/request_content.php?s=11162600010773006352827012154026&a=aa6192c0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Nov 2022 05:10:18 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 571B 34 KB
16 KB 228ms
71ms Script
text/javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=59631611;click=https://hal900026.redintelligence.net/c/pds3c8pageapv0t?tprd=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: a46228d57faaf3cd1ec77fbed362c13944f30d9e92a4e1e5d3603c3902555df7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 26 Nov 2022 08:12:15 GMT

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/ Frame 6B20 0
145 B 54ms
54ms XHR
text/plain 52.19.198.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/postback?di=https%3A%2F%2Flegas.com.ua&ac=1251366&ci=619621&dt=6196211556140246740000&ti=8665791238723941630&cr=11147611&c1=12673720&r1=2a01%3A4a0%3A2c%3A%3A&r2=&ui=a8a08016-0000-0000-0000-000000000000&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&ai=215543&r3=&pd=avt&ap=&de=43003&si=406632678&dm=300x250&sid=AafxYocQEPNNPfOV&oz_sc=0507b9224bc4e554ab6e3e00&oz_df=1669353018438&oz_l=5825&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.82.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.19.198.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-198-230.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 25 Nov 2022 05:10:17 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/ Frame 6B20 0
145 B 54ms
54ms XHR
text/plain 52.19.198.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/postback?di=https%3A%2F%2Flegas.com.ua&ac=1251366&ci=619621&dt=6196211556140246740000&ti=8665791238723941630&cr=11147611&c1=12673720&r1=2a01%3A4a0%3A2c%3A%3A&r2=&ui=a8a08016-0000-0000-0000-000000000000&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&ai=215543&r3=&pd=avt&ap=&de=43003&si=406632678&dm=300x250&sid=AafxYocQEPNNPfOV&oz_sc=0507b9224bc4e554ab6e3e00&oz_df=1669353018593&oz_l=388&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.82.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.19.198.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-198-230.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 25 Nov 2022 05:10:17 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 571B 4 KB
2 KB 83ms
82ms Script
text/javascript 37.157.6.242
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=59631611;click=https://hal900026.redintelligence.net/c/pds3c8pageapv0t?tprd=;js=1;adfxid=1x;3788;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Flegas.com.ua

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

11a32fd2fa6845655ec6381a18811ed2d3bd5f69507c21f118ccd19fcc91ec3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 2020
expires: -1

GET
BLOB 200
OK d6ea547a-ea29-4c79-94f0-33acabe838a2
https://googleads.g.doubleclick.net/ Frame 6B20 802 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://googleads.g.doubleclick.net/d6ea547a-ea29-4c79-94f0-33acabe838a2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=250&slotname=8161031849&adk=4210853449&adf=3405296861&pi=t.ma~as.8161031849&w=300&lmt=1669353015&format=300x250&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353015603&bpp=2&bdt=1407&idt=123&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&prev_slotnames=2642460384%2C2642460384%2C3398747635&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1109&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=vJwtd18H85&p=https%3A//legas.com.ua&dtd=131
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 37960dfb0a74afa247b54cb6a48281a632d77569d896e4d5966c98b0ca166b1c

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Length: 802

GET
DATA 200
OK truncated
/ Frame 571B 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/ Frame 571B 90 KB
39 KB 94ms
94ms Script
text/javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 8e16ad2005bc4c19f8560189ef6e7b7475f2b3def2c60a57f9041fac5b4f94cf

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 26 Nov 2022 08:12:16 GMT

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/ Frame 6B20 0
145 B 54ms
54ms XHR
text/plain 52.19.198.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/postback?di=https%3A%2F%2Flegas.com.ua&ac=1251366&ci=619621&dt=6196211556140246740000&ti=8665791238723941630&cr=11147611&c1=12673720&r1=2a01%3A4a0%3A2c%3A%3A&r2=&ui=a8a08016-0000-0000-0000-000000000000&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&ai=215543&r3=&pd=avt&ap=&de=43003&si=406632678&dm=300x250&sid=AafxYocQEPNNPfOV&oz_sc=0507b9224bc4e554ab6e3e00&oz_df=1669353018747&oz_l=648&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.82.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.19.198.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-198-230.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 25 Nov 2022 05:10:18 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 172ms
63ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=legas.com.ua

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 174ms
64ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=legas.com.ua

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 47B1 141 KB
40 KB 292ms
290ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&adk=1812271804&adf=3025194257&lmt=1669353018&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Flegas.com.ua%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669353018768&bpp=2&bdt=4572&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D4bafd428082bfc3f-22a107f38dd700db%3AT%3D1669353015%3ART%3D1669353015%3AS%3DALNI_MbsQFr0dyyyC5Cqz_9-JIvfOy5m1w&gpic=UID%3D00000b86c09366a6%3AT%3D1669353015%3ART%3D1669353015%3AS%3DALNI_Mbxw9rs_s7fvjiFQvD660djbnQR9g&prev_fmts=300x250&prev_slotnames=2642460384%2C2642460384%2C3398747635&nras=1&correlator=4076884363074&frm=20&pv=1&ga_vid=1703342002.1669353015&ga_sid=1669353016&ga_hid=1745263470&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070969%2C44777948&oid=2&psts=AMjMPc1aAGgrNQXu-zrHbqwRX_d5vO7ArS9GB_meOVuJRpZ7c653kssxdObWdUrfRHLPTEXmeYiRS2cvCX6xO9V4GQ%2CAMjMPc3-qi4U6vg_6q5KNvshmJ1G1iKS31LvlQdHpHHwKWuLfCrD2183KMjHweoJJ89svzmFvpIUkGmjQyXINSY%2CAMjMPc2PgKGOO8_pgqGJSjwJkoNDeJXcSfCtqac_nH3Ly8NfIiZ_mOzXtgA5u_twDeCgAKsAyRfv6tG78-NnEw&pvsid=2614634184975198&tmod=1309139445&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=5&uci=a!5&fsb=1&dtd=20

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8219515bf64b816482bc116d80b889ac71e9f54a874a6e64b164957c8771613

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 41207
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 05:10:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 75ms
75ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221110&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1dd2593c68883ea427e0cd5a2a63af49b0798b9feeffcfa0c92867ed98daed41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11074
x-xss-protection: 0

GET
H2 200 like.php Show response
www.facebook.com/v2.0/plugins/ Frame CFCE 50 KB
18 KB 275ms
154ms Document
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df15def152a13a24%26domain%3Dlegas.com.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Flegas.com.ua%252Ff223b2ea35a6878%26relation%3Dparent.parent&container_width=300&href=http%3A%2F%2Flegas.com.ua%2F&layout=standard&locale=en_US&sdk=joey&share=true&show_faces=true&width=230

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=d4ddd1429bf0e7a6a799deafff31abee

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8856eddb55ee169f7678d72627ce24de8b8b3a94ee020bcdde6e8352857ec4fb

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Fri, 25 Nov 2022 05:10:19 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v9.0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: SzZUNfTN8vHS7QqOmBGY5solpx/iM4Oep2+ro+uFYU64vw0D6R9zoWYt7asFlOS1He76KUzsBZwQ5daZzDBdMA==
x-fb-rlafr: 0
x-xss-protection: 0

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 168ms
57ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-9703351-1&cid=1703342002.1669353015&jid=1201671239&gjid=57405462&_gid=987223809.1669353015&_u=aGDAgEABAAAAAGAAI~&z=321440176

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://legas.com.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 25 Nov 2022 05:10:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://legas.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N2VDHS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 25 Nov 2022 03:15:54 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 6864
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Fri, 25 Nov 2022 05:15:54 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 65ms
65ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1745263470&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=Full%20Page%20Load&utl=6-10%20seconds&utt=6396&_u=aGDAAEABAAAAAGAAI~&jid=773942746&gjid=1202975603&cid=1703342002.1669353015&tid=UA-9703351-1&_gid=987223809.1669353015&_r=1&gtm=2wgb90N2VDHS&z=908369223

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://legas.com.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://legas.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 57ms
57ms Image
image/gif 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1745263470&t=event&ni=1&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Page%20Load%20Time&ea=6-10%20seconds&el=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB%20%3A%3A%20https%3A%2F%2Flegas.com.ua%2F&ev=6396&_u=aGDAgEABAAAAACAAI~&jid=1201671239&gjid=57405462&cid=1703342002.1669353015&tid=UA-9703351-1&_gid=987223809.1669353015&gtm=2wgb90N2VDHS&z=335042766

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Nov 2022 12:43:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 59233
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 59ms
56ms Image
image/gif 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1745263470&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=DNS%20Lookup&utl=%3C%200.1%20second&utt=0&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=1703342002.1669353015&tid=UA-9703351-1&_gid=987223809.1669353015&gtm=2wgb90N2VDHS&z=509218660

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Nov 2022 12:43:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 59233
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 60ms
57ms Image
image/gif 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1745263470&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=TTFB&utl=0.5-1%20second&utt=731&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=1703342002.1669353015&tid=UA-9703351-1&_gid=987223809.1669353015&gtm=2wgb90N2VDHS&z=1026125166

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Nov 2022 12:43:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 59233
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 63ms
61ms Image
image/gif 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1745263470&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=HTML%20Download&utl=0.2-0.5%20second&utt=394&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=1703342002.1669353015&tid=UA-9703351-1&_gid=987223809.1669353015&gtm=2wgb90N2VDHS&z=1919657998

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Nov 2022 12:43:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 59233
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 63ms
61ms Image
image/gif 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1745263470&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=Parsing&utl=1-2%20seconds&utt=1540&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=1703342002.1669353015&tid=UA-9703351-1&_gid=987223809.1669353015&gtm=2wgb90N2VDHS&z=1104300382

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Nov 2022 12:43:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 59233
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 63ms
62ms Image
image/gif 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1745263470&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=Rendering&utl=4-5%20seconds&utt=4180&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=1703342002.1669353015&tid=UA-9703351-1&_gid=987223809.1669353015&gtm=2wgb90N2VDHS&z=1939240456

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Nov 2022 12:43:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 59233
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 64ms
62ms Image
image/gif 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1745263470&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=DOM%20Loaded%20and%20Parsed&utl=3-4%20seconds&utt=3381&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=1703342002.1669353015&tid=UA-9703351-1&_gid=987223809.1669353015&gtm=2wgb90N2VDHS&z=1960925118

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Nov 2022 12:43:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 59233
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 64ms
62ms Image
image/gif 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1745263470&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Resource%20Load%20Time&utv=caddy_seats_new2.gif&utl=2-3%20seconds&utt=2162&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=1703342002.1669353015&tid=UA-9703351-1&_gid=987223809.1669353015&gtm=2wgb90N2VDHS&z=1524769188

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Nov 2022 12:43:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 59233
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 64ms
63ms Image
image/gif 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1745263470&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Resource%20Load%20Time&utv=%3Fi040510111616%26t4%26g27%26w1600%26c24%26r%26v3%26j0&utl=2-3%20seconds&utt=2725&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=1703342002.1669353015&tid=UA-9703351-1&_gid=987223809.1669353015&gtm=2wgb90N2VDHS&z=1611326939

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Nov 2022 12:43:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 59233
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 568ms
568ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 05:10:19 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame 571B 35 B
478 B 74ms
72ms Ping
image/gif 37.157.6.242
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=59631611&csi=Rn8odn3ebnmD8pBYkY8nDSExSUFnUsNAzZtvaOws1WPrygPkIxxfk4RNyTQtbRUN4qCa00DgBEhtnMaUPSIcmd6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900026.redintelligence.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://hal900026.redintelligence.net
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6B20 42 B
64 B 91ms
91ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuvbSGQEndqphayWE0VPbZZcqPEavqdPP87QRlo5uqUg7j6ihH2THimVxqfNeeV-4C3XhL4uNxFO-2_JTyCGPcRStW8&sig=Cg0ArKJSzI22e2gpBM2vEAE&id=lidar2&mcvt=1022&p=0,0,250,300&mtos=1022,1022,1022,1022,1022&tos=1022,0,0,0,0&v=20221110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4210853449&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1669353015735&rpt=2137&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 82ms
56ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-9703351-1&cid=1703342002.1669353015&jid=773942746&gjid=1202975603&_gid=987223809.1669353015&_u=aGDAAEABAAAAAGAAI~&z=1952574523

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://legas.com.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 25 Nov 2022 05:10:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://legas.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 12038844.js Show response
s1.adform.net/Banners/Elements/Files/160090/12038844/ Frame D001 3 KB
1 KB 77ms
73ms Script
application/x-javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/12038844.js?ADFassetID=12038844&bv=258
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: fecb1b3f5b31880bc72d6c60a999bc11df4bf1c70bc74690914dd734c59cc816

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
content-encoding: gzip
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx000004dbea93489b41d04-00637b8d7e-32940f80-default
etag: W/"f28fa7872935ca7fce857512a5240773"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/ Frame 6B20 0
145 B 54ms
54ms XHR
text/plain 52.19.198.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/postback?di=https%3A%2F%2Flegas.com.ua&ac=1251366&ci=619621&dt=6196211556140246740000&ti=8665791238723941630&cr=11147611&c1=12673720&r1=2a01%3A4a0%3A2c%3A%3A&r2=&ui=a8a08016-0000-0000-0000-000000000000&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&ai=215543&r3=&pd=avt&ap=&de=43003&si=406632678&dm=300x250&sid=AafxYocQEPNNPfOV&oz_sc=0507b9224bc4e554ab6e3e00&oz_df=1669353018909&oz_l=8867&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.82.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.19.198.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-198-230.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 25 Nov 2022 05:10:18 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 screen.css
s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/ Frame D001 1 KB
914 B 73ms
69ms Stylesheet
text/css 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/screen.css
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 22233361ada3cc26b4e02d56e7e1bbf12a27e109c4df9e67a2f756257585021b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
content-encoding: gzip
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx000007ca705487ffd688f-00637b83c3-329373d4-default
etag: W/"1081e20ce0fe6181a177eb00a7815ab1"
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame D001 30 KB
14 KB 84ms
81ms Script
application/javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
content-encoding: gzip
last-modified: Wed, 08 Jun 2022 12:02:22 GMT
server: nginx
x-amz-request-id: tx00000a3594564e653314a-0063765fcb-3293868f-default
etag: W/"4731aef0a5114a59b4311776d270e848"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 introfill.png
s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/ Frame D001 106 B
436 B 86ms
83ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/introfill.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: d1af9da57519fd2466a4e032395abcb89c6e405ac5de28ecdddcda93bf3ab768

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx00000ecdeafc4ec54630c-00637b83c4-3293aae9-default
etag: "bed6577a35da7347c5e0fc9e98ed26d6"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 106

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/ Frame D001 1 KB
2 KB 86ms
83ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/cta.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 18f99aaa7fe5f2b285c42b3a6f9a9ef312983be8d86d99517b7f25cd6fe888ba

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx00000b88fe085797e0197-00637b83c4-32941e2b-default
etag: "7321e980c760ead10c1b95066e0cacfb"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1528

GET
H2 200 disclaimer.png
s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/ Frame D001 3 KB
3 KB 87ms
84ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/disclaimer.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 464ff87f2b7b35587e953c632ddfa78cdceaf1094f7e39553ee3e1d16c18d6c3

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx00000061c478d3cca1dac-00637b83c4-329373d4-default
etag: "1adac539639ae3b51804be19789ffb1a"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2799

GET
H2 200 logo.png
s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/ Frame D001 5 KB
5 KB 92ms
89ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/logo.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bc9f634bcbde3783be6101e8fb38a18e93c1e737843bf9136fc857964eb32b98

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx000004af8ec498cdf3d3e-00637b83c4-329354d9-default
etag: "cbcccd228dee49920aa2f78716f70a6d"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5125

GET
H2 200 logoend.png
s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/ Frame D001 8 KB
8 KB 97ms
94ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/logoend.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 4e601f0e86ce228bf0586b64f9d85ac4a239fa1ff71886f0a35475678773cdca

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx00000d08508abd9e7ec18-00637b83c4-329373d4-default
etag: "c99e04b95a442151ff51ee5dea1eab12"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 8074

GET
H2 200 background.jpg
s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/ Frame D001 4 KB
4 KB 98ms
96ms Image
image/jpeg 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/background.jpg
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 9b98385b1458b52b17cd1108e4913325690674965a81a891fe9015631afa5844

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx00000b1295535dc900685-00637b83c4-3293868f-default
etag: "9279336e79d31539fdd8e5b3457040ea"
x-cache-status: STALE
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4070

GET
H2 200 start1.jpg
s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/ Frame D001 20 KB
20 KB 111ms
108ms Image
image/jpeg 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/start1.jpg
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 9ae50611d88637626e77fde36ee15395d26d7fad3c623c7bfd9a8cd80f4562a0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx00000b08f4c6ddd8b2417-00637b83c4-32941e2b-default
etag: "6302a167aa48d0600c8c2d2c16b6ca2c"
x-cache-status: STALE
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 20341

GET
H2 200 start2.jpg
s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/ Frame D001 33 KB
33 KB 150ms
148ms Image
image/jpeg 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/start2.jpg
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: cb84776b7fb75c84182c1a3cd52f73d0f3baa9e107342770795d7a02087bd97d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx00000feb16ac168edb7d1-00637b83c4-329354d9-default
etag: "5bb71386f5bc8e595814b4720d4cbcdd"
x-cache-status: STALE
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 33305

GET
H2 200 text1.png
s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/ Frame D001 4 KB
4 KB 164ms
162ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/text1.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: d1b2788bdb29920e14f411f35f97d863621b0c41fad38c75bb5643ce61fa5ac6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx000007f76f0f335b00be0-00637b83c4-3293868f-default
etag: "15d23338380386aab41beb2c17d051c0"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 3912

GET
H2 200 text2.png
s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/ Frame D001 3 KB
3 KB 166ms
164ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/text2.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f5d5e22119cc37b026b03a2b1bda3badc59764774244a40b1f271faf5d02f016

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx0000037293a750ad580b2-00637b83c4-3293868f-default
etag: "c0b310c33bc1c23a53aa84ab845a471a"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2735

GET
H2 200 stoerer.png
s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/ Frame D001 9 KB
10 KB 172ms
170ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/stoerer.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 6d56f2dfcbcdfea9405b8b96738f3afe82a818c435c8c1cc849cdb7f2a950523

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx0000067981fe7ca4e61eb-00637b83c4-329354d9-default
etag: "49690d20023d613d9f38ffa3b50c2099"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 9597

GET
H2 200 CSSPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame D001 38 KB
14 KB 146ms
52ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1163207
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13669
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-9833"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WoXsNidk7zb7Tuvrpzy3f2BXQZUeRKJCiqEW6Uq0peCU54ta%2B0OfhE24wTrgES6ZpaIp7doVOtcvmsnM9ax2b0wRqIZniNazlFoa9yP1WzGJfPllNHkR5VetTXDD8SbTiH9w%2FDco%2B838rdrZ3kpyBasS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 76f7e0917997743b-LHR
expires: Wed, 15 Nov 2023 05:10:19 GMT

GET
H2 200 EasePack.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame D001 5 KB
2 KB 142ms
48ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3739629
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1730
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-146f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iJtocfvJmO5JazHfHpmQFzWfUME2cS9ThPVXTPJUMOPWAuoC8FR12afrMsbwz06ck76wA8otO%2B3rfTe1BOBzU3x4VaP4mc7WiIGF%2BVEgvwv%2F5BD1mkBVzs8K2iZpXjGh3TFIVlRuuzV2uSA6r4A6luci"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 76f7e0917998743b-LHR
expires: Wed, 15 Nov 2023 05:10:19 GMT

GET
H2 200 TweenLite.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame D001 26 KB
9 KB 143ms
49ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 14637017
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8578
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-697f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JTdDPTyc85Y%2FxhQg1ntqe4OCJQ0010SqbrlbfgNaA98F0MGW6os3Fd8ZVirUagF4nOllDArvwGdtV0RzHxwQtYDzjs7%2FIt6b9F5g9UXW3U4P%2FUFq1diPKHgdkAVYbQRtIXXIGuMfX7LOPtQy1uip7NdY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 76f7e0917999743b-LHR
expires: Wed, 15 Nov 2023 05:10:19 GMT

GET
H2 200 script.js Show response
s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/ Frame D001 7 KB
2 KB 83ms
81ms Script
application/x-javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12038844/bvpath_258/script.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: c96f4063d1cf1a521e922a223dc86798005e0b037683ba4f1cc71f73512d3034

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:18 GMT
content-encoding: gzip
last-modified: Fri, 18 Nov 2022 13:30:36 GMT
server: nginx
x-amz-request-id: tx00000bb22969ccb14ad86-00637b7258-329354d9-default
etag: W/"4da7e1eb43e4b23120658e69e734dbec"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/ 150 KB
51 KB 82ms
82ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/reactive_library_fy2021.js?bust=31070969

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9952ed293c7f1ff35579d96e40e5599b6b90728692c5f159b231be8ab8d0b711

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52276
x-xss-protection: 0
server: cafe
etag: 17491097330668206842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 25 Nov 2022 05:10:19 GMT

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/ Frame 6B20 0
145 B 54ms
54ms XHR
text/plain 52.19.198.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/postback?di=https%3A%2F%2Flegas.com.ua&ac=1251366&ci=619621&dt=6196211556140246740000&ti=8665791238723941630&cr=11147611&c1=12673720&r1=2a01%3A4a0%3A2c%3A%3A&r2=&ui=a8a08016-0000-0000-0000-000000000000&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&ai=215543&r3=&pd=avt&ap=&de=43003&si=406632678&dm=300x250&sid=AafxYocQEPNNPfOV&oz_sc=0507b9224bc4e554ab6e3e00&oz_df=1669353019110&oz_l=511&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.82.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.19.198.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-198-230.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 25 Nov 2022 05:10:18 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 NXl17KkqDoN.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/y8/l/en_US/ Frame CFCE 541 KB
141 KB 62ms
60ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/y8/l/en_US/NXl17KkqDoN.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df15def152a13a24%26domain%3Dlegas.com.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Flegas.com.ua%252Ff223b2ea35a6878%26relation%3Dparent.parent&container_width=300&href=http%3A%2F%2Flegas.com.ua%2F&layout=standard&locale=en_US&sdk=joey&share=true&show_faces=true&width=230

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

54f28896954199de4b7f4d570a152f04844bfa027034442d9a99c26937c3924b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 6JEiZxe8IU/5PKi8i9rwNA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 143965
x-fb-rlafr: 0
x-fb-debug: RfuxF9JQuSoSN6/XfOJnx54oUpaecit7gya0PSt4fjPqIrxJZgloh2BQDzZQ4E8DkvnPgnhYsSkjEa2yWatIdg==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Mon, 13 Nov 2023 00:26:49 GMT

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame CFCE 299 B
545 B 58ms
57ms Image
image/png 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-rlafr: 0
x-fb-debug: ZLYT4PEMg5JdZaOWAUC2M3vZoNvtGxuZyMvmu9sIps/MCavUenTwtfr3cpqBLvBsVCrkkJpvKY5Jd7oigIxliw==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Fri, 24 Nov 2023 06:12:41 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 64ms
64ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=legas.com.ua

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 63ms
63ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=legas.com.ua

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/ Frame 5EB4 10 KB
4 KB 57ms
57ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 28733
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 24 Nov 2022 21:11:26 GMT
etag: 10353107486223812946
expires: Thu, 08 Dec 2022 21:11:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/ Frame BE49 10 KB
4 KB 57ms
56ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 28733
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 24 Nov 2022 21:11:26 GMT
etag: 10353107486223812946
expires: Thu, 08 Dec 2022 21:11:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/ Frame 6B20 0
145 B 54ms
54ms XHR
text/plain 52.19.198.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.82.0/619621/AafxYocQEPNNPfOV/postback?di=https%3A%2F%2Flegas.com.ua&ac=1251366&ci=619621&dt=6196211556140246740000&ti=8665791238723941630&cr=11147611&c1=12673720&r1=2a01%3A4a0%3A2c%3A%3A&r2=&ui=a8a08016-0000-0000-0000-000000000000&pv=ed5690d4-ae35-46c5-a5b0-24832fefdcad&pp=pub-8431813121812491&sr=4&ai=215543&r3=&pd=avt&ap=&de=43003&si=406632678&dm=300x250&sid=AafxYocQEPNNPfOV&oz_sc=0507b9224bc4e554ab6e3e00&oz_df=1669353019265&oz_l=487&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.82.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.19.198.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-198-230.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 25 Nov 2022 05:10:18 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 css2
fonts.googleapis.com/ Frame 5EB4 4 KB
636 B 174ms
64ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 25 Nov 2022 05:10:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 04:48:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Nov 2022 05:10:19 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/ Frame 5EB4 19 KB
8 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

578d39c8cc926851f5be1195f339d26cbbf239f2f7cac8b55b349276514b85fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 11:55:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62104
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8086
x-xss-protection: 0
server: cafe
etag: 7427986489964165156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 11:55:15 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 674C 624 B
242 B 68ms
68ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNUdA1qWTVOlastp_aI7d_wuKOPCJ5vCIzbVUbpkSwzCF8Ot4-cfcGj3GAlrPnOm029VK5lipg6OGJ6qEizmwwoXDgnoD-7-17gzFObN4MGFeRUJlkkE94cTMOhZU2Ap5hCe2_lmg4zi1iXBLz23a8QayLIsaOqVEwRtpjTa_IJc4bMlq58

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 05:10:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7676 85 KB
35 KB 111ms
110ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D3QjmqrxL1QoiGxFs9OXpPQAvAZPjwxWXabLqpNx6QwkHV-D304VntnEHqPsQqI1CATtEeYDNvTCBfEbo1L_AZhKSlYxUXMvzAgiZ5jAP1a0fIENqxw51lID7z1mKqp3IgSQw-o1DA3akpnPROpVq_YLBTa0AJov10uQsznXLAI563xY4&dbm_d=AKAmf-CTZUV_n0IAGSwlmfFAlT3bnuGfCfuLTspgFqzYthDBmdumnMOtgDsBP0fFSlBSEOf-rWPXczGOe__qNLdz7CL0kuE0_ITCFQ1MU9toXOlTJM2fCb7Q4jdcJnbjV4NkxL-tBlPGgmfnkLfyoWQWIfxiGAuPolbF5h3qBn7ju_Dx9pVQ1TiRsrRGtjBIs4HwOmZ2pN8qbor2_XCIxULeuewmb0K7MWGvJp40l3Y7PBNhvdosqFjawl2pbfeRfaVT-g8kcDqr4sLFj_x8uZGlXg-5UOH1bpIeNfTcl2hTBleLzohMQj5yS_QXqNAG89uHCyGTcKMCrqqsvs41sjQPOYpcZ1LM-MXNfG24fT9FGVREXdqmAMxus6y-r3cjNcd_TtSJTBgIcXH1Mxhniwkdv53NkqGVNFEzjIqsAs_1JNwiVtMiH4ANq7mBqxgURD7z-3Aq9to9ewwGgBIzZ3CVymQK1GQULSnWg_0Swq0AXbJsRWp419Y_-gsjDaBAPo1lbUxOna9x46Qgn1TFcO-X7wZxp0DQlg3CBFo9kcSM0w5Op6122bmsK3PBRxP5Q247pB2HenHA8XFyUNWltN-DFPCDx5QrqnIgYl23dJJ546-Q5VXMy_6QTbHEMU9_IwYK0T-6oyfbE43lVgGyJCu-CgILM90LFK6bSxR_9l9pdsQpi24lWOStnmQ1P47l2Pk1XgPyeJRO_9JQ5F4mXxbDzQIKPSPK9JzRjqP44m6H-vEm9rjX8FU0V57rmEbIFv41cmGSM2KlcJJIm-HT2fNDhCPVmyGtRayEVHw99xUE8X2BxoMP7HRsI1DnHlLWioWnBmTC7q24tdeqzlt2W_yCdt4jy7QGWMpMlkAGP9o1Tef8kkbRJGuNsj2sxy5xRweqM3k46SJG-16gmK_VWMRC4mr5E9vxixxNoJLFYsTXKkcIpwZzlqt67gKtHd7vhggAfmchtrfVr3LDq7JLSLi63kXS2wxCz52Fn-S0AIat8Ny02vzu7IlE_WdZZSwLUM_ui5XS42mNZPtrJg_-DrUbpobtghHp2ZP65Gxw6ySIElsPa8h7fGIr3O3oxSQfNUEvT7hfPQkt9blvYZ_epWIuoWMGhLt02zswXXjWHR64wMnUOSKg7SIuollI1-5iHvU4KQVE8-5GlLFJwoDXAlFrAoGcY5j215ATDprXWRxEAbDvg8_ce5TnrjBOcE1qv5ziHJGzUrVNT85I2M2RCrZMSU8huShNLAh6M_wds6xrmfHI8sXmknn7wySykytE_PUrxGkqt_QHlZw82rj-huDeELmeTBh954Pc4zwfOTLoAhOUAw1b6ZGuXfGi-oILSdZrdNIRY8XPlRHGXXmdXgMen61hazBUU2dOZ4DuuJTHt7FoZ_vBJc45DnnfoSHNepO1rR57hdFiA60Dvo-QFJFz7oeqysYDJS5XCYonj7WgU8e0nerriGz-VbIm6sxMA2OVr1_IoahpGFbxg4dqCnoxZJKrVXbDcONxajj_rVAIsq984SENL3-8ykOQKrEe24032jaZbsQ1SvZXvyCB8OD6c-xdb7gHyjRq3x838ki2x7YVgdg3uTWWY1JBmXWaqVswmXMoSVuDs7xZ8ZUxq5O-5lmKmlMCul87_rTawfZ-R2deWu9YiamGt3OWvG7JTY5Cz-v1cfAXhjj2v46mXyk8Yn2-ynKOHjAKFD2OxCN6fDvaHPmmbhtUG6Et_0Wcd0JSewTH3urCwmcjyH3Z7DGXH1uvvwuGZkH9mS0CObk-Q4YqqSUL7sC5rysAOY036VXQPs23rjjnA_82UEIrrmiznc6v4Px3mlxva9E4bua7eTeRu6I9_fho5J49kqhVfsuabvf1WvxM12zTXiSZ8cmglOsHGL-4t5e3gTtEOBUxzTDvAwiELTI3KHxM7gGh-C-2Ltvo2g-pgp9EK3-3xcud-6Kj0umKr8Qz3vRGkk8nki36ncDMGeNfaBk5CfK7pqm0T-QWPFavM-SidIqN4Dlun87NUECqFeql8HGQgjBWIGSRB4_e9DhjHHY1envxw38NG6GMiK1leeEXOm4Cz4lqirA5A-B4-c1cNub4fnHn6XAyG7hT_mpKT1pj-0QwWaz1GI3s5lrgbxpznxBSRhYSOOPLPvYYlbExfq8ghRqi8vPgHf-dQBjHfUhrPoeT_PmR3gJfVMQGmMID6Bb_ntVSc4Xm6icpE8ksIeAtEgWH3gNzzg8MWVPOv5WlTYCavwU1uGR7-qxMOBW-KY7-FQQDOJ3MaydHfQRr1LrHVcRrFeTyb2jPxZ22h0_LKkh05cO7QHvwtGJWgE1u4WK7Xuk0g-gCgxv1DLEu15ZkUBFKLskn8Hqxn6gMm_C63hMPfRa6hxXKQp3SIWY-1XzhtMXs5sO1WaFC88sNcWXBZL7xB6YAoADqnXhfvomPLb44Az1oQIvuSb2bzsYrVFlI2w70THWyMNaa_NWrZhSrqhwYaISbS1vqbDwayJe0k8aqOp2K4ty4_N_BE74L0oKmFNQ9rwllJA-XxLHlUqRLuqlnww3YatdehZNtG_bN0VSoxYdOTNSqP5_1CMKYsFozUL1PU4W9BD1B1DltBtWeUydXIGHayZ4ju83vF1B4mhUWlM2-pOSTuU7jD7n3qmPdP1otYkZ4tHqwRW7_nEgC_1pfpBYaVtYg99CZ6dd3NKUMcHyU6VZhgDeyk38X6LSFqfXStJYnlwdcRQ-_VhMbOFmmIjwlxsbcOZekgq5LJJxY9-HsCUUL36ReCXpHkqEy80VQZmy2B4sF59B904ZHeNui_C_S20FQgV5riBtDHqrASATGZX4ePjgRFhH74oUNwZCHY7yOf7CNXWepOjzZBeqFeUncg5SNcSbEfNOllDa9gtSVjzCO_G24kKdKM6ALqhSKt8fcVdGcJunQ_QP8D18SCoyc7iz5_oBAnebYIcTmjxGOfyzkMs9s9OOzC-lFnwv9F-Hj2TG8W3XERgIY1nWgf3GB_VSgKa2wFfIo8GKgsDOMd4PxaL-tLvcJtdEJ5ojdHRYnJotJF5tj7eTX_4Jg_J37Qtpq0HcpthtA24cN4Cf6yJ--put0OYzdxg0FLkgt5TngcmB5SbXrpBT7GXObHli6kCfvnfV9VNRFUTcvg0qdDv--LztWRVMjbQ62wCun5dy4ZAtJJxOUiDzIXRTcF1GMyAUk_MfE30-miZGAQb11l9r_XvBKHOoYoIDS5J6Z37vzODmAljVSdhhFtSo3KtmftTjUBauSdHO_rV5y0k-LIzlOyAz_qbNcY5DfsUr-aYODKzH2Fnk4ft8yibe9q3nDWI-9F9Hy0N6sCwRAe7vxbzRe3topFzLnWUcn59kAak1_J0ffmfQE-UXajHn3RW-9nwODH1Z0XO-u9sB6zTPb39e00afqFwHG_yfnMAALL-EL9uVZvsYCgXk_YgGc-3FjdRlu8wQRjJZs-DssNfUau9EFc0-_D6-zYUF6PY8ahNIQ0j9AMShqFDk5bT05LGNLpMDIz9-3gbhDAssiaYPUmO46HHgUi29hv_EbI6b8UyA7x86YH7rHKscN2O1hgKRoGfAw56lekVW-TOjFzpxXU4jtcHnhMrN_ysT-otYsQNCo-KSAt9Nf6k0zasjdDRzenQsPEnQ70Gc4o_b-Y4gJR6D8G5U2mtNEWvtZGkLWmb98XO4H7bxP-sxu0LJbw8XsUmgspYR0RGV1tzRUuwkRiT1Iep6eNZhNGclLaWREVgQFzrLiidY0-G8uGsa-gMguDfpAvnPV1vgmYoZtozCUCYCMlA2o&cid=CAQSOwDq26N9hxioGh9bOXkVSCfzyHDuv32_XoFbguJD8RnFyJ2aX5Z6TQDVnuUoJxsOpYaKs0id9VBoTTZVGAEgEw&rfl=2%2Chttps%253A%252F%252Flegas.com.ua%252F%240

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e09f73bae2feb96ab9f1f7434938b18cc9d3d776047c701a387103f40a4e963c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35892
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 7676 3 KB
1 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 20:49:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30043
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 20:49:36 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 7676 18 KB
7 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 16:34:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45367
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 16:34:12 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7676 0
0 186ms
75ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSdx9EmOx8QjpS8kOslf1L1SeO5sEY-o8QO0IbmZ9BpXXwnSoJvFV0VtvXsk13ESsLmOVnw8h9yHDSeH9WKn5vjYVcecA
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7676 154 KB
47 KB 184ms
68ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 05:10:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7676 42 B
63 B 92ms
90ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C1eSsBGDGw-URLZKY0T2wbzQ91vfzvFnE6RvlwCAAz5umCCjNSU8fGI_KHkiO2mBsc-I6LlpBO5fFUW8bUc61sp17ymCgR2GR-k4xaZHl0EyTBVGE

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900026.redintelligence.net/ Frame 571B 0
150 B 194ms
75ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/viewability?s=11162600010773006352827012154026&a=cae98655&vb=v
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=11162600010773006352827012154026&a=aa6192c0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900026.redintelligence.net/request_content.php?s=11162600010773006352827012154026&a=aa6192c0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Nov 2022 05:10:19 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 674C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC0iuh6P5QwokxPbHoI62I4&google_cver=1

43 B
766 B

103ms
54ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC0iuh6P5QwokxPbHoI62I4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNUdA1qWTVOlastp_aI7d_wuKOPCJ5vCIzbVUbpkSwzCF8Ot4-cfcGj3GAlrPnOm029VK5lipg6OGJ6qEizmwwoXDgnoD-7-17gzFObN4MGFeRUJlkkE94cTMOhZU2Ap5hCe2_lmg4zi1iXBLz23a8QayLIsaOqVEwRtpjTa_IJc4bMlq58
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Nov 2022 05:10:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC0iuh6P5QwokxPbHoI62I4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 674C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y4BOO6q71zLOKv1Z4u-igQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC0iuh6P5QwokxPbHoI62I4&google_cver=1

43 B
894 B

55ms
54ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC0iuh6P5QwokxPbHoI62I4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNUdA1qWTVOlastp_aI7d_wuKOPCJ5vCIzbVUbpkSwzCF8Ot4-cfcGj3GAlrPnOm029VK5lipg6OGJ6qEizmwwoXDgnoD-7-17gzFObN4MGFeRUJlkkE94cTMOhZU2Ap5hCe2_lmg4zi1iXBLz23a8QayLIsaOqVEwRtpjTa_IJc4bMlq58
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Nov 2022 05:10:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC0iuh6P5QwokxPbHoI62I4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 674C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEFJnmYpOLPPX8uwTX9tPmK4&google_cver=1

43 B
1016 B

102ms
57ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEFJnmYpOLPPX8uwTX9tPmK4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNUdA1qWTVOlastp_aI7d_wuKOPCJ5vCIzbVUbpkSwzCF8Ot4-cfcGj3GAlrPnOm029VK5lipg6OGJ6qEizmwwoXDgnoD-7-17gzFObN4MGFeRUJlkkE94cTMOhZU2Ap5hCe2_lmg4zi1iXBLz23a8QayLIsaOqVEwRtpjTa_IJc4bMlq58

Protocol

HTTP/1.1

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Nov 2022 05:10:19 GMT
AN-X-Request-Uuid: cc5ee8c9-a1e8-4c8c-83a4-46e586f53504
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEFJnmYpOLPPX8uwTX9tPmK4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 674C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY3MjU3NTIyNjY5MTE5ODExNw%3D%3D

170 B
188 B

155ms
64ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY3MjU3NTIyNjY5MTE5ODExNw%3D%3D

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 25 Nov 2022 05:10:19 GMT
AN-X-Request-Uuid: f06ca0a8-b2b4-40c4-895c-94b2f9bc14f9
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY3MjU3NTIyNjY5MTE5ODExNw%3D%3D
Connection: keep-alive
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6771 13 KB
5 KB 61ms
60ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 26693
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 24 Nov 2022 21:45:26 GMT
expires: Fri, 24 Nov 2023 21:45:26 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7ADC 783 B
534 B 103ms
103ms Document
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a10851c4cafb53a3edd9dd210ae393479d0e00873523f8103a2c87b35866d8f3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rcUHB5MPJ3sCsBu0P8AdgA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-rcUHB5MPJ3sCsBu0P8AdgA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 05:10:19 GMT
expires: Fri, 25 Nov 2022 05:10:19 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 7676 170 KB
59 KB 240ms
56ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 16:47:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44582
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 25 Nov 2022 16:47:17 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/ Frame 7676 8 KB
3 KB 90ms
90ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D3QjmqrxL1QoiGxFs9OXpPQAvAZPjwxWXabLqpNx6QwkHV-D304VntnEHqPsQqI1CATtEeYDNvTCBfEbo1L_AZhKSlYxUXMvzAgiZ5jAP1a0fIENqxw51lID7z1mKqp3IgSQw-o1DA3akpnPROpVq_YLBTa0AJov10uQsznXLAI563xY4&dbm_d=AKAmf-CTZUV_n0IAGSwlmfFAlT3bnuGfCfuLTspgFqzYthDBmdumnMOtgDsBP0fFSlBSEOf-rWPXczGOe__qNLdz7CL0kuE0_ITCFQ1MU9toXOlTJM2fCb7Q4jdcJnbjV4NkxL-tBlPGgmfnkLfyoWQWIfxiGAuPolbF5h3qBn7ju_Dx9pVQ1TiRsrRGtjBIs4HwOmZ2pN8qbor2_XCIxULeuewmb0K7MWGvJp40l3Y7PBNhvdosqFjawl2pbfeRfaVT-g8kcDqr4sLFj_x8uZGlXg-5UOH1bpIeNfTcl2hTBleLzohMQj5yS_QXqNAG89uHCyGTcKMCrqqsvs41sjQPOYpcZ1LM-MXNfG24fT9FGVREXdqmAMxus6y-r3cjNcd_TtSJTBgIcXH1Mxhniwkdv53NkqGVNFEzjIqsAs_1JNwiVtMiH4ANq7mBqxgURD7z-3Aq9to9ewwGgBIzZ3CVymQK1GQULSnWg_0Swq0AXbJsRWp419Y_-gsjDaBAPo1lbUxOna9x46Qgn1TFcO-X7wZxp0DQlg3CBFo9kcSM0w5Op6122bmsK3PBRxP5Q247pB2HenHA8XFyUNWltN-DFPCDx5QrqnIgYl23dJJ546-Q5VXMy_6QTbHEMU9_IwYK0T-6oyfbE43lVgGyJCu-CgILM90LFK6bSxR_9l9pdsQpi24lWOStnmQ1P47l2Pk1XgPyeJRO_9JQ5F4mXxbDzQIKPSPK9JzRjqP44m6H-vEm9rjX8FU0V57rmEbIFv41cmGSM2KlcJJIm-HT2fNDhCPVmyGtRayEVHw99xUE8X2BxoMP7HRsI1DnHlLWioWnBmTC7q24tdeqzlt2W_yCdt4jy7QGWMpMlkAGP9o1Tef8kkbRJGuNsj2sxy5xRweqM3k46SJG-16gmK_VWMRC4mr5E9vxixxNoJLFYsTXKkcIpwZzlqt67gKtHd7vhggAfmchtrfVr3LDq7JLSLi63kXS2wxCz52Fn-S0AIat8Ny02vzu7IlE_WdZZSwLUM_ui5XS42mNZPtrJg_-DrUbpobtghHp2ZP65Gxw6ySIElsPa8h7fGIr3O3oxSQfNUEvT7hfPQkt9blvYZ_epWIuoWMGhLt02zswXXjWHR64wMnUOSKg7SIuollI1-5iHvU4KQVE8-5GlLFJwoDXAlFrAoGcY5j215ATDprXWRxEAbDvg8_ce5TnrjBOcE1qv5ziHJGzUrVNT85I2M2RCrZMSU8huShNLAh6M_wds6xrmfHI8sXmknn7wySykytE_PUrxGkqt_QHlZw82rj-huDeELmeTBh954Pc4zwfOTLoAhOUAw1b6ZGuXfGi-oILSdZrdNIRY8XPlRHGXXmdXgMen61hazBUU2dOZ4DuuJTHt7FoZ_vBJc45DnnfoSHNepO1rR57hdFiA60Dvo-QFJFz7oeqysYDJS5XCYonj7WgU8e0nerriGz-VbIm6sxMA2OVr1_IoahpGFbxg4dqCnoxZJKrVXbDcONxajj_rVAIsq984SENL3-8ykOQKrEe24032jaZbsQ1SvZXvyCB8OD6c-xdb7gHyjRq3x838ki2x7YVgdg3uTWWY1JBmXWaqVswmXMoSVuDs7xZ8ZUxq5O-5lmKmlMCul87_rTawfZ-R2deWu9YiamGt3OWvG7JTY5Cz-v1cfAXhjj2v46mXyk8Yn2-ynKOHjAKFD2OxCN6fDvaHPmmbhtUG6Et_0Wcd0JSewTH3urCwmcjyH3Z7DGXH1uvvwuGZkH9mS0CObk-Q4YqqSUL7sC5rysAOY036VXQPs23rjjnA_82UEIrrmiznc6v4Px3mlxva9E4bua7eTeRu6I9_fho5J49kqhVfsuabvf1WvxM12zTXiSZ8cmglOsHGL-4t5e3gTtEOBUxzTDvAwiELTI3KHxM7gGh-C-2Ltvo2g-pgp9EK3-3xcud-6Kj0umKr8Qz3vRGkk8nki36ncDMGeNfaBk5CfK7pqm0T-QWPFavM-SidIqN4Dlun87NUECqFeql8HGQgjBWIGSRB4_e9DhjHHY1envxw38NG6GMiK1leeEXOm4Cz4lqirA5A-B4-c1cNub4fnHn6XAyG7hT_mpKT1pj-0QwWaz1GI3s5lrgbxpznxBSRhYSOOPLPvYYlbExfq8ghRqi8vPgHf-dQBjHfUhrPoeT_PmR3gJfVMQGmMID6Bb_ntVSc4Xm6icpE8ksIeAtEgWH3gNzzg8MWVPOv5WlTYCavwU1uGR7-qxMOBW-KY7-FQQDOJ3MaydHfQRr1LrHVcRrFeTyb2jPxZ22h0_LKkh05cO7QHvwtGJWgE1u4WK7Xuk0g-gCgxv1DLEu15ZkUBFKLskn8Hqxn6gMm_C63hMPfRa6hxXKQp3SIWY-1XzhtMXs5sO1WaFC88sNcWXBZL7xB6YAoADqnXhfvomPLb44Az1oQIvuSb2bzsYrVFlI2w70THWyMNaa_NWrZhSrqhwYaISbS1vqbDwayJe0k8aqOp2K4ty4_N_BE74L0oKmFNQ9rwllJA-XxLHlUqRLuqlnww3YatdehZNtG_bN0VSoxYdOTNSqP5_1CMKYsFozUL1PU4W9BD1B1DltBtWeUydXIGHayZ4ju83vF1B4mhUWlM2-pOSTuU7jD7n3qmPdP1otYkZ4tHqwRW7_nEgC_1pfpBYaVtYg99CZ6dd3NKUMcHyU6VZhgDeyk38X6LSFqfXStJYnlwdcRQ-_VhMbOFmmIjwlxsbcOZekgq5LJJxY9-HsCUUL36ReCXpHkqEy80VQZmy2B4sF59B904ZHeNui_C_S20FQgV5riBtDHqrASATGZX4ePjgRFhH74oUNwZCHY7yOf7CNXWepOjzZBeqFeUncg5SNcSbEfNOllDa9gtSVjzCO_G24kKdKM6ALqhSKt8fcVdGcJunQ_QP8D18SCoyc7iz5_oBAnebYIcTmjxGOfyzkMs9s9OOzC-lFnwv9F-Hj2TG8W3XERgIY1nWgf3GB_VSgKa2wFfIo8GKgsDOMd4PxaL-tLvcJtdEJ5ojdHRYnJotJF5tj7eTX_4Jg_J37Qtpq0HcpthtA24cN4Cf6yJ--put0OYzdxg0FLkgt5TngcmB5SbXrpBT7GXObHli6kCfvnfV9VNRFUTcvg0qdDv--LztWRVMjbQ62wCun5dy4ZAtJJxOUiDzIXRTcF1GMyAUk_MfE30-miZGAQb11l9r_XvBKHOoYoIDS5J6Z37vzODmAljVSdhhFtSo3KtmftTjUBauSdHO_rV5y0k-LIzlOyAz_qbNcY5DfsUr-aYODKzH2Fnk4ft8yibe9q3nDWI-9F9Hy0N6sCwRAe7vxbzRe3topFzLnWUcn59kAak1_J0ffmfQE-UXajHn3RW-9nwODH1Z0XO-u9sB6zTPb39e00afqFwHG_yfnMAALL-EL9uVZvsYCgXk_YgGc-3FjdRlu8wQRjJZs-DssNfUau9EFc0-_D6-zYUF6PY8ahNIQ0j9AMShqFDk5bT05LGNLpMDIz9-3gbhDAssiaYPUmO46HHgUi29hv_EbI6b8UyA7x86YH7rHKscN2O1hgKRoGfAw56lekVW-TOjFzpxXU4jtcHnhMrN_ysT-otYsQNCo-KSAt9Nf6k0zasjdDRzenQsPEnQ70Gc4o_b-Y4gJR6D8G5U2mtNEWvtZGkLWmb98XO4H7bxP-sxu0LJbw8XsUmgspYR0RGV1tzRUuwkRiT1Iep6eNZhNGclLaWREVgQFzrLiidY0-G8uGsa-gMguDfpAvnPV1vgmYoZtozCUCYCMlA2o&cid=CAQSOwDq26N9hxioGh9bOXkVSCfzyHDuv32_XoFbguJD8RnFyJ2aX5Z6TQDVnuUoJxsOpYaKs0id9VBoTTZVGAEgEw&rfl=2%2Chttps%253A%252F%252Flegas.com.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 16:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45548
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 16:31:11 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame 7676 29 KB
11 KB 89ms
88ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 13:36:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56033
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11206
x-xss-protection: 0
server: cafe
etag: 16690196781007480285
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 13:36:26 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame BC98 23 KB
9 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 11:28:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63702
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9428
x-xss-protection: 0
server: cafe
etag: 246362764157784863
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 11:28:37 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame BC98 8 KB
716 B 74ms
73ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 25 Nov 2022 05:10:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 03:41:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Nov 2022 05:10:19 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20221114_RC00/ Frame BC98 14 KB
3 KB 208ms
53ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20221114_RC00/outstream.min.css

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 19 Nov 2022 10:02:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 500885
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Mon, 14 Nov 2022 11:42:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Nov 2023 10:02:14 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20221114_RC00/ Frame BC98 388 KB
131 KB 210ms
55ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20221114_RC00/outstream.min.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

101b8d837f8e01156fc293db1932eead16c29f9f16da622bfa89f394fbfd1273

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 19 Nov 2022 10:02:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 500884
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 134376
x-xss-protection: 0
last-modified: Mon, 14 Nov 2022 11:42:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Nov 2023 10:02:15 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame BC98 18 KB
7 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 16:34:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45367
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 16:34:12 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BC98 0
0 74ms
73ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTGCtvBAQe2YKREvB7QW7rYKUqZyxbGxAknAWeHMP4LZZBi-ukEHLEfCm2hUJ5dR6YLoU58f0b_R1alY2ZvOrfGVh3sEw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7676 41 KB
15 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 11:55:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 234899
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Nov 2023 11:55:20 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D6E3 1 KB
643 B 57ms
57ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 47643
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 24 Nov 2022 15:56:16 GMT
etag: 48472445140208031
expires: Fri, 25 Nov 2022 15:56:16 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7676 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4dfdbdf440119e6927bf643d64cc28c48552cd707acab84cfd66aaec6cd463e0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js Show response
pagead2.googlesyndication.com/bg/ Frame 6771 36 KB
16 KB 60ms
57ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 18:46:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123805
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16085
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 23 Nov 2023 18:46:54 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7ADC 0
0 95ms
92ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221110&jk=2614634184975198&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 63BB 22 KB
8 KB 55ms
53ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 234899
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 11:55:20 GMT
expires: Wed, 22 Nov 2023 11:55:20 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame D6E3 35 B
463 B 194ms
61ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEM0bAqayRZrBSX237Zf95R8&google_cver=1&google_push=ASkJ3Fb5Hnu3xnRxpST1BbCE1ZL2WB25WM17i5Woesl51mR-HSBNs-m-k_3yNbPO_vAo-jETdt90SaOPuAURKrFePeiTa0xUHQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame D6E3 43 B
350 B 186ms
65ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEOf7FNxDAabaZ9sUx8JGgIw&google_cver=1&google_push=ASkJ3FYka7Q6q9h5ZhyKEeYLEMphQO_4qtehqasf3OMuhLEU8xzWzbQSG9Dn3EfFJYsmF3fKtziTEgFx3VfD_8sM0P9kjAeLuvc
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: e7v213vo74nuf4uja2iiv1pm70imb0pe

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D6E3
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=P5eVgRJFQFacobx_qiA3NA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

70ms
70ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=P5eVgRJFQFacobx_qiA3NA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FaUBoSdIdX5U5-v_pxmV7OqaFEffmtVFb_d3aePRq13rYFQw7OReIK1gujeJybFIdcnCEQTsTvmARnqFmJsM3q36cRYo6g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=P5eVgRJFQFacobx_qiA3NA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FaUBoSdIdX5U5-v_pxmV7OqaFEffmtVFb_d3aePRq13rYFQw7OReIK1gujeJybFIdcnCEQTsTvmARnqFmJsM3q36cRYo6g
date: Fri, 25 Nov 2022 05:10:19 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D6E3
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIHqBMK_jOVFlV1LkWbLQwU&google_cver=1&google_push=ASkJ3FYtf6UWte2UkETU1Pe7dzsbAJthpBZ75-gspT135bNFgu4oxbySfo-T34FRMMz8p4C0i_V...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEFXMU9QVVotMVktNVdFRQ==&google_push=ASkJ3FYtf6UWte2UkETU1Pe7dzsbAJthpBZ75-gspT135bNFgu4oxbySfo-T34FRMMz8p4C0i_VKWI_-v9idB0gMuE0uySdu-uU

170 B
188 B

70ms
70ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEFXMU9QVVotMVktNVdFRQ==&google_push=ASkJ3FYtf6UWte2UkETU1Pe7dzsbAJthpBZ75-gspT135bNFgu4oxbySfo-T34FRMMz8p4C0i_VKWI_-v9idB0gMuE0uySdu-uU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEFXMU9QVVotMVktNVdFRQ==&google_push=ASkJ3FYtf6UWte2UkETU1Pe7dzsbAJthpBZ75-gspT135bNFgu4oxbySfo-T34FRMMz8p4C0i_VKWI_-v9idB0gMuE0uySdu-uU
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D6E3
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFmAq6gsN59c3kv_dZps1gI&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFmAq6gsN59c3kv_dZps1gI&google_hm=Y4BOO6q71zLOKv1Z4u_igQAADRkAAAAB&google_nid=index&google_push=ASkJ3FbqwVVEv3nJsyTQhXxmodzgOkxrirFwD...

170 B
188 B

65ms
65ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFmAq6gsN59c3kv_dZps1gI&google_hm=Y4BOO6q71zLOKv1Z4u_igQAADRkAAAAB&google_nid=index&google_push=ASkJ3FbqwVVEv3nJsyTQhXxmodzgOkxrirFwDuiFGr6cwmjFz9k7grB2VjtaHk9uvphBIY-X7uPzcxsLAHwIm8noycmRbiav2zQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TMdF7hoek%2FTa%2FDBA45XVtSvA6Czby5DTZQyQA8buuwDaNTbPJ1fBjSG2eNDHqS1bPDQCsf7O7FucrLNbvPNuInBaPIPSyCHCaVaTFRSkz0TE3yRw38X3OpE%2F%2FdrDmWC8BFvDFc18kL9pjw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFmAq6gsN59c3kv_dZps1gI&google_hm=Y4BOO6q71zLOKv1Z4u_igQAADRkAAAAB&google_nid=index&google_push=ASkJ3FbqwVVEv3nJsyTQhXxmodzgOkxrirFwDuiFGr6cwmjFz9k7grB2VjtaHk9uvphBIY-X7uPzcxsLAHwIm8noycmRbiav2zQ
cache-control: no-cache
cf-ray: 76f7e095baf8dd2b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 200 trk
ag.innovid.com/ Frame D6E3 43 B
296 B 261ms
45ms Image
image/gif 2a05:d01c:1d8:8100:3d7c:b3e5:1d0f:44c5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEGdEFZWgN6y8MzHU39dDw-o&google_cver=1&google_push=ASkJ3FYajLQOeLfyl7luG7RRPP9digiNbLsjUoEZk8Yvw6LKQDSTKQUV0rGocI0nYXNOvTaTcmc7bVY2EIdE6iK81foptMu0_4Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8100:3d7c:b3e5:1d0f:44c5 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
cache-control: no-cache
content-length: 43
request-time: 0
expires: -1

GET googleredir
googlecm.hit.gemius.pl/ Frame D6E3 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D6E3 0
12 B 173ms
62ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LPNQrfDiacWnCgXjpRpXHMyZWGD1hBannTF26J_PkMDGJ1-3zixVusAtXWFAuf8bYxdgetWg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js Show response
pagead2.googlesyndication.com/bg/ Frame 63BB 36 KB
16 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 18:46:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123805
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16085
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 23 Nov 2023 18:46:54 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6771 0
11 B 54ms
54ms Image
text/plain 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?IgA19Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:19 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/5224251314673392648/ Frame 40BF 15 KB
2 KB 191ms
75ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=worNpKXqZu&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8bf54e9be763ab5fad815c7266f841438bb56c7747cf54b7cc620673b497cd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2278
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 05:10:19 GMT
expires: Sat, 25 Nov 2023 05:10:19 GMT
last-modified: Wed, 14 Sep 2022 10:36:03 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7676 0
0 242ms
105ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDeBs-C9FBPspn_Dq078-arDbYZx_v7cUrj4KV_nN8tIJqyysLvxPu-515CPlPGAU9RGYZ763YZL8ZiMdvV_ocCKNPQkVRnDODp9hcSodUkgKHJx_eY7hphseO3p61vHL8EprIiJQsgDIuMDmxE9zIbPBKfnL_HDVtR_mKnFPsH77dY0vnNS3y3wvRwRpKrHbyX3ylFiIwAuYeSQzRXJO5RHuSw0G8_W5TO-fI2jRmlI_gMXhgAjbeopO5DRDfuXeNffmgcprzME7-OZ2gWS_jWe60h1h7BsrHngD1T1C-yG9BCOiCEwjNnoo84ZB__fDuJqMr1sSyge_1OYeWmenwwYLzorxjS5UWyT43XhvF2vA7OdX6FaulzvdeGS0YU8FAHMrDNeKtCOE-SNo8r1RLMAJFxHnbfQwLq_pti1rl_Rx0gMtbl7O-ZmjzXRy5p2ZwWTJuCw5DAipcKbaIKzZr04KBOghYzd5JbX2Vhnna0lULJmEWwBJI-wQjmgY4cPZT58YOMqDdCcOXEUuGyWQ_uFPHjFkRYO1uQmQ0uuEQFnHxixFaW1K6q20Mbh3zoW-H7-e_z_0DTJ_CDJZR3FfLfRuaevRA8uz11ym-5YTeu39UNwBSt-ythZwbKRW6UgeMCYdspLhc4YDOIrIOkuknMqsS3Ut67d25JQL3PlhT1hPptbWgR-PQN4t2XhO62-bOjsk3G5afTx0W42CL8NLAwaeBnlrhyKlAP4lkg1qgXzoWzheFQOWMCbpo1os79g54VW5LSqS5fb8hzOWVWOI5-zM6RGR1OFItU_J5UM9y3q9hIvvnw84Xa1jug1afVxYlA5KNPx993aqU0oH39gEkOwKLmK2HQ47R2562Dsg7IKqJqv8DXq4Xm8PPff8vlMMWLqK7ahvVcCSKzoXk0EL3OvJoQVpX_HScwcjgzWIjTV2yW-lqaha1W_P-yP7xQKi2TMCPhMTShlEuaj3juElqlSCLg5wU8Bs4f5HucoBK7fNWEWR25v7lldPcCdo8NAYknsPQxuLdvj0qCQf37G9_U95TC4MldJ3P6ee7netvl27NpglopNFxVgxGdo5j8gQrDxGwlS9-JJNOfUo4ODDni7Hewp5d1OHPPdtyT6ldin_68E-Fy7qLFdMnuGEgeUUnpq85t9R0vSXhfUlWLcItLffsbun7I5MFAo7Rv3hi8-AAXYeAY4faAMDAN6aj4QsUfZAfoudLfVLbJ660Q9LwyQqJiGKwv6MelvPmTDHnp4soWHRO7jRFO8g6ow&sai=AMfl-YRb6d5KBENx-HQbDnOojponDhnZ3Xr3OpgVYW_h1_oz0zygRF-wLTLNJR5srq82KcMOyCZI-U0n-BPFsd6jB-f6s2idkOFz2DWrts8ISNBcHb3FCHKVETcnh1XDeXhh7Sj-5CzvQo94jsg8kXk4fViPChKD70sMBoutweiYDNhKRPcgtlw4mCfBfhux4--CqCmnaBLvHrzB3zTz-GbhLlv508j8hfgY-vZ-reBxJ18x7I_DyIgJRjXZY8u4c3BaE2It7W44tqQ&sig=Cg0ArKJSzDq9Miyd4Pa7EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=366&cbvp=1&cstd=360&cisv=r20221110.00985&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 25 Nov 2022 05:10:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 25 Nov 2022 05:10:20 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame BC98 0
327 B 1260ms
462ms Ping
image/gif 2404:6800:4002:82e::2003

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~law1oput&c=5787683841919&slotId=2893841920959.5&qqid=CIrhxc3IyPsCFVLx7QodusYHRg&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20221114_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4002:82e::2003 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:20 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC98 0
20 B 98ms
97ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=ChJDnOk6AY4rcM9Litwe6jZ-wBODcma9t_uei7OwQ-IWFngsQASD5478ZYJUCyAEFqQKtCPZ2jVK0PqgDAcgDmwSqBIUCT9BwtrN0j9hazP2_7XA7_8Ol5dtyF5UfHBht-tdgqHZm2WL17lZG6AEKiLoppIFbsmLjDJMfHis5x-2FEgIGdHX49nvcQvijZntRaxcS8cuHD51aiE9gpa-bOVK8vbBj722ThW5nprz-woUZAyLTljMqWzI3zuINkMgWB131M4rsboB7NeSjozkYBs7X3SEFkdb4X5uIWHeIGK-jLHr2H1QfwIJwssIyl1M3qhwr6UOXoSGP-nFMAAdPu91L89ickK2T2YapH05iKKIbHXdYbRUd8KtIuJ2S8wjKHgkU-TjjuYZOOrskDKcOQ8UGBy0LcPteclo2SX5DqA8Vk0wzCc5FPyBXwASbjYDplATgBAOQBgGgBnaAB6b_24MBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB4AsBgAwBsBP3opcR2BMKiBQG2BQB0BUB-BYBgBcB&eventType=clickstring&clientTime=1669353019885&ai=ChJDnOk6AY4rcM9Litwe6jZ-wBODcma9t_uei7OwQ-IWFngsQASD5478ZYJUCyAEFqQKtCPZ2jVK0PqgDAcgDmwSqBIUCT9BwtrN0j9hazP2_7XA7_8Ol5dtyF5UfHBht-tdgqHZm2WL17lZG6AEKiLoppIFbsmLjDJMfHis5x-2FEgIGdHX49nvcQvijZntRaxcS8cuHD51aiE9gpa-bOVK8vbBj722ThW5nprz-woUZAyLTljMqWzI3zuINkMgWB131M4rsboB7NeSjozkYBs7X3SEFkdb4X5uIWHeIGK-jLHr2H1QfwIJwssIyl1M3qhwr6UOXoSGP-nFMAAdPu91L89ickK2T2YapH05iKKIbHXdYbRUd8KtIuJ2S8wjKHgkU-TjjuYZOOrskDKcOQ8UGBy0LcPteclo2SX5DqA8Vk0wzCc5FPyBXwASbjYDplATgBAOQBgGgBnaAB6b_24MBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB4AsBgAwBsBP3opcR2BMKiBQG2BQB0BUB-BYBgBcB

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame BC98 27 KB
16 KB 230ms
92ms XHR
text/xml 64.233.184.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-BDnb56yK4kjfm9cPMfYz9S3aqkxvRGPNoJ2LRYk5EwJ9ZkWmHeqAQnKYPaWQakQmUBeMMP9rM1eT2VbKHmMBD3rOccdw&cry=1&dbm_d=AKAmf-Ami6dOsuXcXqsjBLG1L8BZF-NWcu2zN2TUHiAj6wCbfLOk6Jew1vAjbwMpA7X3-LmtbvT0qg7o2rV0cke2Qgh8u8tcj-7ikuhiDkCxSxLqB9DjToTEGiA2oGKXBC404mKqmkYrbG9eJjqKabhzJyfOrV5PaB6rFymfzFbBgNqyvSBCSIcoMmlABJF24ZMeCX80Axlln_jyuyaYXzfjZi_UX94iVuc4-KHygYOKCWMuDsVbqzlQg1NQssHEnc7KQ4nAwIxZJY4HCy_Vo-a36EuhkXkwJ-aJ614M69UDpnXkTCcBdOAkMq0UtWsYiQrsYMdc0hAnqIisu5AV06O9WCc3C5mP6swJ9vcARpn_BXBWNROKXruWgy6gq-UaOq351DZHJWyHmFhJs7vDid_jZgtb4ABd_3_3brJ4-0vzIrl3mc34GyYntaulXcnX21Fwn1Rwi7Al0cRE7thArw74M1r1GgVtJRktl11Kn56esDsJCEYJRBZoGpMc3unM1jQJp-lLA933XWc2iueBLDI4AW9dOjo4fIXZWhYKgf7qV8WjI2eLtLPG24DvvOru_0_IL4QOelKOUfIbmpH6xeG2vG0kZwgqJX8dkZ-uas2Cb9MR3l-gtreSfs23Weiu5uWK6wCXgB7PPlrbBtvzq8rEXACTPTjq9TYnS9LZo5txQOpzvk1nxtW0pkIS9mDzvkiIZxnExeM7E-Jy9EpK05Y5ow0QS1KGvATcOMvOUdpwiYdy5J4Y3w5sYhlPcsSchAc4E2Hpr5fGFyX4SAg8mAhYWcw1Pq8R_yn1J6ou-NLdbAtz6LAcTBS1GN4Zf5tHphXiV-v-35-i7LV6tXSlXgwUssDpYsc8ef1chAgs2CQxNrA8OTxdB4TArWIr2f4bw6u7oor4naXxkDRN7v8laNab6wimgkzx64ZxvxgmPw4aiQ2byDs03cjEyerZuDUdSGZ313sRIaWUvhj_qVJ21fktD3EoVbUFu3JMb76P0Y9TyvYhG-gvjnQM1kqCxgr0znMn6KUxFqpIjfG1AVp-1jvCz6E9Btt-B_O_uF27jGy7RI_VcEOn7qhqLzcOZhD8vPK_cnUAslGam-xOW675G_x9mzXwY_4F0V_GeFVEu18-97FmKqyg5btuj1_TLa-NF3yO8-gFeQ2pW82kCHCuL7s5Pxe8L_2xXRDqFkMLC4t-_PNe8End-OrABCGblKt3vws0Ox1-SDLsyjQ3GtZ4QVphgz8z7EwMYcbjyz4du0Pf-M1P-8mTjal8lcyRDmuk8eBLIO9xfcph0nY5fawkL96Ir3poeBEwcWiKOzgjEz8P1AWIqqzIDbcaR5Pa6e6Ufm5ClK1T99cp6LYSAlM5BW9Ft-vtQTr8Qc8a8hTyg5mfpobOvVrBcLNNd8pzEj5cwc1mWm3tQ6Sp9jhAGfNS4_C_Vj5_Xp_o1gALC9bZ7rBdZRXVKmByuguo9xabA6CjUfLA6-W3cdqtXcKLzKtQIDtghO-9w-wFcxV9izrosuYIls430SOR6-4SlYaZ4_EUlx0MKgf-woOnoYwh9MaJtogSfEgDGr2kqhl6yx6yxvxJpkxEn21G1yAc9azYHrcANj_9D2bjmzZ3kmQ8eyqLVfknR0lIVHtQhPFFDHIW2-lKO6hKIKu3AtfrMgj4EF2G4Qocw7dWIvYTTKpqlfiLGv81lKpz0yryGeJxjd1RBP-T44SqQSipG61qWXsvnBRZtNscZb0UDAUpMQNsC0g6nJ3GCvaHXReU6tMSQfezBFWyLBlEeMepCIPAJQKaMjdolLeA50TD2CaLBwRw0pZIhgG69Ny2nZLXrad41idvni9c2kWkpT8HRCB6qLnLH2g_iwc1P1gpGt6CqJTf6nvcz3aI6jNJOQ3GQ8UykpAGn6ahkDlIWSJjj_NhYgZ0HOU2Lgz20Zom2EkKNudQFOLsxYEeB3ZQiPb32kCI5aOW65mtp_N7T0km9XGvaEMEuT_Tbznm9jCF6uPnrUUGdGsykuGFnS-oxn831rOom_1jdCTRS6TBjFYiR_qcDy3fZgY6szTXl_h06k2swrWjC995U9yamzh0Rav-vlR-fCAJNNR53OGfL2yhk0hLGTg__m7tyzPCBqM_sSyd6tSWfsPX3SPhDFoVx3g9MxSmQ7Ru0q3ujn7F4YCYdPvv_QXOjPvuqkPsB2Xei4WVFgun7rGAvxMuw3gCEVxStnaZJdLaoVYbznP1o-z1Zz2Plwsj_eYUyRtnE2BN1I_dF1bSAjX0TUY9Lp5NTF1vBWSlVBrvRVY83dhL9xBPlWt76pf79wdVHCFcuB91EjSN6Yy3HN3x4HEn2jhQn7Xr8iPiQgicdjdmwd4E4xhBLub8uJzkTpDs6VShUjfo2Rc3i-vySp4-qBam8LAKHjlwiCxbO52zAKRmVWx8yiFi-E-2pgJ-W9vXLxKGaa3JWFJrYMp7aw8sFcu2dFmba_osh93twOnJ3sulmZvLRluBhaMV6sDTNkhqJszIWJT_PXJEB1jfalZJ9imQHx6qGUTd2Z0bsWQ5B8u9kBCIK7XKltUp11UP8VC1c2HsGXXB2EF7OICvx9XwwlVeu9bMoLqILmB7DoHjq6OFlS5DsSwJjME3eFNKJnkgZSfMtOiRvWwWoAQEsdyV1-QSoBp9X4cqNNGW9CW-5zGmH6sdjUhSCS5H4E2K9sDxA1-PXeYd56SGUXTdFvPYKc1EdhPv-YpjVGtqhI9MSW89rktOibgNJY9b1vlW-v6EPvd8LFqfilXmDisJIvD_dQvMbG535VyrZGioUfNNMgDZoHofJTVOIPIK6LQGmf_nnjPlJhuXghN9EHlWz0ZXmbw_5k1B_ay9p-knLjmegJYr3qGth4c-AgQ1Wt4z-3fbP4P6ML9ZA8l9qeb_7A1AaC1odAHBq_xMa54_4to85WSiBm8ZXDSTpna9X6L-R2182-7UUN7SHD_eON9IL3r7Bbc2BeaJAZNMxvWD7isJTmRGpqub8etCQCsKCKqhMb6Ox-9fJiLkOk4ubDtQJkbh_7WaNcPzBcZpTEvpQrj8BMYH206TwZSAYrwWh0cxLwQN81csLg6IJ2KjcH_4LvFIvh9pP29H2ocjEvBJm2VTiFPcSdwYdkP5PEv6JBYPmVqpbe_KP0z2Ub3FUJC5jd7OglBNNJhzlrmrp23kiXwgO1sdUf-SfkogX-UzNA1H3RpUUaZJIJGMR_CLrjWvywVP7ahkwHCln6hzjjD3e4DW1NgMdbR6ahJqtiwmAjfh6GyqqFwS0xsD2mcacMm2Jm0lGpArtMzLbtljgjLSrN2fgcoPgocnI0s2sCjymHxwNejwL87wAZkdGuuBBuCm_30pRK7C81wgxgugpdxJK07ztZ85APJ0AFoSxkzPickPydtp6lhAabgvQIFe-yE82RwNfOAjTGlZ9phZD8Y4l_NDwNL7ZyIacbT83YG3rwqCUhqhp2oFVs3QqPK03z4MLh1OvDBYWqg0vIhW0MgPjPFYVucljRb59xqbawXj7iEjBlVlxzrctMmpaLH_myX9bY3zDbm1FJgKgKRpc3miZOwW42tHZnQGWfocsLsexDtQejDL2drSz2Vp1JKKWNog8OTJgFvphxSQw_YGmwII8oiBZvvBymDh4VJl5K-qa7b-8JW_Ku43Q5azhxNz&cid=CAQSOwDq26N9hxioGh9bOXkVSCfzyHDuv32_XoFbguJD8RnFyJ2aX5Z6TQDVnuUoJxsOpYaKs0id9VBoTTZVGAEgEw&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20221114_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.184.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f156.1e100.net

Software

cafe /

Resource Hash

a1857077994b1d097fb8ab1a9ae073a4bde9f9a961129931778c310eda572686

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15908
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E8DA 1 KB
643 B 57ms
56ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 47643
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 24 Nov 2022 15:56:16 GMT
etag: 48472445140208031
expires: Fri, 25 Nov 2022 15:56:16 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E8DA
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEM0bAqayRZrBSX237Zf95R8&google_cver=1&google_push=ASkJ3Fbn8eDi1PXpBLJrQmYLCB8T5MQ_8ak2Me--fKpqOrMFZS62Wn6jnu...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ASkJ3Fbn8eDi1PXpBLJrQmYLCB8T5MQ_8ak2Me--fKpqOrMFZS62Wn6jnufQpEABTXj4iHWx1ruoij5kpucTCvDxU2cFXGZpU_Ub&google_hm=0s4vkShdXuPm...

170 B
188 B

65ms
64ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ASkJ3Fbn8eDi1PXpBLJrQmYLCB8T5MQ_8ak2Me--fKpqOrMFZS62Wn6jnufQpEABTXj4iHWx1ruoij5kpucTCvDxU2cFXGZpU_Ub&google_hm=0s4vkShdXuPmwpiaSY4awg

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ASkJ3Fbn8eDi1PXpBLJrQmYLCB8T5MQ_8ak2Me--fKpqOrMFZS62Wn6jnufQpEABTXj4iHWx1ruoij5kpucTCvDxU2cFXGZpU_Ub&google_hm=0s4vkShdXuPmwpiaSY4awg
pragma: no-cache
date: Fri, 25 Nov 2022 05:10:20 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame E8DA 43 B
356 B 214ms
67ms Image
image/gif 34.98.67.61
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEN6UPdui0m9GxyNeqjUg_zs&google_push=ASkJ3FZXA0Im5o4R8pHODCKs39lmqNa9CSWV8F7jaYhul-3LKL4gXvQyTom60tImAAH3MbRSOEe1eH_l9fkVVjcHtow5woI49efc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:20 GMT
via: 1.1 google
server: Apache
content-type: image/gif;charset=UTF-8
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame E8DA 43 B
64 B 136ms
73ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEOf7FNxDAabaZ9sUx8JGgIw&google_cver=1&google_push=ASkJ3FYIiVr999DRrS6nElWa8Dfn1_6NLBXtJ2NBlcshm_B7421U3YQjOhWcj90Hh0E5xKjAzFkmRTwb2FQz9xAnoxlWpnrfjOk
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:19 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: g08kfpsr1281j8d52hhhto2iv2ouauvg

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E8DA
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=P5eVgRJFQFacobx_qiA3NA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

65ms
64ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=P5eVgRJFQFacobx_qiA3NA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FbLxvndanE1ixreW5JefKlXNEn41ffMklAVkU93xopF0S1a7vORInu4A3CA_sAqELnnQ1EhDVZ5p3524weUYoFSqauSmSO-

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=P5eVgRJFQFacobx_qiA3NA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FbLxvndanE1ixreW5JefKlXNEn41ffMklAVkU93xopF0S1a7vORInu4A3CA_sAqELnnQ1EhDVZ5p3524weUYoFSqauSmSO-
date: Fri, 25 Nov 2022 05:10:18 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E8DA
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIHqBMK_jOVFlV1LkWbLQwU&google_cver=1&google_push=ASkJ3FYuot_7RiooQobHQeHf45WzwNeTbN-g7WoO3gC5sqN-Ih8qLGI8sOizCBtgE_JqS5MaIu6...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEFXMU9QWVctMVUtM01CUg==&google_push=ASkJ3FYuot_7RiooQobHQeHf45WzwNeTbN-g7WoO3gC5sqN-Ih8qLGI8sOizCBtgE_JqS5MaIu6VHpEYNp4ugRiSiO5-KDpADQE

170 B
188 B

67ms
66ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEFXMU9QWVctMVUtM01CUg==&google_push=ASkJ3FYuot_7RiooQobHQeHf45WzwNeTbN-g7WoO3gC5sqN-Ih8qLGI8sOizCBtgE_JqS5MaIu6VHpEYNp4ugRiSiO5-KDpADQE

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEFXMU9QWVctMVUtM01CUg==&google_push=ASkJ3FYuot_7RiooQobHQeHf45WzwNeTbN-g7WoO3gC5sqN-Ih8qLGI8sOizCBtgE_JqS5MaIu6VHpEYNp4ugRiSiO5-KDpADQE
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E8DA
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFmAq6gsN59c3kv_dZps1gI&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFmAq6gsN59c3kv_dZps1gI&google_hm=Y4BOO6q71zLOKv1Z4u_igQAADRkAAAAB&google_nid=index&google_push=ASkJ3FY7DgM2ru-5DIS3L042Wg_UWtmODUGbT...

170 B
188 B

66ms
66ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFmAq6gsN59c3kv_dZps1gI&google_hm=Y4BOO6q71zLOKv1Z4u_igQAADRkAAAAB&google_nid=index&google_push=ASkJ3FY7DgM2ru-5DIS3L042Wg_UWtmODUGbTNzhW-1tSJKWIaGnpNHMkapqWPSvtWHVYtBkIoNtlMCVafVTjyOOOvuaP7kXCHg

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZTcBZh5%2Bq0y8eRATLWmeq0Dco3hdyEFqJbPGX702vJTrTmpOH2dmglKAldVpZge9vP3B2imwENp2TA69Hs4nx%2BZhJ1YQswMvJnXpzd9JXvkOl8cZTxozXxvjRmrRofGzxR4h8PtCbaw1Ag%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFmAq6gsN59c3kv_dZps1gI&google_hm=Y4BOO6q71zLOKv1Z4u_igQAADRkAAAAB&google_nid=index&google_push=ASkJ3FY7DgM2ru-5DIS3L042Wg_UWtmODUGbTNzhW-1tSJKWIaGnpNHMkapqWPSvtWHVYtBkIoNtlMCVafVTjyOOOvuaP7kXCHg
cache-control: no-cache
cf-ray: 76f7e0976de1dd50-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET googleredir
googlecm.hit.gemius.pl/ Frame E8DA 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E8DA 0
12 B 67ms
62ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LHbpxsn4hGC-8teUJImcCWEw3qNor2EdAPbA3b2cjSwHnWLLXg6EzSmKFGLA0KIoLn1o-Miw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 1661867165592.css
s0.2mdn.net/sadbundle/5224251314673392648/ Frame 40BF 10 KB
2 KB 59ms
58ms Stylesheet
text/css 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=worNpKXqZu&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01147cf422220b219bbbe8526abf4b3ac6d5c15a59ed7e48396af4b9c2ed80f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=worNpKXqZu&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 19 Nov 2022 01:19:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 532225
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2428
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:36:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Nov 2023 01:19:55 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 40BF 118 KB
40 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=worNpKXqZu&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=worNpKXqZu&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 11:10:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64803
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 25 Nov 2022 11:10:17 GMT

GET
H3 200 1661867165592.js Show response
s0.2mdn.net/sadbundle/5224251314673392648/ Frame 40BF 34 KB
11 KB 74ms
74ms Script
application/x-javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=worNpKXqZu&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4989bc93c351231cf57c606028d58c3c35ec23a469cfe4475195db035df17fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=worNpKXqZu&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 21:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26509
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11482
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:36:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Nov 2023 21:48:31 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 63BB 0
20 B 95ms
95ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B-ujeO06AY76eFs2V9u8P6rygkAgAAAAAOAHgBAI&bg=!S0ilSAzNAAbvMpMzzzI7ACkAdvg8WvC94gMRMIg1ZAtXFa658HY_OlZM7Sl2ILaIaYzIMr8iFEOOtAIAAADKUgAAAANoAQeZAu1pd9rrI4pdEdZzopgIg45dgca4mD1Rrex6OGjr97yGUxVk65ZTmE1BGcDjeeLDuRJVlIStj7vUs9jCqtPeGAwMnB_R_GvNvRp6TjVGMpUgAHKnHGDYHf1BEZsBj3ruD2WUyG1t5vUY1mPYDvL-w73lwBXQ0OuwXck0JU0XLjxZfzubuEZbYk5UH4EQ-Gu6j6WriBGYFyGq1NZCAxbjvQkThGaTsV02cj9BUXiIQL7lovukzm6P02vM70txZKhLFD4ccPT1mAUwiYOxbcUdfRHnZ94O7UMqSjGmhyD9Fb6yeerEwF4IpwB0Zny7lYSK2EDqxOJLS2g1nWRtbRZCwRSaXB9ZIeA_hoQdqS_dN-v8iCRwvA6dpgmwsjaUwKkaOnf-P5bNJt9YHXTT8AVKGQl7khRMR5KtfrDIrLdeKoVdxJLEDWYjJkByzVEybcxqcDIaDIfZN_SH8SscsicHP4rJMFwirhGl1oPtJyes5EGXGhYO44jkOnM6PwYQ6rcU4kF72ifKUML50uCpjstVmgfuEdo6zNYjRM6gNeuFcysLYwSZXrBKDHu2dh2bP7k3ustXC_GbF6D8VGmQCPHICuc9-CeaS0BU5yTa7HszgrljqLF495U8SiTQTAxF0Bd7n4CGTWb265b2z_S3_CXYckuTIVd2VSURjgGHRj6f0DKAAddxSfzQujusyAxDi68jb4LD42NHeIfmBeyxHSIHPXmswZ5W0ZRIUyVEFUZubkvCtaCuBbs2_szvJjb2VRuu7niWWZAg6c2NLAVaHLJHg29TfyN3L0GRL-0W7oUj5nRnfSfvoN9hOPQbHAFNFeoft7dRM02sh1MIEPXMr7blbpS1VMjLIZZTI69ToZNpdk9Xus7NJk9usxB6Tu4yYbdVBC4smdIdFj--in9jpDloIziVEL4VivOsFY_ISnQpKAxLhbUu9zS_TqXWbECcwQCkdX_LjH8vhFKToEK_3arTXT6VWoUc_U3uC0GRZm-7MA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame BC98 41 KB
15 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20221114_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 18 Nov 2022 20:14:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 550564
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Nov 2023 20:14:16 GMT

HEAD
H/1.1

200
OK

file.mp4
r5---sn-4g5lzne6.c.2mdn.net/videoplayback/id/5e49592713959872/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1700889020/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame BC98
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/5e49592713959872/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1700889020/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signa...
https://r5---sn-4g5lzne6.c.2mdn.net/videoplayback/id/5e49592713959872/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1700889020/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

217ms
59ms

Fetch
video/mp4

2a00:1450:4001:12::a

General

Check archive.org

Show headers Download Go to

Full URL

https://r5---sn-4g5lzne6.c.2mdn.net/videoplayback/id/5e49592713959872/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1700889020/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/46DE75120A7C1437D179101BBB568DE4E3334A7A.71DA52F0E7609761F0DD7EAD61F5A68B9C556979/key/cms1/cms_redirect/yes/mh/F6/mip/2a01:4a0:2c::6/mm/42/mn/sn-4g5lzne6/ms/onc/mt/1669352848/mv/u/mvi/5/pl/43/file/file.mp4

Protocol

HTTP/1.1

Server

2a00:1450:4001:12::a -, , ASN (),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Nov 2022 05:10:20 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 5564716
Last-Modified: Thu, 10 Nov 2022 15:09:27 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Fri, 25 Nov 2022 05:10:20 GMT

Redirect headers

date: Fri, 25 Nov 2022 05:10:20 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 644
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r5---sn-4g5lzne6.c.2mdn.net/videoplayback/id/5e49592713959872/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1700889020/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/46DE75120A7C1437D179101BBB568DE4E3334A7A.71DA52F0E7609761F0DD7EAD61F5A68B9C556979/key/cms1/cms_redirect/yes/mh/F6/mip/2a01:4a0:2c::6/mm/42/mn/sn-4g5lzne6/ms/onc/mt/1669352848/mv/u/mvi/5/pl/43/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame 571B 35 B
478 B 84ms
83ms Ping
image/gif 37.157.6.242
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=7418567585483889380@@59631611,7588776427029154583,100|1002|0|0|0|0|0|0|0||39|1|||||1|0|0|wohN3R8uCrBcPlakbYq96cEVqNiVRnQ6H3heI4pyW-Wv25jvMPIAg_L_QlhaeLlf0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900026.redintelligence.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://hal900026.redintelligence.net
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/5224251314673392648/ Frame 40BF 3 KB
1 KB 59ms
58ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5224251314673392648/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 17:22:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 388086
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1365
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:36:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 20 Nov 2023 17:22:14 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 2423 23 KB
9 KB 57ms
54ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 486242
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8727
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 19 Nov 2022 14:06:18 GMT
expires: Sun, 19 Nov 2023 14:06:18 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7676 0
0 213ms
97ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDeBs-C9FBPspn_Dq078-arDbYZx_v7cUrj4KV_nN8tIJqyysLvxPu-515CPlPGAU9RGYZ763YZL8ZiMdvV_ocCKNPQkVRnDODp9hcSodUkgKHJx_eY7hphseO3p61vHL8EprIiJQsgDIuMDmxE9zIbPBKfnL_HDVtR_mKnFPsH77dY0vnNS3y3wvRwRpKrHbyX3ylFiIwAuYeSQzRXJO5RHuSw0G8_W5TO-fI2jRmlI_gMXhgAjbeopO5DRDfuXeNffmgcprzME7-OZ2gWS_jWe60h1h7BsrHngD1T1C-yG9BCOiCEwjNnoo84ZB__fDuJqMr1sSyge_1OYeWmenwwYLzorxjS5UWyT43XhvF2vA7OdX6FaulzvdeGS0YU8FAHMrDNeKtCOE-SNo8r1RLMAJFxHnbfQwLq_pti1rl_Rx0gMtbl7O-ZmjzXRy5p2ZwWTJuCw5DAipcKbaIKzZr04KBOghYzd5JbX2Vhnna0lULJmEWwBJI-wQjmgY4cPZT58YOMqDdCcOXEUuGyWQ_uFPHjFkRYO1uQmQ0uuEQFnHxixFaW1K6q20Mbh3zoW-H7-e_z_0DTJ_CDJZR3FfLfRuaevRA8uz11ym-5YTeu39UNwBSt-ythZwbKRW6UgeMCYdspLhc4YDOIrIOkuknMqsS3Ut67d25JQL3PlhT1hPptbWgR-PQN4t2XhO62-bOjsk3G5afTx0W42CL8NLAwaeBnlrhyKlAP4lkg1qgXzoWzheFQOWMCbpo1os79g54VW5LSqS5fb8hzOWVWOI5-zM6RGR1OFItU_J5UM9y3q9hIvvnw84Xa1jug1afVxYlA5KNPx993aqU0oH39gEkOwKLmK2HQ47R2562Dsg7IKqJqv8DXq4Xm8PPff8vlMMWLqK7ahvVcCSKzoXk0EL3OvJoQVpX_HScwcjgzWIjTV2yW-lqaha1W_P-yP7xQKi2TMCPhMTShlEuaj3juElqlSCLg5wU8Bs4f5HucoBK7fNWEWR25v7lldPcCdo8NAYknsPQxuLdvj0qCQf37G9_U95TC4MldJ3P6ee7netvl27NpglopNFxVgxGdo5j8gQrDxGwlS9-JJNOfUo4ODDni7Hewp5d1OHPPdtyT6ldin_68E-Fy7qLFdMnuGEgeUUnpq85t9R0vSXhfUlWLcItLffsbun7I5MFAo7Rv3hi8-AAXYeAY4faAMDAN6aj4QsUfZAfoudLfVLbJ660Q9LwyQqJiGKwv6MelvPmTDHnp4soWHRO7jRFO8g6ow&sai=AMfl-YRb6d5KBENx-HQbDnOojponDhnZ3Xr3OpgVYW_h1_oz0zygRF-wLTLNJR5srq82KcMOyCZI-U0n-BPFsd6jB-f6s2idkOFz2DWrts8ISNBcHb3FCHKVETcnh1XDeXhh7Sj-5CzvQo94jsg8kXk4fViPChKD70sMBoutweiYDNhKRPcgtlw4mCfBfhux4--CqCmnaBLvHrzB3zTz-GbhLlv508j8hfgY-vZ-reBxJ18x7I_DyIgJRjXZY8u4c3BaE2It7W44tqQ&sig=Cg0ArKJSzDq9Miyd4Pa7EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=807&vt=11&dtpt=441&dett=3&cstd=360&cisv=r20221110.00985&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 25 Nov 2022 05:10:20 GMT

GET
H3 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 40BF 13 KB
5 KB 164ms
54ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 13:03:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 144432
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Nov 2023 13:03:08 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 40BF 7 KB
6 KB 70ms
70ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

13226ebcf9c8ad11ecdd63be37659a0f42a5d61cbcb3150cfb9838af9af15254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5742
x-xss-protection: 0

GET
H3 200 rVlqs_C6MEoymNIgrpYBY2eJfhVJuMjEUeWab4z9yRM.js Show response
pagead2.googlesyndication.com/bg/ Frame 2423 36 KB
16 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rVlqs_C6MEoymNIgrpYBY2eJfhVJuMjEUeWab4z9yRM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad596ab3f0ba304a3298d220ae96016367897e1549b8c8c451e59a6f8cfdc913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 12:20:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60579
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15986
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 24 Nov 2023 12:20:41 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 94ms
94ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221110&jk=2614634184975198&bg=!ODulO3_NAAbvMpMzzzI7ACkAdvg8WqQLyDOZfBwtERb_c5EroNnVg-9CLqIE07bNd0DlGRWxfRFnpwIAAAByUgAAAANoAQcKAJepQdGZq-7Ldp2gTlGw6R562z359poFaay3FQFKKWNBThmBv9M0GOS3S5tDAgsIGIfvmWT30CzsRuAeBSgR1r7q8fcoi2eTVr_abl_9or6piGRZeK6IuobIeE2cY-PbHbyBvif6PlLl-3tSNZ20QQ6UuYbLaL2jEUt__l1KSp43bLZxJUUS1MjUowqE_FLpNW4y3Fz8wt3YmQKVyqLl6z9kmQ53rLzlKs7W7SGbAbbJ6beON0B3PwsOQQzDWeLwT8uBZ8KHDpZTO6gezcV8D--YrifxHnl1AIfnW4G-J9chAdxESRG83_W47bOyWizr6KZ7rdhg5dI8AFZeqb-8XQT3RkWrSBoy4pf38Q_lfxugtuc0JQld5s99eb_loWVn5YGe2UbP1Fu8K0ljzvVnmK06ZSFw0hXLw_ZEMwY-Fae13sv2rLrLvJK2TAj-aLEz60H8OF20vDnnk8kPEUXT0HEolQ-AwlJnBFNv5e3VOm749gu3WKnzIrQhF72Qe9gG76EBaALGj4NA1-99GkJhA_rdUp2ZM54rPzVzP1WMOKPeW1mSQ8CK5nbZxLh29JTpb310OPEAl3UwY_zRWre68YFAJHYp39mxCKVCd9nN2dZLXs-NNWY3tME7MAg6QAXt0AdgfrIyhRJyScJR4QLeHs-KnaJdzwiC3hP6Izfl4o3giv6cgrmrIjZdmRr7xY420_O1aXw0YTRBKx-gXRLkw69m_vCFZuAbElGqcAHp33RCT9LpLaOKhEvBDSpiMIQpEM9NWNxjq1ylbXK_yW5yqTm3zUo4pLOADir2k_sof5f5uLGNI88JAv06sxjeZdqKUXPkMTO1X2G23P05baa1iPbWnNAQNqUNLEK_iHip6AWBspB4uCCB_5GK6qFYLFzf6sBwv-jsMaCRLWOjj5poBWXiTsQ3F5G0a4mKoPmXZnyCtRL9Tsc-nfOImSqp18imwEhC4LZupAf-o7mCr0ZXH7tZO2t9W3n4wJV_9CP3e89UcOP7HtBINZZocITdvM23yDGrnX3OG4inWA49xnQQC9wWlK9kvbctNXTwOvhre7FBY8k8iaw9LQwCavcMUKSypA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 40BF 17 KB
6 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:10:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 05:10:20 GMT

GET
H3 200 HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js Show response
pagead2.googlesyndication.com/bg/ Frame 01E3 36 KB
16 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 18:46:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16085
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 23 Nov 2023 18:46:54 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 40BF 98 KB
98 KB 58ms
57ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css
Origin: https://s0.2mdn.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 04:56:03 GMT
x-content-type-options: nosniff
age: 857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 25 Nov 2022 05:11:03 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 40BF 57 KB
57 KB 65ms
64ms Font
font/woff 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css
Origin: https://s0.2mdn.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 04:58:43 GMT
x-content-type-options: nosniff
age: 697
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 25 Nov 2022 05:13:43 GMT

GET
H3 206 file.mp4
r5---sn-4g5lzne6.c.2mdn.net/videoplayback/id/5e49592713959872/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1700889020/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame BC98 120 KB
0 116ms
57ms Media
video/mp4 2a00:1450:4001:12::a

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:12::a -, , ASN (),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range: bytes=0-

Response headers

expires: Fri, 25 Nov 2022 05:10:20 GMT
date: Fri, 25 Nov 2022 05:10:20 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-5564715/5564716
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 5564716
last-modified: Thu, 10 Nov 2022 15:09:27 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2423 0
20 B 94ms
93ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=B-YvJPE6AY6P3BLSNzAbH8LLgBgAAAAA4AeAEAg&bg=!9_Sl9LDNAAbvMpMzzzI7ACkAdvg8WtNppRt9uInnEvMX3Qol2SwBoGZQrc-t-8xQDKBhzDfmpFKUcgIAAADiUgAAAAJoAQcKAIPxUgiOJpjl05Kxhidc7oL5sFsXDT_B0a_ZbwQrEMBSV6OzBvIBn-SNRF9U9GQCiKhclJC3rlmskoC5EVJIb9m8eBc4iJrIHqi9AMMema9LlVLmfEtXevLDqCZ3EXGNXHjBreaohx1zElwEnx1PF0R_zV6R5wTwoJol1v20JHSzhwNPcJkC8KDT_bowaBEAOlMNYvZaZM0GY63iOSI5htQvpXPjXj_OXpjSfRDurvqX1v1xOBULGfSfNktklQ2YM2oTgmOSAdrDyNM1ZbU-QazVqoca0s9j1ZnbBfTdq5Zhnat_JvESRIrYs77JD2UE7DwlTFwQB-y6_a93i5DBz34zcgobGsCqW1VY5IiMEFm2ZrptN8qsXmcZrJVCFWp1elFBdLXYyPz3jZTexwv2SVsXEEXNjJhTLa2vji7-aVSDPY7i4TTnszAZRFtb-1SPRcjqpv4-Oc9PC0b6MoSbL5elNF5I_wC-8XfeKHXE34ddEQEomEmlEFJyz2cGwfzzzHzaZmhLQW4XebKyoRMk8iKm5P5gD9fcxiRW4IOuCjDAyCVsAoV9pNHfaAk0sdLDLR4R5zGh4ebFhY6kiPMZI9RlQDLUuuBpRYOnj3MzPg7IbWU_7bycL8DIfaLe-nTMhLl6EQ9S0keKfTrf5x9fZEq6pq6ujV1ubmPeQSGYhcT49PRBhVLSescKgfGr8g8U1OOELx7higxeW3oE08iNOyGWXRzQj_OoiCLXnUfiywSL3M_fNF6XeMy75LDV7BtXXtjfj0A6m_QybsAfwMhfqsJluy_S9QQUgC9mTOnhwo3ke7OmTy-uIlaPa-d6ozt76wsSzcSj1PcvwuPfDg9SR1Xm_s4TXnO9Gaz7C-Z7Ed3pDIPEhpEovlrPqTvIoavm2sC1Xk8qRMRJyZwPWx2nrPv9dcbeowDKqzx6E8nMgTvHLGmegDH7BfBq1Ck0CdyhvM5LppHSvboB2ujMvE-X21PofmbgtyPhQiwLnV_IPf25utXwxoMXgn6evnlmUSTdRxAReNtweFkGzG2Rw0Fb3i-sWxOHYImc1VIXBJ5BP4FYq_q4WzZUONdchKJl3iYLnyosQu1l2QZcoCiuRCzeN-fiYY9LTcy1YD0hdXM2yRGx-EtN1evYM35V-9-EBLQ4EquCxNU2rQzXP0n-s4e3VuwmicQMvrKU

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJjeWJlci1kZWFsX2Jlcm5kX3F1YWRyYXQ3YTg4ZTQxYy1kNTdjLTRiNDgtYmUyMS0wMjNjMTgyZTg1OWUucG5nIiwiZWRpdHMiOnsicmVzaXplIjp7IndpZHRoIjoxNDU2L...
d1dgf5fdrpyfo7.cloudfront.net/ Frame 40BF 54 KB
55 KB 260ms
68ms Image
image/png 2600:9000:223c:c600:b:90c6:35c0:21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1dgf5fdrpyfo7.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJjeWJlci1kZWFsX2Jlcm5kX3F1YWRyYXQ3YTg4ZTQxYy1kNTdjLTRiNDgtYmUyMS0wMjNjMTgyZTg1OWUucG5nIiwiZWRpdHMiOnsicmVzaXplIjp7IndpZHRoIjoxNDU2LCJoZWlnaHQiOjE4MCwiZml0IjoiaW5zaWRlIn19fQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:c600:b:90c6:35c0:21 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b919be8745a4d1b7575073503f458e0deb8245330f78d1c27350b7819cb9d720

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 21:54:21 GMT
via: 1.1 0c688bb347bc402edc1209f13e04d88c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 198959
x-amzn-requestid: 6655ec12-490f-4d7b-958d-ba40e6512ed3
x-cache: Hit from cloudfront
x-amz-apigw-id: cBe6IE2PliAFkog=
content-length: 55796
last-modified: Tue, 22 Nov 2022 15:10:19 GMT
x-amzn-trace-id: Root=1-637d450d-5a159f1d27c78c4d4e3c0dbf
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: XC2PSvC-VBmq5jxK0ytV5hFbqBHWtNnXChDxPgZTZxgJyLpA10auvg==

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7676 42 B
64 B 99ms
99ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstJNmeLZYOhAOahFohPW0RsSRwu40vEStnq67F-YeXwYU-tmGvjNlEqj-8qF-1iOc0Ww9TA5cjg_KMsURhNFjXL3Du1gdjyRS1NbpZZLoBsYcMPlf_1KDpYa4ibxbb3Yfqu-7Tz6A&sai=AMfl-YRAm_MVIODl16XhAQNPhd3lendTi5GcWZYJSKbdRS8DlhBY_NgKuDtHB78pzY8O9QJhTtfKUllPD9BY_fOnEFaP6nC3VLvFm8rh98u5OztbIUO_tIxZVfY7kEjsXg&sig=Cg0ArKJSzKlP171XFbg1EAE&cid=CAQSOwDq26N9hxioGh9bOXkVSCfzyHDuv32_XoFbguJD8RnFyJ2aX5Z6TQDVnuUoJxsOpYaKs0id9VBoTTZVGAEgEw&id=lidar2&mcvt=1041&p=0,0,90,728&mtos=744,1041,1041,1041,1041&tos=744,297,0,0,0&v=20221110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1669353019312&rpt=620&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 05:10:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJjeWJlci1kZWFsX2Jlcm5kX3F1YWRyYXQ3YTg4ZTQxYy1kNTdjLTRiNDgtYmUyMS0wMjNjMTgyZTg1OWUucG5nIiwiZWRpdHMiOnsicmVzaXplIjp7IndpZHRoIjoxNDU2L...
d1dgf5fdrpyfo7.cloudfront.net/ Frame 40BF 54 KB
55 KB 183ms
68ms Image
image/png 2600:9000:223c:c600:b:90c6:35c0:21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1dgf5fdrpyfo7.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJjeWJlci1kZWFsX2Jlcm5kX3F1YWRyYXQ3YTg4ZTQxYy1kNTdjLTRiNDgtYmUyMS0wMjNjMTgyZTg1OWUucG5nIiwiZWRpdHMiOnsicmVzaXplIjp7IndpZHRoIjoxNDU2LCJoZWlnaHQiOjE4MCwiZml0IjoiaW5zaWRlIn19fQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:c600:b:90c6:35c0:21 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b919be8745a4d1b7575073503f458e0deb8245330f78d1c27350b7819cb9d720

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 22:00:14 GMT
via: 1.1 50c53efe331c3da25a4faf191817af8c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 198607
x-amzn-requestid: 07e9eae3-73c1-443d-ab68-2ef150287ad3
x-cache: Hit from cloudfront
x-amz-apigw-id: cBfxRG9AliAFWMQ=
content-length: 55796
last-modified: Tue, 22 Nov 2022 15:10:19 GMT
x-amzn-trace-id: Root=1-637d466e-2fa1556b449b539842bc98a4
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: G_W7zWpF_rYt6RnsuQw18KxdHE-S-7QcKlmUmCdcW9tj2T3qT6aFUw==

POST csi
csi.gstatic.com/ Frame BC98 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: a1.admaster.net
URL: http://a1.admaster.net/a/10507/155?pos=0.9215899582099725

Domain: c.bigmir.net
URL: http://c.bigmir.net/?o1&v16854857&s16853252&t0&c1&n80326&w0&y0&d24&r1600

Domain: g.novostimira.biz
URL: http://g.novostimira.biz/l/1322?v=2782255

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEETB8n_cAqgDlg57PW2N4zc&google_cver=1&google_push=ASkJ3FZX92sNKz4odgdTIewy6Pfk5waUcUbsrwvDnikkU22ZKcjmo8DczhI5S_bA2h3Vl7xNlGX0nJ1oh4vDNbt8WjaISsob285z

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEETB8n_cAqgDlg57PW2N4zc&google_cver=1&google_push=ASkJ3FZbhckr17cvf2X89x7qqaEuIlMMcrJNMbTfQhD3vnDzryW9K-hiJsm3OmSHjQL8kB9JudIo8EpGVFnxIzRUMkR0Z_E8jChpNA

Domain: csi.gstatic.com
URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~law1opv3&c=5787683841919&slotId=2893841920959.5&qqid=CIrhxc3IyPsCFVLx7QodusYHRg&fb=outstream-lima&gpm_i=7&gpm_c=7&gpm_a=7&smb=1000&br=918&mt=video%2Fmp4&vs=640x360&ulv=1&cll=0&vast_v=2.0&vmfc=9&vhc=0&msm=1&aits=0%2C18%2C692%2C59%2C342%2C343%2C344%2C345%2C346&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=web_video_ads&ape=1&ple=0&umsem=0

Verdicts & Comments Add Verdict or Comment

238 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

42 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
legas.com.ua/	1969-12-31 23:59:59	Name: b Value: b
legas.com.ua/	1969-12-31 23:59:59	Name: iua Value: 1
.legas.com.ua/	1970-01-20 17:18:33	Name: _ga Value: GA1.3.1703342002.1669353015
.legas.com.ua/	1970-01-20 07:43:59	Name: _gid Value: GA1.3.987223809.1669353015
.legas.com.ua/	1970-01-20 07:42:33	Name: _gat Value: 1
.i.ua/	1970-01-20 07:42:34	Name: __cf_bm Value: nTaF9O23U.nbhcSrKki6qliRzvZmQZmTbcg5PsWITXA-1669353015-0-ASDxbWHQA2byv6u9W9MIBE8qBI3hymSj4ypkT9XZh1oKKXND0Rd32WEhJlyPzVcE09JpKZDeS3ARV6fxOj/pQAw=
.yandex.ru/	1970-01-20 17:18:33	Name: i Value: cvY6bwdjW3EScKM8ANsWIGJjQqvJ9TXowwoYwJ+wkfmkMLOOLcIoiBOOHdts2meH3AoBrJifsNDQp7sZcOe/l8LF8vI=
.legas.com.ua/	1970-01-20 17:04:09	Name: __gads Value: ID=4bafd428082bfc3f-22a107f38dd700db:T=1669353015:RT=1669353015:S=ALNI_MbsQFr0dyyyC5Cqz_9-JIvfOy5m1w
.legas.com.ua/	1970-01-20 17:04:09	Name: __gpi Value: UID=00000b86c09366a6:T=1669353015:RT=1669353015:S=ALNI_Mbxw9rs_s7fvjiFQvD660djbnQR9g
.doubleclick.net/	1970-01-20 17:04:09	Name: IDE Value: AHWqTUly33Xqn9Vl-wWwiHpWf32k2_XpDaI5Ghn87kbJ7guFkbGzmRXTmh8yr22yn2Q
.doubleclick.net/	1970-01-20 07:42:36	Name: DSID Value: NO_DATA
.hotels.com/	1970-01-20 07:42:34	Name: HMS Value: 02a66a79-ee9a-49af-a6e8-3d7447e5c065
.hotels.com/	1970-01-20 17:18:33	Name: MC1 Value: GUID=93c4ae9d3dfb41e5a47ae145ea199021
.hotels.com/	1970-01-20 17:18:33	Name: DUAID Value: 93c4ae9d-3dfb-41e5-a47a-e145ea199021
.hotels.com/	1970-01-20 17:18:33	Name: OIP Value: gdpr\|-1
.hotels.com/	1970-01-20 07:52:37	Name: CRAS Value: HCOM-CH.DIRECT.PHG.1100l95727
de.hotels.com/	1970-01-20 09:08:57	Name: akacd_pr_20 Value: 1674537017~rv=56~id=56dab8532b3ef3d19e77ab2d5aa2d47e
.mathtag.com/	1970-01-20 16:28:09	Name: uuid Value: f6046380-4e39-4501-a383-707fcf579d59
.hotels.com/	1970-01-20 17:18:33	Name: linfo Value: v.4,\|0\|0\|255\|1\|0\|\|\|\|\|\|\|\|2055\|0\|0\|\|0\|0\|0\|-1\|-1
.hotels.com/	1969-12-31 23:59:59	Name: CRQSS Value: e\|14
.hotels.com/	1970-01-20 17:18:33	Name: CRQS Value: t\|3111`s\|300000014`l\|de_CH`c\|CHF
.hotels.com/	1970-01-20 17:18:33	Name: currency Value: CHF
.hotels.com/	1969-12-31 23:59:59	Name: iEAPID Value: 14
.hotels.com/	1970-01-20 07:59:13	Name: tpid Value: v.1,3111
.hotels.com/	1970-01-20 17:18:33	Name: cesc Value: %7B%22aff%22%3A%5B%22AFF.HCOM-CH.DIRECT.PHG.1100l95727%2CHCOM-CH.DIRECT.PHG.1100l95727.1011lwnjmvSU%2C1011lwnjmvSU%22%2C1669353017966%5D%2C%22marketingClick%22%3A%5B%22true%22%2C1669353017966%5D%2C%22hitNumber%22%3A%5B%221%22%2C1669353017966%5D%2C%22visitNumber%22%3A%5B%221%22%2C1669353017966%5D%2C%22cidVisit%22%3A%5B%22AFF.HCOM-CH.DIRECT.PHG.1100l95727%2CHCOM-CH.DIRECT.PHG.1100l95727%22%2C1669353017966%5D%2C%22entryPage%22%3A%5B%22noonewillmatchthis%22%2C1669353017966%5D%2C%22rffrid%22%3A%5B%22AFF.HCOM.CH.038.000.1100L95727.KWRD%3D1011LWNJMVSU%2CAFF.HCOM.CH.038.000.1100L95727.KWRD%3D1011LWNJMVSU%22%2C1669353017966%5D%2C%22cid%22%3A%5B%22AFF.HCOM-CH.DIRECT.PHG.1100l95727%2CHCOM-CH.DIRECT.PHG.1100l95727%22%2C1669353017966%5D%7D
ch.hotels.com/	1970-01-20 09:08:57	Name: akacd_pr_20 Value: 1674537017~rv=72~id=d4a79ce2c8fb6eb4c784206743ae459b
.adform.net/	1970-01-20 08:25:45	Name: C Value: 1
.adform.net/	1970-01-20 09:08:57	Name: uid Value: 7418567585483889380
.adform.net/	1970-01-20 07:52:37	Name: TPC Value: 1669353018643
.legas.com.ua/	1970-01-20 07:42:33	Name: _dc_gtm_UA-9703351-1 Value: 1
.legas.com.ua/	1970-01-20 07:42:33	Name: _gat_UA-9703351-1 Value: 1
.casalemedia.com/	1970-01-20 16:28:09	Name: CMID Value: Y4BOO6q71zLOKv1Z4u-igQAA
.casalemedia.com/	1970-01-20 09:52:09	Name: CMPS Value: 3353
.casalemedia.com/	1970-01-20 09:52:09	Name: CMPRO Value: 3353
.adnxs.com/	1970-01-20 09:52:09	Name: uuid2 Value: 7672575226691198117
.adnxs.com/	1970-01-20 09:52:09	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Ilj<1vm!@wnfH8K6pQK`!5=E<L5?%M1penjcz%Pc.Qxp`7A'jP/Xycs9y$g_eb:nN%nugO%v4VB%nnET$k5s
.pubmatic.com/	1970-01-20 07:43:59	Name: KTPCACOOKIE Value: YES
.quantserve.com/	1970-01-20 09:52:09	Name: d Value: EGsBCQHUJ4EA
.quantserve.com/	1970-01-20 17:12:47	Name: mc Value: 63804e3b-cab75-91723-4b3e8
.pubmatic.com/	1970-01-20 09:52:09	Name: KADUSERCOOKIE Value: 3F979581-1245-4056-9CA1-BC7FAA203734
.innovid.com/	1970-01-20 09:52:09	Name: uuid Value: 17dc85a1-fce1-4f8b-b9ea-1561bada5265-20221125 00:10:19
.casalemedia.com/	1970-01-20 09:52:09	Name: CMTS Value: 3345

22 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://legas.com.ua/ Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://caddy.com.ua/components/com_jshopping/files/img_products/AAR-1.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://legas.com.ua/ Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://www.meteoprog.ua/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	error	URL: https://legas.com.ua/(Line 52) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure script 'http://a1.admaster.net/a/10507/155?pos=0.9215899582099725'. This request has been blocked; the content must be served over HTTPS.
security	warning	URL: https://legas.com.ua/(Line 212) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://caddy.com.ua/components/com_jshopping/files/img_products/AAR-1.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://legas.com.ua/(Line 283) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://www.meteoprog.ua/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://legas.com.ua/ Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://040510111616.c.mystat-in.net/?i040510111616&t4&g27&w1600&c24&r&v3&j0'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
javascript	warning	URL: https://legas.com.ua/(Line 382) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://c.bigmir.net/?o1&v16854857&s16853252&t0&c1&n80326&w0&y0&d24&r1600, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security	error	URL: https://legas.com.ua/(Line 382) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure script 'http://c.bigmir.net/?o1&v16854857&s16853252&t0&c1&n80326&w0&y0&d24&r1600'. This request has been blocked; the content must be served over HTTPS.
javascript	warning	URL: https://legas.com.ua/(Line 382) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://c.bigmir.net/?o1&v16854857&s16853252&t0&c1&n80326&w0&y0&d24&r1600, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security	warning	URL: https://legas.com.ua/ Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://r.i.ua/s?u66180&p62&n0.11438201470665899&c1&d24&w1600&h1200&r/legas.com.ua/'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	error	URL: https://legas.com.ua/(Line 955) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure frame 'http://banner.kiev.ua/cgi-bin/bi.cgi?h84092&7732115&1'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://legas.com.ua/(Line 1145) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure script 'http://g.novostimira.biz/l/1322?v=2782255'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://legas.com.ua/(Line 1177) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure frame 'http://kurs.com.ua/informer/inf2?color=blue&rnd=1669353015338'. This request has been blocked; the content must be served over HTTPS.
security	warning	URL: https://pagead2.googlesyndication.com/pagead/show_ads.js(Line 94) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://clck.yandex.ru/click/dtype=stred/pid=30/cid=1529/*http://ya.ru'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network	error	URL: https://info.maps.yandex.net/traffic/kiev/current_traffic_150.gif Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://cpa.com.ua/get_js/script.js?aid=90 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.meteoprog.com/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00 Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://caddy.com.ua/components/com_jshopping/files/img_products/AAR-1.gif Message: Failed to load resource: the server responded with a status of 404 ()
worker	error	URL: blob:https://googleads.g.doubleclick.net/49587fa7-6a44-4e92-8f14-501a86e6c03a Message: Mixed Content: The page at 'blob:https://googleads.g.doubleclick.net/49587fa7-6a44-4e92-8f14-501a86e6c03a' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://eppiocemhmnlbhjplcgkofciiegomcon/content/safecheck-notification/notification-iframe/index.html'. This request has been blocked; the content must be served over HTTPS.
worker	error	URL: blob:https://googleads.g.doubleclick.net/49587fa7-6a44-4e92-8f14-501a86e6c03a Message: Mixed Content: The page at 'blob:https://googleads.g.doubleclick.net/49587fa7-6a44-4e92-8f14-501a86e6c03a' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://cplklnmnlbnpmjogncfgfijoopmnlemp/skin/logo24.png'. This request has been blocked; the content must be served over HTTPS.
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEETB8n_cAqgDlg57PW2N4zc&google_cver=1&google_push=ASkJ3FZX92sNKz4odgdTIewy6Pfk5waUcUbsrwvDnikkU22ZKcjmo8DczhI5S_bA2h3Vl7xNlGX0nJ1oh4vDNbt8WjaISsob285z Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEETB8n_cAqgDlg57PW2N4zc&google_cver=1&google_push=ASkJ3FZbhckr17cvf2X89x7qqaEuIlMMcrJNMbTfQhD3vnDzryW9K-hiJsm3OmSHjQL8kB9JudIo8EpGVFnxIzRUMkR0Z_E8jChpNA Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

040510111616.c.mystat-in.net
a1.admaster.net
adservice.google.com
adservice.google.de
ag.innovid.com
ajax.googleapis.com
bid.g.doubleclick.net
c.bigmir.net
caddy.com.ua
cdnjs.cloudflare.com
ch.hotels.com
clck.yandex.ru
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
cpa.com.ua
csi.gstatic.com
d1dgf5fdrpyfo7.cloudfront.net
de.hotels.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
g.novostimira.biz
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
googlecm.hit.gemius.pl
hal9000.redintelligence.net
hal900026.redintelligence.net
hlmiq.com
ib.adnxs.com
image6.pubmatic.com
imasdk.googleapis.com
info.maps.yandex.net
legas.com.ua
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.mathtag.com
pixel.rubiconproject.com
r.i.ua
r5---sn-4g5lzne6.c.2mdn.net
resistcorrectly.com
rtb.openx.net
s.update.mediamathtag.com
s0.2mdn.net
s1.adform.net
ssum-sec.casalemedia.com
static.xx.fbcdn.net
stats.g.doubleclick.net
tags.mathtag.com
tpc.googlesyndication.com
track.adform.net
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.meteoprog.com
www.meteoprog.ua
a1.admaster.net
c.bigmir.net
csi.gstatic.com
g.novostimira.biz
googlecm.hit.gemius.pl
103.229.205.243
104.18.2.81
104.18.33.19
138.201.84.244
142.132.202.70
142.250.186.66
172.217.18.2
176.9.60.211
185.80.39.216
192.102.6.73
198.47.127.19
2404:6800:4002:82e::2003
2600:9000:223c:c600:b:90c6:35c0:21
2606:4700:3033::6815:2c6c
2606:4700::6811:180e
2620:116:800d:21:7eb1:3826:be7e:d981
2a00:1450:4001:12::a
2a00:1450:4001:801::2001
2a00:1450:4001:801::2002
2a00:1450:4001:802::2003
2a00:1450:4001:803::200e
2a00:1450:4001:806::2002
2a00:1450:4001:806::2003
2a00:1450:4001:808::2004
2a00:1450:4001:80b::2002
2a00:1450:4001:813::2002
2a00:1450:4001:827::2006
2a00:1450:4001:827::200a
2a00:1450:4001:829::2002
2a00:1450:4001:829::2008
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::200a
2a00:1450:4001:830::200a
2a00:1450:4001:831::2002
2a00:1450:400c:c00::9d
2a02:26f0:1700:384::277d
2a02:6b8::130
2a02:6b8::14
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:d01c:1d8:8100:3d7c:b3e5:1d0f:44c5
2a06:98c1:3121::3
31.131.16.29
34.98.67.61
35.186.253.211
37.157.5.72
37.157.6.242
37.252.171.149
46.4.10.47
49.12.116.255
52.19.198.230
64.233.184.156
69.173.144.165
88.221.168.207
0029c0cc39dd2f714404c89dfc146a9fef4e2d72b8f2724b50b6625eb973198b
01147cf422220b219bbbe8526abf4b3ac6d5c15a59ed7e48396af4b9c2ed80f1
05273e9bb8ec0f8f92a9c1895e85fa5a2c18c9b0ae9a6e510c15a3c9d56ed09f
0a424d3190a0f0ce7b936d49c43a67cfbb149beed7c88e7d27e42707bdb4eb47
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
101b8d837f8e01156fc293db1932eead16c29f9f16da622bfa89f394fbfd1273
11a32fd2fa6845655ec6381a18811ed2d3bd5f69507c21f118ccd19fcc91ec3f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13226ebcf9c8ad11ecdd63be37659a0f42a5d61cbcb3150cfb9838af9af15254
15e749617a3856bfaa4d2cea0c50d88366d2b579841bd5a45bd2d34062babc51
16557bd84fd793d59a2c7602d94157cfeae2a155d71b2aa01755f9216e379eba
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18f99aaa7fe5f2b285c42b3a6f9a9ef312983be8d86d99517b7f25cd6fe888ba
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1dd2593c68883ea427e0cd5a2a63af49b0798b9feeffcfa0c92867ed98daed41
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
21583f7002df3434278d0ac87cde6b062999b39689e75945e152f8a5e75ef7fe
21b2c55e517d80205308da0a13befc68d57b05b7f077646058b1b584ee872a5c
22233361ada3cc26b4e02d56e7e1bbf12a27e109c4df9e67a2f756257585021b
22dc7c8c81b9f9f71547187665865406a2b782c54b0bc43d26f3a823987abd32
23159ebe826dccc3e40a82e4517027fc3a29ad226b585fbfc3b2097754b6a48f
2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5
304fdb8852051f3310a9453c526fc28bab0c32c5e55c6216d677ca2290baea31
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
37960dfb0a74afa247b54cb6a48281a632d77569d896e4d5966c98b0ca166b1c
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
3a4961c1ae6e8496067150f54acfa06b0026a5525978c24075d5636d33531fb0
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
42e15b92dfd5ed76464a31a7e57706652db1f05e4287b112170f0f57c3aeb8f7
464ff87f2b7b35587e953c632ddfa78cdceaf1094f7e39553ee3e1d16c18d6c3
47fc690a1d42ae135b682d2b2e2c8d6657f9f4639cbfc9ff05c3779424381397
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
4989bc93c351231cf57c606028d58c3c35ec23a469cfe4475195db035df17fd0
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c172ad40b3cedd336665b2162ac95c7a34f9c98d54c5ae6e583c5ad9c592f42
4dfdbdf440119e6927bf643d64cc28c48552cd707acab84cfd66aaec6cd463e0
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e601f0e86ce228bf0586b64f9d85ac4a239fa1ff71886f0a35475678773cdca
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
54f28896954199de4b7f4d570a152f04844bfa027034442d9a99c26937c3924b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
578d39c8cc926851f5be1195f339d26cbbf239f2f7cac8b55b349276514b85fe
59729251e018160eeed443c848fa5fd802b40e984b5afe60560c3cbe9d7b4612
5d62faa1903e4b62b39a6d686fdeb3d4328f315ec5e6c7d3f71d5b6d6b857734
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64f4ced5d55df1d2b68756fbeffafd50b5d09c3ad7703f89a0660269a4ea3a54
65268eba6f906ae2598abc2faa6ebd764d374a8e98d4fe8d19f0531b06cad557
66e9c7e2345cb50b8e2eed66f19e4ca73427ec6b96b78ecf9387ad152003474b
684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d56f2dfcbcdfea9405b8b96738f3afe82a818c435c8c1cc849cdb7f2a950523
6e40736d8d08da2e2779248322d55fc631d5dbc2c7899d1aeae0079594ea869a
6e669fff4c88abc4386df50eeb04a23eafc9e5d3a79fa8b9d71a08ce9b027802
6edbf13af2f07f3ff6cf1b7ab649b8c6c28d247f2d7750a8593bd534de07d744
720b21233cc3f5ac1443ecb48e8807913f0927ee4ffd04d805b76aa2b93bed2b
78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53
79d43d860bcaf8b62c343669b1c7c7acf20a83d0a35ade74f875c8157e71bbd4
7aa592ceada24a186390ab6bdad0e999d1ddb96f5fb77b8da7f2d68bb538268c
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
7e928161cd626935d39ff08188caa3f3a918811ca87194082dedf28b697ce6fd
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
848fe19ed492948709b881f504ce2eb6274baa694606ca88eb9b2990a2460caf
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d
8856eddb55ee169f7678d72627ce24de8b8b3a94ee020bcdde6e8352857ec4fb
8d61bc67c5b06bbd0e0787fc1e661c2fb58ba72c46b7b05ca3ee94c20e599130
8e16ad2005bc4c19f8560189ef6e7b7475f2b3def2c60a57f9041fac5b4f94cf
8ebb42f7961800b335cc59e31253f69ba914ba2731cd9970480a03576a3b1e9a
909e4f36928b8676e7947d125e90b8c2baee1afc6c0dead2ddc05a665811470a
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
98ba645c358687e7cd2018456d3691e703613aa27fa2fa2e54d9396cdf4c55b3
9922364eff0c3700217ea21618f38bb4137d17a27615c0b54f5c60e1171eb1a7
9952ed293c7f1ff35579d96e40e5599b6b90728692c5f159b231be8ab8d0b711
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ae50611d88637626e77fde36ee15395d26d7fad3c623c7bfd9a8cd80f4562a0
9b98385b1458b52b17cd1108e4913325690674965a81a891fe9015631afa5844
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9fc982811791831f2f9189914d4a77fd8b2864d18ae90701ecadc281742ed3d8
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a10851c4cafb53a3edd9dd210ae393479d0e00873523f8103a2c87b35866d8f3
a1857077994b1d097fb8ab1a9ae073a4bde9f9a961129931778c310eda572686
a46228d57faaf3cd1ec77fbed362c13944f30d9e92a4e1e5d3603c3902555df7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6e648923be27227370e476a3fe1b29b7d43f486b80ffb409a04d7b6ef3909ca
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a86b3a844dad8b4c5673af644a74b9046f920772bfc75d0f5fa0704d19510d2e
a8bf54e9be763ab5fad815c7266f841438bb56c7747cf54b7cc620673b497cd4
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
ad596ab3f0ba304a3298d220ae96016367897e1549b8c8c451e59a6f8cfdc913
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1c08ac4601146baf8c5c89c7ce57be133c9fa8cf02d02904f0a20d57b0d1e99
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b4fc2e6d03d7326e141d3c0926e3bd8b92629d69d60c11ace027b64454d45ae2
b919be8745a4d1b7575073503f458e0deb8245330f78d1c27350b7819cb9d720
bc9f634bcbde3783be6101e8fb38a18e93c1e737843bf9136fc857964eb32b98
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c45eea5e6944436e8762d9c18bde4591ac33efd2bfbda1ff9d064712cadaa1ce
c96f4063d1cf1a521e922a223dc86798005e0b037683ba4f1cc71f73512d3034
cb84776b7fb75c84182c1a3cd52f73d0f3baa9e107342770795d7a02087bd97d
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
cfde0dff7c17f03aab9949cb2d2e922610484ab4f4be0a3cb3f39ee2d0c9203e
d028ff06991dab0e77014a91995a9c0d6672a90e68edc339cd62a566fe361ace
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d1af9da57519fd2466a4e032395abcb89c6e405ac5de28ecdddcda93bf3ab768
d1b2788bdb29920e14f411f35f97d863621b0c41fad38c75bb5643ce61fa5ac6
d2cb6c4ce0b2ef4fb404019c0792255259d1b723c01cda789e5412da48fe1541
d464e3962df1445f4b1dd527259d9c2bb50f15f6999bc823f8cd2c56a3fd0d56
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e09f73bae2feb96ab9f1f7434938b18cc9d3d776047c701a387103f40a4e963c
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e370293e768be9a266c8613ad139fbaaf30f598f036b56fd5431394122f0d459
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a4326209997a077d9078967eb02c86ac6dd7780d0871ae7739c5e49f21526f
e8219515bf64b816482bc116d80b889ac71e9f54a874a6e64b164957c8771613
eba07c8aaf4516406fe82ace06334844f851e93b3efb12ef6ee69f190a5c4f67
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5d5e22119cc37b026b03a2b1bda3badc59764774244a40b1f271faf5d02f016
f60b30f2c5ddad9a137a0bebdbcdd2df24cf8e1c3f229764e987d72d56aed439
fdd929f4e7f24ceca1f21a2548a5b7ed985acf6a294ae92beab97c07558de1fa
fe695186b12c42f2be6b19592b5171c3396030f5db022e996cda2a22a27a13b6
fecb1b3f5b31880bc72d6c60a999bc11df4bf1c70bc74690914dd734c59cc816
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48
ffa6dd5ebd840a9a1953cb5e601dc36207d79f31dbab0443e2a5fb6a2c94b5e1

legas.com.ua Open in urlscan Pro 2a06:98c1:3121::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

231 Requests

87 %HTTPS

57 %IPv6

44 Domains

61 Subdomains

48 IPs

11 Countries

2473 kBTransfer

6672 kBSize

42 Cookies

10 Outgoing links

Page URL History

Redirected requests

231 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

legas.com.ua Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Screenshot
Live screenshot

Full Image

231
Requests

87 %
HTTPS

57 %
IPv6

44
Domains

61
Subdomains

48
IPs

11
Countries

2473 kB
Transfer

6672 kB
Size

42
Cookies

231 HTTP transactions
5 data transactions