URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-86...
Submission Tags: falconsandbox
Submission: On April 23 via api from US

Summary

This website contacted 81 IPs in 13 countries across 83 domains to perform 335 HTTP transactions. The main IP is 51.83.188.228, located in France and belongs to OVH, FR. The main domain is gordonua.com.
TLS certificate: Issued by R3 on March 22nd 2021. Valid for: 3 months.
This is the only time gordonua.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
64 51.83.188.228 16276 (OVH)
5 213.174.135.1 39572 (ADVANCEDH...)
7 216.58.212.162 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
54 2a03:2880:f01... 32934 (FACEBOOK)
1 193.239.68.97 39468 (BIGMIR-IN...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
10 2a03:2880:f11... 32934 (FACEBOOK)
2 2a0c:5c81:514... 55081 (24SHELLS)
1 2 88.212.201.210 39134 (UNITEDNET)
3 193.239.71.100 39468 (BIGMIR-IN...)
1 1 116.202.172.174 24940 (HETZNER-AS)
4 14 62.149.0.72 15497 (COLOCALL ...)
2 2a0c:5c81:509... 55081 (24SHELLS)
2 193.200.65.5 6681 (GIVEME-CLOUD)
4 4 2a03:2880:f01... 32934 (FACEBOOK)
3 2606:2800:234... 15133 (EDGECAST)
1 4 54.37.238.28 16276 (OVH)
2 104.244.42.136 13414 (TWITTER)
1 2 46.249.52.248 50673 (SERVERIUS-AS)
4 2.18.233.180 16625 (AKAMAI-AS)
2 5 104.111.237.88 16625 (AKAMAI-AS)
2 5 37.157.6.241 198622 (ADFORM)
2 2a00:f48:2000... 47447 (TTM)
2 2 185.184.8.30 204995 (RTB-HOUSE...)
1 1 54.82.140.85 14618 (AMAZON-AES)
2 208.100.17.190 32748 (STEADFAST)
2 2 72.251.249.9 29791 (VOXEL-DOT...)
6 6 35.227.252.103 15169 (GOOGLE)
5 8 185.33.221.11 29990 (ASN-APPNEX)
1 13 18.158.173.146 16509 (AMAZON-02)
4 2a03:2880:f01... 32934 (FACEBOOK)
1 1 66.155.71.25 13768 (COGECO-PEER1)
8 46.249.52.249 50673 (SERVERIUS-AS)
3 3 213.19.147.45 26120 (RHYTHMONE)
4 6 63.33.11.43 16509 (AMAZON-02)
5 5.178.65.253 50673 (SERVERIUS-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 8 3.221.146.169 14618 (AMAZON-AES)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 3 168.119.149.178 24940 (HETZNER-AS)
3 178.162.133.149 60781 (LEASEWEB-...)
4 4 3.126.56.137 16509 (AMAZON-02)
1 1 88.214.206.247 46636 (NATCOWEB)
1 1 23.79.143.124 16625 (AKAMAI-AS)
2 104.111.230.142 16625 (AKAMAI-AS)
1 2a03:2880:f02... 32934 (FACEBOOK)
2 4 185.64.190.78 62713 (AS-PUBMATIC)
7 14 2.18.234.21 16625 (AKAMAI-AS)
1 18 2606:4700:10:... 13335 (CLOUDFLAR...)
9 15 172.217.16.130 15169 (GOOGLE)
4 5 35.227.248.159 15169 (GOOGLE)
1 151.101.13.44 54113 (FASTLY)
1 154.57.158.51 26558 (FREEWHEEL)
2 2 2a05:d018:24:... 16509 (AMAZON-02)
2 2 18.200.233.208 16509 (AMAZON-02)
1 54.78.254.47 16509 (AMAZON-02)
1 1 151.1.205.165 3242 (ASN-ITNET)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
2 2 35.201.81.244 15169 (GOOGLE)
1 89.163.159.103 24961 (MYLOC-AS ...)
3 4 34.251.130.56 16509 (AMAZON-02)
1 1 212.82.100.182 34010 (YAHOO-IRD)
1 1 18.132.239.61 16509 (AMAZON-02)
1 34.98.67.61 15169 (GOOGLE)
2 54.170.10.95 16509 (AMAZON-02)
4 4 151.101.114.49 54113 (FASTLY)
1 1 2.18.233.201 16625 (AKAMAI-AS)
1 1 18.210.140.68 14618 (AMAZON-AES)
1 2 52.95.124.165 16509 (AMAZON-02)
1 1 23.45.110.176 16625 (AKAMAI-AS)
1 54.76.71.14 16509 (AMAZON-02)
1 13.224.95.123 16509 (AMAZON-02)
6 2606:4700:20:... 13335 (CLOUDFLAR...)
1 51.15.145.115 12876 (Online SAS)
1 1 62.209.227.211 5588 (GTSCE GTS...)
2 2 188.42.191.196 7979 (SERVERS-COM)
1 51.89.9.251 16276 (OVH)
1 2 52.46.130.13 16509 (AMAZON-02)
1 173.231.180.197 29791 (VOXEL-DOT...)
3 3 185.29.135.234 30419 (MEDIAMATH...)
1 1 37.252.173.134 29990 (ASN-APPNEX)
1 2 69.173.144.139 26667 (RUBICONPR...)
3 7 37.157.4.28 198622 (ADFORM)
2 2a00:1288:110... 34010 (YAHOO-IRD)
1 169.197.150.7 398989 (DEEPINTENT)
1 1 54.236.220.178 14618 (AMAZON-AES)
1 1 178.250.2.151 44788 (ASN-CRITE...)
2 188.166.21.205 14061 (DIGITALOC...)
1 3.121.27.153 16509 (AMAZON-02)
1 178.128.142.14 14061 (DIGITALOC...)
2 104.16.199.73 13335 (CLOUDFLAR...)
2 2600:9000:206... 16509 (AMAZON-02)
2 91.198.36.26 43405 (DIGITAL-V...)
1 2a04:4e42:1b:... 54113 (FASTLY)
2 91.198.36.35 43405 (DIGITAL-V...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
3 37.157.5.72 198622 (ADFORM)
1 2620:116:800d... 16509 (AMAZON-02)
1 1 54.93.142.164 16509 (AMAZON-02)
1 2a05:d01c:1d8... 16509 (AMAZON-02)
3 178.62.226.6 14061 (DIGITALOC...)
1 2a00:1450:400... 15169 (GOOGLE)
335 81
Apex Domain
Subdomains
Transfer
64 gordonua.com
gordonua.com
809 KB
55 fbcdn.net
static.xx.fbcdn.net
scontent-frt3-1.xx.fbcdn.net
scontent-frx5-1.xx.fbcdn.net
1 MB
21 doubleclick.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
cm.g.doubleclick.net
156 KB
18 zeotap.com
spl.zeotap.com
mwzeom.zeotap.com
6 KB
16 adscale.de
js.adscale.de
ih.adscale.de
17 KB
15 adform.net
cm.adform.net
dmp.adform.net
c1.adform.net
track.adform.net
s1.adform.net
116 KB
15 e-planning.net
ads.us.e-planning.net
u-ams02.e-planning.net
sync.e-planning.net
s.e-planning.net
19 KB
15 adtelligent.com
player.adtelligent.com
ghb.adtelligent.com
sync.adtelligent.com
s.adtelligent.com
149 KB
14 casalemedia.com
ssum.casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
16 KB
14 facebook.com
www.facebook.com
web.facebook.com
93 KB
12 googlesyndication.com
91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
42 KB
9 adnxs.com
ib.adnxs.com
adscale-emea.adnxs.com
secure.adnxs.com
5 KB
8 audrte.com
a.audrte.com
9 KB
8 pubmatic.com
ads.pubmatic.com
image6.pubmatic.com
37 KB
7 yahoo.com
ups.analytics.yahoo.com
cms.analytics.yahoo.com
pr-bh.ybp.yahoo.com
5 KB
7 adtarget.com.tr
s.console.adtarget.com.tr
sync.console.adtarget.com.tr
4 KB
6 phoenix-widget.com
phoenix-widget.com
api.phoenix-widget.com
img.phoenix-widget.com
193 KB
6 quantumdex.io
sync.quantumdex.io
3 KB
6 adsrvr.org
match.adsrvr.org
3 KB
6 openx.net
rtb.openx.net
2 KB
5 crwdcntrl.net
bcp.crwdcntrl.net
tags.crwdcntrl.net
14 KB
5 tapad.com
pixel.tapad.com
2 KB
5 rubiconproject.com
secure-assets.rubiconproject.com
eus.rubiconproject.com
token.rubiconproject.com
pixel.rubiconproject.com
11 KB
5 twitter.com
platform.twitter.com
syndication.twitter.com
22 KB
4 holder.com.ua
i.holder.com.ua
h.holder.com.ua
9 KB
4 amazon-adsystem.com
aax-eu.amazon-adsystem.com
s.amazon-adsystem.com
2 KB
4 mathtag.com
pixel.mathtag.com
sync.mathtag.com
2 KB
4 everesttech.net
sync-tm.everesttech.net
1 KB
4 gemius.pl
gaua.hit.gemius.pl
12 KB
4 bigmir.net
c.bigmir.net
i.bigmir.net
1 KB
4 facebook.net
connect.facebook.net
162 KB
3 krxd.net
beacon.krxd.net
usermatch.krxd.net
933 B
3 sonobi.com
sync.go.sonobi.com
1 KB
3 richaudience.com
sync.richaudience.com
743 B
3 google-analytics.com
www.google-analytics.com
20 KB
2 googletagservices.com
www.googletagservices.com
63 KB
2 optad360.io
get.optad360.io
236 KB
2 idealmedia.io
jsc.idealmedia.io
c.idealmedia.io
75 KB
2 m6r.eu
tracking.m6r.eu
1 KB
2 betweendigital.com
ads.betweendigital.com
925 B
2 agkn.com
aa.agkn.com
d.agkn.com
1 KB
2 weborama.fr
idsync.frontend.weborama.fr
841 B
2 demdex.net
dpm.demdex.net
2 KB
2 tidaltv.com
sync.tidaltv.com
791 B
2 1rx.io
sync.1rx.io
1 KB
2 lijit.com
ap.lijit.com
1 KB
2 tynt.com
ic.tynt.com
2 creativecdn.com
creativecdn.com
721 B
2 admatic.com.tr
cdn.admatic.com.tr
21 KB
2 trafmag.com
t.trafmag.com
464 B
2 yadro.ru
counter.yadro.ru
1 KB
1 gstatic.com
fonts.gstatic.com
19 KB
1 innovid.com
ag.innovid.com
295 B
1 quantserve.com
cms.quantserve.com
463 B
1 google.com
adservice.google.com
553 B
1 google.pl
adservice.google.pl
799 B
1 jsdelivr.net
cdn.jsdelivr.net
1 KB
1 eyeota.net
ps.eyeota.net
1 KB
1 criteo.com
dis.criteo.com
536 B
1 extend.tv
sync.extend.tv
546 B
1 deepintent.com
match.deepintent.com
44 B
1 adgrx.com
cm.adgrx.com
408 B
1 onetag-sys.com
onetag-sys.com
818 B
1 ibillboard.com
bbnaut.ibillboard.com
550 B
1 cookieless-data.com
js.cookieless-data.com
367 B
1 imrworldwide.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
38 B
1 bluekai.com
tags.bluekai.com
346 B
1 mookie1.com
odr.mookie1.com
324 B
1 theadex.com
dmp.theadex.com
378 B
1 adition.com
dsp.adfarm1.adition.com
596 B
1 bemail.it
bn01.er.bemail.it
659 B
1 exelator.com
loadeu.exelator.com
324 B
1 fwmrm.net
dmp.v.fwmrm.net
361 B
1 taboola.com
trc.taboola.com
163 B
1 admanmedia.com
cs.admanmedia.com
428 B
1 dotomi.com
prebid-match.dotomi.com
104 B
1 navdmp.com
tag.navdmp.com
4 KB
1 unrulymedia.com
sync.targeting.unrulymedia.com
490 B
1 sitescout.com
pixel.sitescout.com
288 B
1 advangelists.com
nep.advangelists.com
229 B
1 loopme.me
csync.loopme.me
208 B
1 gravitec.net
cdn.gravitec.net
18 KB
1 googletagmanager.com
www.googletagmanager.com
37 KB
335 83
Domain Requested by
64 gordonua.com gordonua.com
50 static.xx.fbcdn.net www.facebook.com
static.xx.fbcdn.net
15 mwzeom.zeotap.com 1 redirects ads.us.e-planning.net
15 cm.g.doubleclick.net 9 redirects 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
13 ih.adscale.de 1 redirects js.adscale.de
ih.adscale.de
10 www.facebook.com gordonua.com
connect.facebook.net
static.xx.fbcdn.net
8 a.audrte.com 4 redirects ads.us.e-planning.net
a.audrte.com
8 sync.adtelligent.com 3 redirects player.adtelligent.com
s.console.adtarget.com.tr
s.adtelligent.com
7 track.adform.net 3 redirects 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
s1.adform.net
7 ib.adnxs.com 5 redirects spl.zeotap.com
ssum.casalemedia.com
6 tpc.googlesyndication.com securepubads.g.doubleclick.net
91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
tpc.googlesyndication.com
6 dsum-sec.casalemedia.com 2 redirects ssum-sec.casalemedia.com
ssum.casalemedia.com
6 sync.quantumdex.io ads.us.e-planning.net
sync.quantumdex.io
ssum-sec.casalemedia.com
6 match.adsrvr.org 4 redirects ssum-sec.casalemedia.com
ssum.casalemedia.com
6 rtb.openx.net 6 redirects
6 sync.console.adtarget.com.tr 1 redirects s.console.adtarget.com.tr
s.adtelligent.com
js.adscale.de
ads.us.e-planning.net
5 ssum-sec.casalemedia.com 3 redirects sync.quantumdex.io
ssum-sec.casalemedia.com
5 pixel.tapad.com 4 redirects ads.us.e-planning.net
5 s.e-planning.net ads.us.e-planning.net
5 u-ams02.e-planning.net ads.us.e-planning.net
ssum.casalemedia.com
5 securepubads.g.doubleclick.net gordonua.com
securepubads.g.doubleclick.net
get.optad360.io
4 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
4 sync-tm.everesttech.net 4 redirects
4 bcp.crwdcntrl.net 3 redirects ssum-sec.casalemedia.com
4 image6.pubmatic.com 2 redirects ads.pubmatic.com
spl.zeotap.com
4 ups.analytics.yahoo.com 4 redirects
4 scontent-frt3-1.xx.fbcdn.net www.facebook.com
4 ads.pubmatic.com s.console.adtarget.com.tr
ads.pubmatic.com
ads.us.e-planning.net
4 gaua.hit.gemius.pl 1 redirects gordonua.com
gaua.hit.gemius.pl
4 web.facebook.com 4 redirects
4 connect.facebook.net gordonua.com
connect.facebook.net
4 player.adtelligent.com gordonua.com
player.adtelligent.com
3 img.phoenix-widget.com
3 s1.adform.net track.adform.net
s1.adform.net
3 sync.mathtag.com 3 redirects
3 dmp.adform.net 2 redirects spl.zeotap.com
3 spl.zeotap.com ads.us.e-planning.net
spl.zeotap.com
3 ssum.casalemedia.com 2 redirects ads.us.e-planning.net
3 sync.go.sonobi.com ads.us.e-planning.net
sync.quantumdex.io
3 sync.richaudience.com 1 redirects ads.us.e-planning.net
spl.zeotap.com
3 sync.e-planning.net ads.us.e-planning.net
sync.quantumdex.io
3 js.adscale.de s.console.adtarget.com.tr
js.adscale.de
ih.adscale.de
3 platform.twitter.com gordonua.com
3 i.bigmir.net gordonua.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
phoenix-widget.com
2 www.googletagservices.com securepubads.g.doubleclick.net
91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
2 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 h.holder.com.ua gordonua.com
2 i.holder.com.ua gordonua.com
2 get.optad360.io gordonua.com
get.optad360.io
2 phoenix-widget.com gordonua.com
2 tracking.m6r.eu 2 redirects
2 pr-bh.ybp.yahoo.com ssum.casalemedia.com
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 ads.betweendigital.com 2 redirects
2 aax-eu.amazon-adsystem.com 1 redirects ads.us.e-planning.net
2 beacon.krxd.net spl.zeotap.com
ads.us.e-planning.net
2 idsync.frontend.weborama.fr 2 redirects
2 dpm.demdex.net 2 redirects
2 sync.tidaltv.com 2 redirects
2 eus.rubiconproject.com ads.us.e-planning.net
eus.rubiconproject.com
2 sync.1rx.io 2 redirects
2 ap.lijit.com 2 redirects
2 ic.tynt.com s.adtelligent.com
sync.quantumdex.io
2 creativecdn.com 2 redirects
2 cdn.admatic.com.tr s.console.adtarget.com.tr
cdn.admatic.com.tr
2 ads.us.e-planning.net 1 redirects s.console.adtarget.com.tr
2 syndication.twitter.com platform.twitter.com
gordonua.com
2 t.trafmag.com gordonua.com
s.adtelligent.com
2 counter.yadro.ru 1 redirects gordonua.com
2 ghb.adtelligent.com player.adtelligent.com
1 fonts.gstatic.com gordonua.com
1 ag.innovid.com 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
1 pixel.rubiconproject.com 1 redirects
1 d.agkn.com 1 redirects
1 cms.quantserve.com 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
1 c.idealmedia.io jsc.idealmedia.io
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.pl securepubads.g.doubleclick.net
1 cdn.jsdelivr.net get.optad360.io
1 jsc.idealmedia.io gordonua.com
1 api.phoenix-widget.com phoenix-widget.com
1 ps.eyeota.net
1 dis.criteo.com 1 redirects
1 sync.extend.tv 1 redirects
1 match.deepintent.com ssum.casalemedia.com
1 secure.adnxs.com ssum.casalemedia.com
1 token.rubiconproject.com eus.rubiconproject.com
1 adscale-emea.adnxs.com 1 redirects
1 cm.adgrx.com ssum-sec.casalemedia.com
1 c1.adform.net ssum-sec.casalemedia.com
1 onetag-sys.com sync.quantumdex.io
1 bbnaut.ibillboard.com 1 redirects
1 js.cookieless-data.com s.e-planning.net
1 tags.crwdcntrl.net s.e-planning.net
1 obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com spl.zeotap.com
1 tags.bluekai.com 1 redirects
1 usermatch.krxd.net 1 redirects
1 pixel.mathtag.com 1 redirects
1 odr.mookie1.com spl.zeotap.com
1 aa.agkn.com 1 redirects
1 cms.analytics.yahoo.com 1 redirects
1 dmp.theadex.com spl.zeotap.com
1 dsp.adfarm1.adition.com 1 redirects
1 bn01.er.bemail.it 1 redirects
1 loadeu.exelator.com spl.zeotap.com
1 dmp.v.fwmrm.net spl.zeotap.com
1 trc.taboola.com spl.zeotap.com
1 scontent-frx5-1.xx.fbcdn.net www.facebook.com
1 secure-assets.rubiconproject.com 1 redirects
1 cs.admanmedia.com 1 redirects
1 prebid-match.dotomi.com ads.us.e-planning.net
1 tag.navdmp.com ads.us.e-planning.net
1 sync.targeting.unrulymedia.com 1 redirects
1 pixel.sitescout.com 1 redirects
1 nep.advangelists.com 1 redirects
1 s.adtelligent.com s.console.adtarget.com.tr
1 cm.adform.net s.console.adtarget.com.tr
1 s.console.adtarget.com.tr player.adtelligent.com
1 csync.loopme.me 1 redirects
1 stats.g.doubleclick.net www.google-analytics.com
1 cdn.gravitec.net www.googletagmanager.com
1 c.bigmir.net gordonua.com
1 www.googletagmanager.com gordonua.com
335 124
Subject Issuer Validity Valid
gordonua.com
R3
2021-03-22 -
2021-06-20
3 months crt.sh
*.adtelligent.com
Sectigo RSA Domain Validation Secure Server CA
2020-10-28 -
2021-11-27
a year crt.sh
*.g.doubleclick.net
GTS CA 1O1
2021-03-23 -
2021-06-15
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2021-03-23 -
2021-06-15
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-04-06 -
2021-07-03
3 months crt.sh
c.bigmir.net
R3
2021-04-02 -
2021-07-01
3 months crt.sh
*.gravitec.net
AlphaSSL CA - SHA256 - G2
2021-03-04 -
2022-04-05
a year crt.sh
ghb.adtelligent.com
R3
2021-03-07 -
2021-06-05
3 months crt.sh
counter.yadro.ru
R3
2021-03-22 -
2021-06-20
3 months crt.sh
img.com.ua
R3
2021-03-03 -
2021-06-01
3 months crt.sh
sync.adtelligent.com
R3
2021-04-06 -
2021-07-05
3 months crt.sh
s.console.adtarget.com.tr
ZeroSSL ECC Domain Secure Site CA
2021-04-03 -
2021-07-02
3 months crt.sh
*.trafmag.com
Sectigo RSA Domain Validation Secure Server CA
2020-06-15 -
2021-06-21
a year crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1
2020-11-05 -
2021-11-09
a year crt.sh
*.hit.gemius.pl
Sectigo ECC Domain Validation Secure Server CA
2019-09-11 -
2021-09-24
2 years crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1
2021-02-05 -
2022-02-04
a year crt.sh
ads.us.e-planning.net
R3
2021-03-15 -
2021-06-13
3 months crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA
2021-03-30 -
2022-04-04
a year crt.sh
cat.adscale.de
DigiCert SHA2 Secure Server CA
2020-10-23 -
2021-11-21
a year crt.sh
*.adform.net
DigiCert SHA2 Secure Server CA
2020-04-02 -
2021-06-02
a year crt.sh
cdn.admatic.com.tr
R3
2021-04-07 -
2021-07-06
3 months crt.sh
s.adtelligent.com
ZeroSSL ECC Domain Secure Site CA
2021-04-07 -
2021-07-06
3 months crt.sh
sync.console.adtarget.com.tr
R3
2021-04-02 -
2021-07-01
3 months crt.sh
*.tynt.com
Sectigo RSA Domain Validation Secure Server CA
2020-06-01 -
2021-09-30
a year crt.sh
*.adscale.de
Amazon
2020-06-05 -
2021-07-07
a year crt.sh
*.e-planning.net
R3
2021-03-26 -
2021-06-24
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-08-05 -
2021-08-05
a year crt.sh
*.audrte.com
Amazon
2021-01-26 -
2022-02-24
a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018
2019-06-19 -
2021-08-31
2 years crt.sh
*.richaudience.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1
2021-03-17 -
2022-03-16
a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2
2020-12-06 -
2022-01-07
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2021-04-01 -
2022-04-04
a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018
2021-02-05 -
2022-02-09
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2021-03-05 -
2022-02-19
a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1
2020-11-25 -
2021-12-26
a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1
2020-11-17 -
2021-12-18
a year crt.sh
*.exelator.com
Go Daddy Secure Certificate Authority - G2
2019-05-17 -
2021-06-25
2 years crt.sh
*.tapad.com
DigiCert SHA2 Secure Server CA
2020-10-05 -
2021-11-06
a year crt.sh
*.theadex.com
GeoTrust RSA CA 2018
2019-10-11 -
2021-10-10
2 years crt.sh
*.mookie1.com
DigiCert TLS RSA SHA256 2020 CA1
2021-02-22 -
2022-03-25
a year crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1
2021-01-13 -
2022-01-07
a year crt.sh
aax-eu.amazon-adsystem.com
Amazon
2021-04-09 -
2022-03-20
a year crt.sh
*.redinuid.imrworldwide.com
Amazon
2020-07-24 -
2021-08-24
a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2
2019-06-13 -
2021-06-28
2 years crt.sh
js.cookieless-data.com
R3
2021-03-07 -
2021-06-05
3 months crt.sh
onetag-sys.com
R3
2021-03-16 -
2021-06-14
3 months crt.sh
s.amazon-adsystem.com
Amazon
2020-08-28 -
2021-08-20
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2021-03-18 -
2022-04-19
a year crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA
2021-02-24 -
2022-03-26
a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2020-10-30 -
2021-04-27
6 months crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2
2020-04-09 -
2022-06-08
2 years crt.sh
phoenix-widget.com
Sectigo RSA Domain Validation Secure Server CA
2021-03-10 -
2022-03-10
a year crt.sh
*.eyeota.net
R3
2021-02-28 -
2021-05-29
3 months crt.sh
*.optad360.io
Amazon
2020-12-17 -
2022-01-15
a year crt.sh
holder.com.ua
R3
2021-02-16 -
2021-05-17
3 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2021-04-13 -
2022-03-26
a year crt.sh
*.google.pl
GTS CA 1O1
2021-03-23 -
2021-06-15
3 months crt.sh
*.google.com
GTS CA 1O1
2021-03-23 -
2021-06-15
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1
2021-03-23 -
2021-06-15
3 months crt.sh
track.adform.net
DigiCert SHA2 Secure Server CA
2019-09-16 -
2021-09-20
2 years crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA
2020-10-02 -
2021-10-07
a year crt.sh
*.innovid.com
RapidSSL RSA CA 2018
2020-02-07 -
2022-04-07
2 years crt.sh
*.gstatic.com
GTS CA 1O1
2021-03-23 -
2021-06-15
3 months crt.sh

This page contains 34 frames:

Primary Page: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Frame ID: 2E73AC6189D39BAC8887E819B187F627
Requests: 123 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=114293af-7252-496c-bd45-4e2721583258
Frame ID: 400581D7B71E51091CD25B0605F83716
Requests: 1 HTTP requests in this frame

Frame: https://s.console.adtarget.com.tr/sync.html?aid=609096
Frame ID: A2880A6E41B2D98D9E8A4313CCC72158
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v5.0/plugins/share_button.php?app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5b7a92dacf1%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&layout=button_count&locale=ru_RU&sdk=joey&size=small&_rdc=1&_rdr
Frame ID: B3D13FEFECE794B13AD9111F5470FE1F
Requests: 4 HTTP requests in this frame

Frame: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1abca4da71757c%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=0&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom%2F&locale=ru_RU&sdk=joey&show_facepile=true&small_header=true&_rdc=1&_rdr
Frame ID: 7E0D2A20F22C96A946F4045D06F215FE
Requests: 9 HTTP requests in this frame

Frame: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Frame ID: 4C1720B26B881FCFA7F7808E8B8E2FBF
Requests: 25 HTTP requests in this frame

Frame: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Frame ID: FF21D4E340032AC673C63EE1F130A9C9
Requests: 24 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2e9f365dae390394eb8d923cba8c5b11.html?origin=https%3A%2F%2Fgordonua.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Frame ID: 500D4A32D5E4F62F4B453473D23547EE
Requests: 2 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Frame ID: 664024F62962CC7C95BCE0CAB17FE922
Requests: 21 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Frame ID: 89E6DE332A519190EFE4977124AA6CF2
Requests: 1 HTTP requests in this frame

Frame: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Frame ID: B957BD4214E982CB9B74BA6F69F85737
Requests: 5 HTTP requests in this frame

Frame: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Frame ID: 1CE86DE451CA71C47DB433BD1C656F82
Requests: 1 HTTP requests in this frame

Frame: https://cdn.admatic.com.tr/user
Frame ID: 51C325B397ACE8A7C0AA4C2847D8F99B
Requests: 2 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=609724
Frame ID: F70FBEA3AC55B940D21E640AC9B67A49
Requests: 6 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=GEZonDgO0eBWQ7La62qL&pi=admatic&tc=1
Frame ID: E32FBF57C36DBF34143C610F132560D5
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2e9f365dae390394eb8d923cba8c5b11.en.html
Frame ID: 269743FDFED9430ED6EB9B8CF5DB9D90
Requests: 2 HTTP requests in this frame

Frame: https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Frame ID: D11EA4A09FEB38D75733852E1E4CA5DD
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 9396F808F0A499212BA29631F9ACB356
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Frame ID: ECC44D1F35A047E17D39A3BF6EBDE832
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc73d61587ad18754%26uid%3D
Frame ID: F4E5438212E2EBDD0D683CAC86CDA445
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: F3B499EB875E1711603138B3A2D95A69
Requests: 1 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
Frame ID: 54C23582F35FBC5BD5E998D5D2110CDE
Requests: 10 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361&cmp=0
Frame ID: 97A833469C63CC9A62BD6CE4B4EB3137
Requests: 31 HTTP requests in this frame

Frame: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Frame ID: 18A37EEC929738BC4C3110213AF119E0
Requests: 11 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: 091DF316AE9932DFAF98B307E990BAF4
Requests: 2 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/e-planning
Frame ID: 42AFA7346A4D817134A964D0B4493F2A
Requests: 7 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307442&extuid=AKVN9MJlSt8s6Mt7
Frame ID: 6B33ED1938A91E160104645372405848
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Frame ID: 590B1D3C5994F80ADF2B72C4362C569E
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: 8B059D1CD768DBFAA31604D0E519E02D
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Frame ID: 196B7DED34A8EBF2BDA57698910762E4
Requests: 1 HTTP requests in this frame

Frame: https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Frame ID: F11B28306B41018AF4EDE30D4D3CA12A
Requests: 1 HTTP requests in this frame

Frame: https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 49C1155A50195122B4CD476797CBE10A
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 0ECDFC276867308FE6ADA2EEA430C875
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5CFBF9EB1BBED05B6EE434AFD2926042
Requests: 9 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: %
Detected patterns
  • script /hit\.gemius\.pl\/xgemius\.js/i
  • script /hit\.gemius\.pl/i
  • script /xgemius\.js/i

Page Statistics

335
Requests

100 %
HTTPS

27 %
IPv6

83
Domains

124
Subdomains

81
IPs

13
Countries

3721 kB
Transfer

10917 kB
Size

10
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44
  • https://counter.yadro.ru/hit?t16.6;r;s1600*1200*24;uhttps%3A//gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html;0.5763704230932636 HTTP 302
  • https://counter.yadro.ru/hit?q;t16.6;r;s1600*1200*24;uhttps%3A//gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html;0.5763704230932636
Request Chain 48
  • https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D HTTP 307
  • https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=114293af-7252-496c-bd45-4e2721583258
Request Chain 50
  • https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D HTTP 302
  • https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=37c8f4dd4b59cb2b
Request Chain 52
  • https://web.facebook.com/v5.0/plugins/share_button.php?app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5b7a92dacf1%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&layout=button_count&locale=ru_RU&sdk=joey&size=small HTTP 302
  • https://www.facebook.com/v5.0/plugins/share_button.php?app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5b7a92dacf1%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&layout=button_count&locale=ru_RU&sdk=joey&size=small&_rdc=1&_rdr
Request Chain 53
  • https://web.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1abca4da71757c%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=0&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom%2F&locale=ru_RU&sdk=joey&show_facepile=true&small_header=true HTTP 302
  • https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1abca4da71757c%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=0&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom%2F&locale=ru_RU&sdk=joey&show_facepile=true&small_header=true&_rdc=1&_rdr
Request Chain 54
  • https://web.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300 HTTP 302
  • https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Request Chain 55
  • https://web.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300 HTTP 302
  • https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Request Chain 66
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID HTTP 302
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Request Chain 72
  • https://creativecdn.com/cm-notify?pi=admatic HTTP 302
  • https://creativecdn.com/cm-notify?pi=admatic&tc=1 HTTP 302
  • https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=GEZonDgO0eBWQ7La62qL&pi=admatic&tc=1
Request Chain 73
  • https://nep.advangelists.com/xp/user-sync?acctid=494&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D306709%26extuid%3D%7BPARTNER_VISITOR_ID%7D HTTP 302
  • https://sync.console.adtarget.com.tr/csync?t=a&ep=306709&extuid=av-f675d6f0-1b4f-4a44-aed8-0e9ccdfb41d1
Request Chain 74
  • https://sync.console.adtarget.com.tr/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D318342%26extuid%3D%7Buid%7D HTTP 302
  • https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=97e25719fee34765
Request Chain 78
  • https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D HTTP 302
  • https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=37c8f4dd4b59cb2b
Request Chain 80
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID HTTP 307
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID&sovrn_retry=true HTTP 307
  • https://sync.adtelligent.com/csync?t=a&ep=310570&extuid=7769fa96d2dec248bb773327
Request Chain 81
  • https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309255%26extuid%3D%24%7BUID%7D HTTP 302
  • https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309255%26extuid%3D%24%7BUID%7D&ox_sc=1 HTTP 302
  • https://sync.adtelligent.com/csync?t=a&ep=309255&extuid=54e3fc98-e541-4023-bb24-8a03f2f4a470
Request Chain 82
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D297253%26extuid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.adtelligent.com%252Fcsync%253Ft%253Da%2526ep%253D297253%2526extuid%253D%2524UID HTTP 302
  • https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=295627870936991132
Request Chain 83
  • https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D322988%26extuid%3D%7Buid%7D HTTP 302
  • https://sync.console.adtarget.com.tr/csync?t=a&ep=322988&extuid=37c8f4dd4b59cb2b
Request Chain 86
  • https://ih.adscale.de/uu?cbfn=receive&t=1619139692 HTTP 302
  • https://ih.adscale.de/uu?cbfn=receive&t=1619139692&nut&uu=10083598ef6b4e469e299562f7eb7630
Request Chain 87
  • https://gaua.hit.gemius.pl/_1619139692471/rexdot.js?l=100&id=B9CV7SrIJX2nvNGotyPT6oaT7zcpOCbAOJjDjlEwkLT.57&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=0&lsdata=-NOTSUP&fpdata=bunMticMoC3svXKb6LveEhONetw3j_Um60zuGEI9OCb.T7&vis=1 HTTP 301
  • https://gaua.hit.gemius.pl/__/_1619139692471/rexdot.js?l=100&id=B9CV7SrIJX2nvNGotyPT6oaT7zcpOCbAOJjDjlEwkLT.57&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=0&lsdata=-NOTSUP&fpdata=bunMticMoC3svXKb6LveEhONetw3j_Um60zuGEI9OCb.T7&vis=1
Request Chain 125
  • https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Dc73d61587ad18754 HTTP 302
  • https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=c73d61587ad18754
Request Chain 126
  • https://sync.1rx.io/usersync2/eplanning HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8052848474 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8052848474 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/36017f08-4a15-4969-8546-5999baa22b22 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-469d53fd-248c-4939-b2c9-a48d22dfef6e-003?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3DRX-469d53fd-248c-4939-b2c9-a48d22dfef6e-003%26dc%3D1079cc634ca638f8%26iss%3D1 HTTP 302
  • https://sync.e-planning.net/um?uid=RX-469d53fd-248c-4939-b2c9-a48d22dfef6e-003&dc=1079cc634ca638f8&iss=1
Request Chain 130
  • https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3Dc73d61587ad18754%26uid%3D%24%7BUID%7D HTTP 302
  • https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3Dc73d61587ad18754%26uid%3D%24%7BUID%7D&ox_sc=1 HTTP 302
  • https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=c73d61587ad18754&uid=652807ed-514b-4e0b-a868-f22e2f46826e
Request Chain 134
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3Dc73d61587ad18754 HTTP 302
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
Request Chain 135
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Dc73d61587ad18754%26uid%3D%24UID HTTP 302
  • https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=c73d61587ad18754&uid=295627870936991132
Request Chain 137
  • https://ups.analytics.yahoo.com/ups/58414/occ HTTP 302
  • https://ups.analytics.yahoo.com/ups/58414/occ?verify=true HTTP 302
  • https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-2t_tPw1E2uEEPaadjj_RZ.OWbSBIpuSF3hgHAmQ-~A
Request Chain 138
  • https://cs.admanmedia.com/sync/eplanning?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D227acb3d18564968%26fi%3Dc73d61587ad18754%26uid%3D%7B%24UID%7D HTTP 302
  • https://u-ams02.e-planning.net/um?dc=227acb3d18564968&fi=c73d61587ad18754&uid=5651f3b5ad495670b9e8afea73c65f3ac93e884f
Request Chain 140
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu HTTP 301
  • https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Request Chain 152
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D HTTP 302
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
Request Chain 174
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361&google_tc= HTTP 302
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEKtQyG4AOjwWstpP9Rf8Bc8&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Request Chain 175
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=76436c61-a3cf-11eb-a57c-ee4330ad0bed&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Request Chain 177
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=36017f08-4a15-4969-8546-5999baa22b22&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Request Chain 181
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361 HTTP 302
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361&s_h=1 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=d720e301-3c69-4d9f-9f2d-479347e95214&zpartnerid=317&gdpr=1&gdpr_consent=
Request Chain 182
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=da4e1ab7-39d4-480a-766e-8fdf96bd7262&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361 HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=da4e1ab7-39d4-480a-766e-8fdf96bd7262&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=81026365817338775154535014202940888986&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Request Chain 184
  • https://bn01.er.bemail.it/zeotap.php?_bid=da4e1ab7-39d4-480a-766e-8fdf96bd7262&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=BE1-2021042303-26730-0.155553001619139693-cfd73a5bd8a3914481b068c580566408&zdid=533&env=mWeb
Request Chain 185
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=6954152033387214993&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Request Chain 186
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=da4e1ab7-39d4-480a-766e-8fdf96bd7262 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=da4e1ab7-39d4-480a-766e-8fdf96bd7262
Request Chain 187
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=da4e1ab7-39d4-480a-766e-8fdf96bd7262&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=da4e1ab7-39d4-480a-766e-8fdf96bd7262&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361&bounce=1&random=837293002 HTTP 302
  • https://mwzeom.zeotap.com/mw?webouuid=91dcj2pzPQ/MsVvKquDVpe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Request Chain 189
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=da4e1ab7-39d4-480a-766e-8fdf96bd7262?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=da4e1ab7-39d4-480a-766e-8fdf96bd7262?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?pid=bf2c753c8356f3e112ee26c6a9a2ac4&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Request Chain 190
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=y-Di.P6JRE2op8Myv1vvDlEZWHiaa.Iwmo6w--~A&zpartnerid=570&env=mWeb
Request Chain 191
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=GKVmlgiyGdgs5apM0xfpNd69lryWrOUT%2BS41iYitP1U%3D
Request Chain 195
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361 HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361&_test=YIIcbgAAZT9iagBg HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YIIcbgAAZT9iagBg&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361&_test=YIIcbgAAZT9iagBg
Request Chain 196
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=30576082-1c6f-4000-a58c-882887c2373a&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Request Chain 197
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=768&cid=OE94J1p4&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=da4e1ab7-39d4-480a-766e-8fdf96bd7262
Request Chain 198
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=da4e1ab7-39d4-480a-766e-8fdf96bd7262&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=da4e1ab7-39d4-480a-766e-8fdf96bd7262&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361&dcc=t
Request Chain 199
  • https://tags.bluekai.com/site/87734?id=da4e1ab7-39d4-480a-766e-8fdf96bd7262&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Request Chain 209
  • https://bbnaut.ibillboard.com/match/AdScale?partneruid=10083598ef6b4e469e299562f7eb7630&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a6f3aea857f826d8%2F1619139692945%2F0%2Fimg%3Ftpid%3D101%26tpuid%3DIBB_USER_ID&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/img?tpid=101&tpuid=BBID-01-02938537005297030-16269048
Request Chain 210
  • https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1 HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=between&uid=83c38c5b-2422-5271-8f3f-5bf5efbd4798
Request Chain 211
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=appnexus&uid=295627870936991132
Request Chain 212
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=answermedia&uid=295627870936991132
Request Chain 214
  • https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-2t_tPw1E2uEEPaadjj_RZ.OWbSBIpuSF3hgHAmQ-~A
Request Chain 216
  • https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Request Chain 220
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YIIcbXpSPAFvUg_Jyf3WrAAABG0AAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YIIcbXpSPAFvUg_Jyf3WrAAABG0AAAIB&dcc=t
Request Chain 222
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YIIcbXpSPAFvUg-Jyf3WrAAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDlxQPk0gpLHVsamSPScYFg&google_cver=1
Request Chain 223
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YIIcbXpSPAFvUg_Jyf3WrAAABG0AAAIB HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEA0ye-eKZO53qpY1XIvqY54&google_cver=1
Request Chain 226
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1 HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1&_test=YIIcbgAAZUthDwBg HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YIIcbgAAZUthDwBg&gdpr=1&_test=YIIcbgAAZUthDwBg
Request Chain 227
  • https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YIIcbXpSPAFvUg-Jyf3WrAAA%261133 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YIIcbXpSPAFvUg-Jyf3WrAAA%261133
Request Chain 229
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=bc89f3cda3d190a9ee5a2afe1b11f7861ba06584c4962c6ec5aa5ac02a428512&tpid=108&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a6f3aea857f826d8%2F1619139692945%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=2b1b6082-1c6f-4900-9488-0045cdacf9e5&gdpr=0&gdpr_consent=
Request Chain 231
  • https://adscale-emea.adnxs.com/getuid?https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a6f3aea857f826d8%2F1619139692945%2F0%2Fimg%3Ftpid%3D75%26tpuid%3D%24UID&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/img?tpid=75&tpuid=295627870936991132&gdpr=0
Request Chain 232
  • https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=19e1342399f7033eb7fa133ad27fcbe1c4bdf3307b4c481effb020c531476e38&tpid=63&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a6f3aea857f826d8%2F1619139692945%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=YIIcbXpSPAFvUg-Jyf3WrAAA%261133&gdpr=0
Request Chain 235
  • https://track.adform.net/serving/cookie/match/?party=9&uid=0cce9455eea1ced80e791c683c234877dfb1d0c389f88e70319bd437687a49a8&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a6f3aea857f826d8%2F1619139692945%2F0%2Fimg&gdpr=0 HTTP 302
  • https://track.adform.net/serving/cookie/match/?CC=1&party=9&uid=0cce9455eea1ced80e791c683c234877dfb1d0c389f88e70319bd437687a49a8&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a6f3aea857f826d8%2F1619139692945%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/img?tpid=42&gdpr=0&tpuid=1265407494166813987
Request Chain 238
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=30576082-1c6f-4000-a58c-882887c2373a&gdpr=1&gdpr_consent=
Request Chain 239
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YIIccFV1RBxsx5vIoo49GwAABG0AAAAB HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/casale/YIIccFV1RBxsx5vIoo49GwAABG0AAAAB
Request Chain 241
  • https://sync.extend.tv/r.gif?exchange=index HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=5a53e5ea-fffd-439e-9b15-a329e187605f HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=5a53e5ea-fffd-439e-9b15-a329e187605f&C=1
Request Chain 245
  • https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&uid=f7d9ad8b93fb6c165b054b439f9ebe6027be37dfe2160721e490a3d2d05d5c5b&tpid=40&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a6f3aea857f826d8%2F1619139692945%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=75214bc5-f806-421d-a1d1-92f8e6c97ec5
Request Chain 246
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=eb8445d8cf965a3801b44f8a08d722f281cd6f6e97141a3812da9b829c8b83c9&tpid=39&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a6f3aea857f826d8%2F1619139692945%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=30576082-1c6f-4000-a58c-882887c2373a&gdpr=0&gdpr_consent=
Request Chain 247
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=d36f912ab6498dbd6fb3f68d237ab7414cd86db26d545bc3c76809ed06d1a518&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a6f3aea857f826d8%2F1619139692945%2F0%2Fjs&gdpr=0 HTTP 302
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=d36f912ab6498dbd6fb3f68d237ab7414cd86db26d545bc3c76809ed06d1a518&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a6f3aea857f826d8%2F1619139692945%2F0%2Fjs&gdpr=0&checkcookies=true HTTP 302
  • https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/js?tpid=48&tpuid=8845b388e7e99284f50cb25d0bc25a4a
Request Chain 274
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent= HTTP 302
  • https://dmp.adform.net/serving/cookie/match/?CC=1&party=1003&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/a?adform_uid=5945109568169925881 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoidGFwYWQifV19&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoidGFwYWQifV19&gdpr=0&gdpr_consent=&google_gid=CAESECfd5ESb3GBxnjUw6h8eNvk&google_cver=1 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3307&partner_device_id=0hdjXXCmwLsQnuyRqifs-XbSQ&partner_url=https%3A%2F%2Fa.audrte.com%2Ftp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%253D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://a.audrte.com/tp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/p
Request Chain 275
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=0hdjXXCmwLsQnuyRqifs-XbSQ&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=0hdjXXCmwLsQnuyRqifs-XbSQ&gdpr=0&gdpr_consent=&google_gid=CAESECfd5ESb3GBxnjUw6h8eNvk&google_cver=1 HTTP 302
  • https://a.audrte.com/p
Request Chain 316
  • https://track.adform.net/adfserve/?bn=45192071;rtbwp=YIIcdQAGyA8Iu8dVAAqWzRGzLLLNP6FdcajEYQ;rtbdata=213YhU2VLU2upwoQxDYWT0JZGQewthieQLxvsEHVkvh80Po-m5BCWQ6lzVbaIVSCCKPJRocpxzelYa1Bt3SBp8OkgzyTMb-TFHaH2kns0xx5kKhk1rOH3jIH60BiaLr4BC28Rk9No40zilvyKu3bB5PMQNnqU12sK3nzj7ufZf_Jh3zzzjfITwJqoTOpbOPpWxCukYZqyyicjwRO4eW8B4dQcdJktBlLj1A0hrmL_6CmdQZeSy6aVf5-RrK7aVZskZCC3KBl8cqApqGXz_1HBfnHlnaNDLlGCmrNwH9veAo0iyyBEtE8HZKDe79dJ6FZW3qBGJ7wkcWhpaLISYABjX-1ztReH1XSubpR7v_PmyLG5NtaE8z_tNXoyxn2WjLaZRpjc8HfoVaTmHYsPu6VTt4tyJRg3zUUabB0AxNUQR6zTlLOTnqMFSKRNWKSWrgQbnupuZhE8sDWaUjPx3SqVw2;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CJ7nGdRyCYI-QG9WO7_UPza2qgA-RrcW8XN3m7KbuAsCNtwEQASAAYOnkyYXYGoIBF2NhLXB1Yi0xMDcxMzEzNTI5NjQ0MDIyyAEJqQJ1yGN9j6yFPuACAKgDAaoEtAJP0FSgXHXYAE-ppGL08R6S7P31MK0IKQQzPKRZWzCtPEUdwMwr1iT5XqVQbG560KJB3nov-y5qClQmx3aaAmqvEm8rMlbvFWCLfHL6n859XYnnpgEBpVrPmKhAWYSNmdh28y3xDPz6czMRV96bqZreElThaTtXSD8r6EuOAy2OPrOHVyXc_4Fw8jPHzXubhrMk2TJynjetAshKAWG5RhPpe643bfRz6eEnRKnmt3bx8Qk-1OImou-769-vXuzgym-4ktqisKsV-ApLMDBoE8kwv5Ow0_jb8cfayBdx4dG7ZZkr7D75VppvSkel3KW7YJgjBEY-z1a3d6SPLF4hopPheBD0n9UXPPErRMokd3ZAL6ByxvT0ELsnjmD_7tv3E1GYtdznzkpJKj-m6EtoK7m_RMzrpOAEAYAG-YOz9NuOuNhwoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ&num=1&sig=AOD64_0Ym3eui-rlsasmqmenF9j7E80DXw&client=ca-pub-1071313529644022&adurl=;js=1;adfxid=1x;7911;set=en-US|en-US|1600X1200|0|300|600|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fgordonua.com HTTP 302
  • https://track.adform.net/adfserve/?CC=1&bn=45192071;rtbwp=YIIcdQAGyA8Iu8dVAAqWzRGzLLLNP6FdcajEYQ;rtbdata=213YhU2VLU2upwoQxDYWT0JZGQewthieQLxvsEHVkvh80Po-m5BCWQ6lzVbaIVSCCKPJRocpxzelYa1Bt3SBp8OkgzyTMb-TFHaH2kns0xx5kKhk1rOH3jIH60BiaLr4BC28Rk9No40zilvyKu3bB5PMQNnqU12sK3nzj7ufZf_Jh3zzzjfITwJqoTOpbOPpWxCukYZqyyicjwRO4eW8B4dQcdJktBlLj1A0hrmL_6CmdQZeSy6aVf5-RrK7aVZskZCC3KBl8cqApqGXz_1HBfnHlnaNDLlGCmrNwH9veAo0iyyBEtE8HZKDe79dJ6FZW3qBGJ7wkcWhpaLISYABjX-1ztReH1XSubpR7v_PmyLG5NtaE8z_tNXoyxn2WjLaZRpjc8HfoVaTmHYsPu6VTt4tyJRg3zUUabB0AxNUQR6zTlLOTnqMFSKRNWKSWrgQbnupuZhE8sDWaUjPx3SqVw2;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CJ7nGdRyCYI-QG9WO7_UPza2qgA-RrcW8XN3m7KbuAsCNtwEQASAAYOnkyYXYGoIBF2NhLXB1Yi0xMDcxMzEzNTI5NjQ0MDIyyAEJqQJ1yGN9j6yFPuACAKgDAaoEtAJP0FSgXHXYAE-ppGL08R6S7P31MK0IKQQzPKRZWzCtPEUdwMwr1iT5XqVQbG560KJB3nov-y5qClQmx3aaAmqvEm8rMlbvFWCLfHL6n859XYnnpgEBpVrPmKhAWYSNmdh28y3xDPz6czMRV96bqZreElThaTtXSD8r6EuOAy2OPrOHVyXc_4Fw8jPHzXubhrMk2TJynjetAshKAWG5RhPpe643bfRz6eEnRKnmt3bx8Qk-1OImou-769-vXuzgym-4ktqisKsV-ApLMDBoE8kwv5Ow0_jb8cfayBdx4dG7ZZkr7D75VppvSkel3KW7YJgjBEY-z1a3d6SPLF4hopPheBD0n9UXPPErRMokd3ZAL6ByxvT0ELsnjmD_7tv3E1GYtdznzkpJKj-m6EtoK7m_RMzrpOAEAYAG-YOz9NuOuNhwoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ&num=1&sig=AOD64_0Ym3eui-rlsasmqmenF9j7E80DXw&client=ca-pub-1071313529644022&adurl=;js=1;adfxid=1x;7911;set=en-US|en-US|1600X1200|0|300|600|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fgordonua.com
Request Chain 320
  • https://d.agkn.com/pixel/2175/?google_gid=CAESEEUjGGGkoKiKMAH8--QGHlg&google_cver=1&google_push=AQvitUJhevIa8rJIO5kXA4KTZMOk5qFinyDUh5cD_Yy9Cik3sqERPJePXl79DV5fbL-lCrLxFY3EHqrwObyh72pNRP-WjtMQreA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJhevIa8rJIO5kXA4KTZMOk5qFinyDUh5cD_Yy9Cik3sqERPJePXl79DV5fbL-lCrLxFY3EHqrwObyh72pNRP-WjtMQreA&google_hm=Q0FFU0VFVWpHR0drb0tpS01BSDgtLVFHSGxn
Request Chain 321
  • https://rtb.openx.net/sync/dds?google_gid=CAESEHI-nXnl0nyxS19vp8WboKU&google_cver=1&google_push=AQvitUJ9sgFy6FnDwETM3OhUtBlJzCE3_Yh7SNvk-6fIky05TR-ppIT6nMm6ZzRus1NJoSawrD1JR-3KikBdvBQ-a_OGgaS7ufCa HTTP 302
  • https://rtb.openx.net/sync/dds?google_gid=CAESEHI-nXnl0nyxS19vp8WboKU&google_cver=1&google_push=AQvitUJ9sgFy6FnDwETM3OhUtBlJzCE3_Yh7SNvk-6fIky05TR-ppIT6nMm6ZzRus1NJoSawrD1JR-3KikBdvBQ-a_OGgaS7ufCa&ox_sc=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ9sgFy6FnDwETM3OhUtBlJzCE3_Yh7SNvk-6fIky05TR-ppIT6nMm6ZzRus1NJoSawrD1JR-3KikBdvBQ-a_OGgaS7ufCa&google_hm=ROrkzcFBz0YgNhjDwLrovQ== HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ9sgFy6FnDwETM3OhUtBlJzCE3_Yh7SNvk-6fIky05TR-ppIT6nMm6ZzRus1NJoSawrD1JR-3KikBdvBQ-a_OGgaS7ufCa&google_hm=ROrkzcFBz0YgNhjDwLrovQ==&google_tc=
Request Chain 322
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENiFzXfzJMQdab7xqbippDc&google_cver=1&google_push=AQvitUIhTyO5kjHOg_4qmwWG-zEVa05CQKIi_qhG_J8iqKbxL2d_wYxx96H6K-KTc0DsMc5xWkcgQ80XwWn3Btgdh7P2gsdWGLDo HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENiFzXfzJMQdab7xqbippDc&google_cver=1&google_push=AQvitUIhTyO5kjHOg_4qmwWG-zEVa05CQKIi_qhG_J8iqKbxL2d_wYxx96H6K-KTc0DsMc5xWkcgQ80XwWn3Btgdh7P2gsdWGLDo&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=mlQR1gXKSbid00xpXWBHYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUIhTyO5kjHOg_4qmwWG-zEVa05CQKIi_qhG_J8iqKbxL2d_wYxx96H6K-KTc0DsMc5xWkcgQ80XwWn3Btgdh7P2gsdWGLDo HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=mlQR1gXKSbid00xpXWBHYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUIhTyO5kjHOg_4qmwWG-zEVa05CQKIi_qhG_J8iqKbxL2d_wYxx96H6K-KTc0DsMc5xWkcgQ80XwWn3Btgdh7P2gsdWGLDo&google_tc=
Request Chain 323
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAUo4IVC7HdVEom1n0Zu5kI&google_cver=1&google_push=AQvitUJPBNlI6PcAgp10KrqNX9j6zGdnLlCQVogSCz1cf58n7c1iEATy0UbN6tVVZ3-87nOSuzskc3mghWPTLeSnr4Ln2xLmrEjK HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05UTFoxWkotMU4tNEdUMg==&google_push=AQvitUJPBNlI6PcAgp10KrqNX9j6zGdnLlCQVogSCz1cf58n7c1iEATy0UbN6tVVZ3-87nOSuzskc3mghWPTLeSnr4Ln2xLmrEjK
Request Chain 324
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEP4MnDS1LbaZWsuVyliLARo&google_cver=1&google_push=AQvitUIA6Ilo7RqDnq8j-Qs6hlMY9eEbheQFL3SLCLLju95vir_ekBylwuMFBBKYT7AIDSQg8fn_BZEXoZ44hjLC6lazw9SloQdd HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEP4MnDS1LbaZWsuVyliLARo&google_cver=1&google_push=AQvitUIA6Ilo7RqDnq8j-Qs6hlMY9eEbheQFL3SLCLLju95vir_ekBylwuMFBBKYT7AIDSQg8fn_BZEXoZ44hjLC6lazw9SloQdd&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIIcdjfdhTHhBEefMVrbGQAABFoAAAAB&google_gid=CAESEP4MnDS1LbaZWsuVyliLARo&google_cver=1&google_push=AQvitUIA6Ilo7RqDnq8j-Qs6hlMY9eEbheQFL3SLCLLju95vir_ekBylwuMFBBKYT7AIDSQg8fn_BZEXoZ44hjLC6lazw9SloQdd HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIIcdjfdhTHhBEefMVrbGQAABFoAAAAB&google_gid=CAESEP4MnDS1LbaZWsuVyliLARo&google_cver=1&google_push=AQvitUIA6Ilo7RqDnq8j-Qs6hlMY9eEbheQFL3SLCLLju95vir_ekBylwuMFBBKYT7AIDSQg8fn_BZEXoZ44hjLC6lazw9SloQdd&google_tc=

335 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
gordonua.com/news/worldnews/
106 KB
24 KB
Document
General
Full URL
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
2f252e691e85fed4194e6a1962ada3a81fe82250dfc696499105c0e2dc03f0f6
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
gordonua.com
:scheme
https
:path
/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server
nginx
date
Fri, 23 Apr 2021 01:01:31 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
create-date
Wed, 03 Apr 2019 23:21:56 +0300
last-modified
Thu, 04 Apr 2019 00:48:36 +0300
content-encoding
br
x-xss-protection
1; mode=block
x-frame-options
sameorigin
glyphicons-halflings-regular.woff
gordonua.com/theme/fonts/
16 KB
16 KB
Font
General
Full URL
https://gordonua.com/theme/fonts/glyphicons-halflings-regular.woff
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
71c12656535e99119c2a952c10554cd6f47c6923d2d96155a7833276e68992af
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/fonts/glyphicons-halflings-regular.woff
pragma
no-cache
origin
https://gordonua.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://gordonua.com
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
W/"603911ce-4040"
x-frame-options
sameorigin
content-type
application/font-woff
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:09 GMT
Roboto-Regular-webfont.woff
gordonua.com/theme/fonts/
40 KB
40 KB
Font
General
Full URL
https://gordonua.com/theme/fonts/Roboto-Regular-webfont.woff
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
96383b51bcbda70efb0250efe0bc9f4b45b29bc7145a87d481ce70e763b2836b
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/fonts/Roboto-Regular-webfont.woff
pragma
no-cache
origin
https://gordonua.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://gordonua.com
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
W/"603911ce-9f54"
x-frame-options
sameorigin
content-type
application/font-woff
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:09 GMT
Roboto-Italic-webfont.woff
gordonua.com/theme/fonts/
49 KB
49 KB
Font
General
Full URL
https://gordonua.com/theme/fonts/Roboto-Italic-webfont.woff
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
c4c483623e1913743041e04f84f5f3a9b21fa89e5bc224b264781460caf85b69
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/fonts/Roboto-Italic-webfont.woff
pragma
no-cache
origin
https://gordonua.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://gordonua.com
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
W/"603911ce-c400"
x-frame-options
sameorigin
content-type
application/font-woff
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:09 GMT
Roboto-Medium-webfont.woff
gordonua.com/theme/fonts/
41 KB
41 KB
Font
General
Full URL
https://gordonua.com/theme/fonts/Roboto-Medium-webfont.woff
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
0ae8f824a144e63b873e47b71b81e273d9342c81f769c12f66f7747954cc10cc
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/fonts/Roboto-Medium-webfont.woff
pragma
no-cache
origin
https://gordonua.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://gordonua.com
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
W/"603911ce-a244"
x-frame-options
sameorigin
content-type
application/font-woff
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:09 GMT
Roboto-Bold-webfont.woff
gordonua.com/theme/fonts/
40 KB
40 KB
Font
General
Full URL
https://gordonua.com/theme/fonts/Roboto-Bold-webfont.woff
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
ca1b2c67389bc419689537ec0a503735171d3eb00a7ef84c80638bd1095c2735
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/fonts/Roboto-Bold-webfont.woff
pragma
no-cache
origin
https://gordonua.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://gordonua.com
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
W/"603911ce-9f70"
x-frame-options
sameorigin
content-type
application/font-woff
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:09 GMT
Roboto-BoldItalic-webfont.woff
gordonua.com/theme/fonts/
49 KB
50 KB
Font
General
Full URL
https://gordonua.com/theme/fonts/Roboto-BoldItalic-webfont.woff
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
70d687a320109b724d86c33479db68700a86ae5b65898dcc2eb3826c4fd9862f
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/fonts/Roboto-BoldItalic-webfont.woff
pragma
no-cache
origin
https://gordonua.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://gordonua.com
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
W/"603911ce-c5ac"
x-frame-options
sameorigin
content-type
application/font-woff
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:09 GMT
bb10f14113dc45a7d66d2b91277126d8.css
gordonua.com/pub/
290 KB
47 KB
Stylesheet
General
Full URL
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
fd0771c77dfdd2175ee8f25e61c6989610ca63bdf8791162dd92aa4e5e5165db
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/pub/bb10f14113dc45a7d66d2b91277126d8.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Wed, 21 Apr 2021 06:14:47 GMT
server
nginx
etag
W/"607fc2d7-4891e"
x-frame-options
sameorigin
content-type
text/css
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:31 GMT
logo_lg.svg
gordonua.com/theme/img/
9 KB
3 KB
Image
General
Full URL
https://gordonua.com/theme/img/logo_lg.svg
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
0690cb6ef870a7e3a760a2060a1f518a64bbfb90b6666cb28da9b20480cf578b
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/img/logo_lg.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
W/"603911ce-2462"
x-frame-options
sameorigin
content-type
image/svg+xml
x-xss-protection
1; mode=block
41_tn.jpg
gordonua.com/img/article/8602/
28 KB
28 KB
Image
General
Full URL
https://gordonua.com/img/article/8602/41_tn.jpg?v1554328116
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
bbb197f7f98cf972b5c4aebabd4f601853921383d95f53dd5301636c0833b2b4
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/8602/41_tn.jpg?v1554328116
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Wed, 03 Apr 2019 20:31:50 GMT
server
nginx
etag
"5ca51836-6f3f"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
28479
x-xss-protection
1; mode=block
expires
Fri, 07 May 2021 01:01:31 GMT
ajax-loader.gif
gordonua.com/theme/img/
2 KB
2 KB
Image
General
Full URL
https://gordonua.com/theme/img/ajax-loader.gif
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
ee53ada617f2674cbd706e3b24fc6738c7f53f2f7a3a959e71f611aa850dc946
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/img/ajax-loader.gif
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
"603911ce-6c9"
x-frame-options
sameorigin
content-type
image/gif
accept-ranges
bytes
content-length
1737
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 03:33:06 GMT
blank.png
gordonua.com/theme/img/
985 B
1 KB
Image
General
Full URL
https://gordonua.com/theme/img/blank.png
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
8cb00e63cb966ea0388fda3357402ba93e460dbfe82019f9695d895f04d3d40b
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/img/blank.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
"603911ce-3d9"
x-frame-options
sameorigin
content-type
image/png
accept-ranges
bytes
content-length
985
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:09 GMT
fb-dialog-logo.png
gordonua.com/theme/img/
635 B
859 B
Image
General
Full URL
https://gordonua.com/theme/img/fb-dialog-logo.png
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
95300eddaae507eba362f9b46d2992ed798ec2420c4d71473b9152f58a42e201
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/img/fb-dialog-logo.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
"603911ce-27b"
x-frame-options
sameorigin
content-type
image/png
accept-ranges
bytes
content-length
635
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:09 GMT
97_tn2.jpg
gordonua.com/img/article/15494/
7 KB
7 KB
Image
General
Full URL
https://gordonua.com/img/article/15494/97_tn2.jpg
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
f74c1538f17eb2a7954c9fdb15daaea7a4de98bbf001e185b75b98e47dc89176
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/15494/97_tn2.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Tue, 20 Apr 2021 08:23:37 GMT
server
nginx
etag
"607e8f89-1cde"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
7390
x-xss-protection
1; mode=block
expires
Tue, 04 May 2021 08:24:07 GMT
96_tn2.jpg
gordonua.com/img/article/15495/
5 KB
6 KB
Image
General
Full URL
https://gordonua.com/img/article/15495/96_tn2.jpg
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
bb3ef6ab003d79d3bf17e045b0af89ede0103b5ba05e4190fefae82dcd9d6799
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/15495/96_tn2.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Tue, 20 Apr 2021 16:40:30 GMT
server
nginx
etag
"607f03fe-15a9"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
5545
x-xss-protection
1; mode=block
expires
Tue, 04 May 2021 16:40:53 GMT
36_tn2.jpg
gordonua.com/img/article/15498/
7 KB
7 KB
Image
General
Full URL
https://gordonua.com/img/article/15498/36_tn2.jpg
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
f53c1ad18dab652cc8012f96e7ff386c2fbc96e753932f69c08f7eaae75cfaf8
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/15498/36_tn2.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Thu, 22 Apr 2021 07:30:01 GMT
server
nginx
etag
"608125f9-1ceb"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
7403
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 17:06:26 GMT
53_tn2.jpg
gordonua.com/img/article/15498/
11 KB
12 KB
Image
General
Full URL
https://gordonua.com/img/article/15498/53_tn2.jpg
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
aa6df790f8548776d5936807c15d93aabb87b1c163f9f473822ef3f920c13aab
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/15498/53_tn2.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Thu, 22 Apr 2021 09:07:00 GMT
server
nginx
etag
"60813cb4-2d43"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
11587
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 18:07:27 GMT
82_tn2.jpg
gordonua.com/img/article/15494/
9 KB
10 KB
Image
General
Full URL
https://gordonua.com/img/article/15494/82_tn2.jpg
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
a92acd511742d22210c4a8f8d1d861d9681a95b01380999dbff01dd638f66163
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/15494/82_tn2.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Tue, 20 Apr 2021 06:52:48 GMT
server
nginx
etag
"607e7a40-257a"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
9594
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 12:57:06 GMT
65_tn2.jpg
gordonua.com/img/article/15495/
9 KB
10 KB
Image
General
Full URL
https://gordonua.com/img/article/15495/65_tn2.jpg
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
a2a24025e36c6412ad80bd1b4921e6c4275617fe4e2a4e3fc169d47ffec85458
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/15495/65_tn2.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Tue, 20 Apr 2021 14:08:37 GMT
server
nginx
etag
"607ee065-2552"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
9554
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 08:34:10 GMT
10_tn2.jpg
gordonua.com/img/article/15495/
6 KB
6 KB
Image
General
Full URL
https://gordonua.com/img/article/15495/10_tn2.jpg
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
29253b8608d4bcaf419169a0e24af1040cbcdc6a2adbbf48c4b41dbc73cf8bc3
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/15495/10_tn2.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Tue, 20 Apr 2021 09:31:07 GMT
server
nginx
etag
"607e9f5b-16b4"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
5812
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 06:00:54 GMT
57_tn2.jpg
gordonua.com/img/article/15497/
8 KB
8 KB
Image
General
Full URL
https://gordonua.com/img/article/15497/57_tn2.jpg
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
a851d75df16abf37c2cd891bc58b859efb9e25645252956f68f0a769084a4714
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/15497/57_tn2.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Wed, 21 Apr 2021 15:19:02 GMT
server
nginx
etag
"60804266-1e8d"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
7821
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 15:33:38 GMT
30bef0f23f1e8ae577422b43ba8112bc.js
gordonua.com/pub/
530 KB
143 KB
Script
General
Full URL
https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
1a160a8d99111cbd10da1f89bcf32446067fa3b5c25181131b6686165ffc5ef8
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/pub/30bef0f23f1e8ae577422b43ba8112bc.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Thu, 04 Mar 2021 15:55:42 GMT
server
nginx
etag
W/"604102fe-84880"
x-frame-options
sameorigin
content-type
application/javascript; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:31 GMT
hb_307359_6809.js
player.adtelligent.com/prebidlink/449761/
339 KB
105 KB
Script
General
Full URL
https://player.adtelligent.com/prebidlink/449761/hb_307359_6809.js
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.1 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
d30778d5445a241a3850a85669468034cc771e17423bb80eb8104b1478d9af16

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
content-encoding
gzip
last-modified
Thu, 22 Apr 2021 11:30:45 GMT
server
nginx
etag
W/"60815e65-54a10"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Fri, 23 Apr 2021 02:01:31 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
gpt.js
securepubads.g.doubleclick.net/tag/js/
62 KB
21 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
sffe /
Resource Hash
ac4c2d1083556ee3bab8bc188432351b2fc3501b5876791d49153ab08d8180b6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"850 / 223 of 1000 / last-modified: 1619129408"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21104
x-xss-protection
0
expires
Fri, 23 Apr 2021 01:01:31 GMT
wrapper_hb_307359_6809.js
player.adtelligent.com/prebidlink/449761/
148 KB
27 KB
Script
General
Full URL
https://player.adtelligent.com/prebidlink/449761/wrapper_hb_307359_6809.js
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.1 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
6876c0c76085cc059275395d9e50b9c9e36a62f6b8960484dbe0eb8da7555bf6

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
content-encoding
gzip
last-modified
Thu, 22 Apr 2021 11:30:45 GMT
server
nginx
etag
W/"60815e65-24fc3"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Fri, 23 Apr 2021 02:01:31 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
gtm.js
www.googletagmanager.com/
101 KB
37 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PFHTMJ
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
32c06dcd4e30dd04a2e93b697ad0b67469396ee42d1cd9d6943974a1c6fdfbb0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37833
x-xss-protection
0
last-modified
Fri, 23 Apr 2021 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 23 Apr 2021 01:01:31 GMT
sdk.js
connect.facebook.net/ru_RU/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/ru_RU/sdk.js
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ad0531be570f68b8811738f4b50e4892a348f2739d934db5a6203d296aa42fb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
eouiG4pXqYotvoBTaI5+SA==
cross-origin-resource-policy
cross-origin
expires
Fri, 23 Apr 2021 01:08:21 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1780
x-fb-rlafr
0
x-fb-debug
gKqkqOKSTwTw1UY4qg5hAfukw7rDxwaA4QfEGwbzUR4Ss+UNmHL3P/A7O6hCDmiQUUT9WZypZDV8ZjFZhnETyw==
x-fb-trip-id
1679558926
x-fb-content-md5
805b15bc1cf0d47a93c678f63d0ae20f
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Fri, 23 Apr 2021 01:01:31 GMT
x-frame-options
DENY
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"dbdbf5b4dac4f74829ea7cb064a59cd9"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
bg.jpg
gordonua.com/theme/img/
10 KB
11 KB
Image
General
Full URL
https://gordonua.com/theme/img/bg.jpg
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
0532f59575bd5c8d6b12c4aa772150adc01c62db958378b838023cf67f64b7e0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/img/bg.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
"603911ce-298f"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
10639
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:11 GMT
sprites.png
gordonua.com/theme/img/
27 KB
27 KB
Image
General
Full URL
https://gordonua.com/theme/img/sprites.png
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
464590a4da9d186b32647d5a7d566e954debfc54633ba8efa1fe0751e8255618
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/img/sprites.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
"603911ce-6b98"
x-frame-options
sameorigin
content-type
image/png
accept-ranges
bytes
content-length
27544
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:11 GMT
Viber20.png
gordonua.com/theme/img/
486 B
710 B
Image
General
Full URL
https://gordonua.com/theme/img/Viber20.png
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
44bcbddd4c0c2f24f043f19df837cd878ebca38feb04d682606f6cca37f9fef6
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/img/Viber20.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
"603911ce-1e6"
x-frame-options
sameorigin
content-type
image/png
accept-ranges
bytes
content-length
486
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:11 GMT
sep4.png
gordonua.com/theme/img/
125 B
349 B
Image
General
Full URL
https://gordonua.com/theme/img/sep4.png
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
bca49ab1759bbe305d5e0e01021bf08d4d5f88207d64ae035bb3e7dbd17a21d6
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/img/sep4.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
"603911ce-7d"
x-frame-options
sameorigin
content-type
image/png
accept-ranges
bytes
content-length
125
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:13 GMT
Viber0.png
gordonua.com/theme/img/
476 B
700 B
Image
General
Full URL
https://gordonua.com/theme/img/Viber0.png
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
44f7e5bcef86ec935780aeb13252dad7d90d7dc55c5956539ab50e471f920a56
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/img/Viber0.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
"603911ce-1dc"
x-frame-options
sameorigin
content-type
image/png
accept-ranges
bytes
content-length
476
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:11 GMT
/
c.bigmir.net/
134 B
425 B
Script
General
Full URL
https://c.bigmir.net/?o1&v16929671&s16930209&t0&c1&n653915&w0&y0&d24&r1600
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.239.68.97 , Ukraine, ASN39468 (BIGMIR-INTERNET-AS, UA),
Reverse DNS
c.bigmir.net
Software
nginx /
Resource Hash
e7b935e51df441f3b2fe598580ef0670b0f0ba0324d91fc11712c0caecf932a9

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:32 GMT
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/x-javascript; charset=windows-1251
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Keep-Alive
timeout=5
Expires
0
sdk.js
connect.facebook.net/ru_RU/
219 KB
65 KB
Script
General
Full URL
https://connect.facebook.net/ru_RU/sdk.js?hash=26f452649cca37d16e4d2ab4df9ce787&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/ru_RU/sdk.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cd459f0c3fb4f48b09fd6c217157f1dfc837aea90733dc4fe1681068ead09df9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://gordonua.com
Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
Po26gn0/HhPq1xvdDQbolA==
cross-origin-resource-policy
cross-origin
expires
Fri, 22 Apr 2022 22:53:49 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
66035
x-fb-rlafr
0
x-fb-debug
ikf/RaeuboK1rOKqmm26z96FsJC8u92xekZh8hqie2f3jSqrDb/VyBMvjMcMn9Qt77ke+ekDIJAvQ61xo8bvmA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
bb7c5d934093b4d60facce8113ab6b0b
date
Fri, 23 Apr 2021 01:01:31 GMT
x-frame-options
DENY
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"3885586c370699b3b954bcfbd2e60818"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
analytics.js
www.google-analytics.com/
48 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PFHTMJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 09 Apr 2021 23:59:54 GMT
server
Golfe2
age
5056
date
Thu, 22 Apr 2021 23:37:15 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19569
expires
Fri, 23 Apr 2021 01:37:15 GMT
fbevents.js
connect.facebook.net/en_US/
92 KB
23 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0ae5ed57dc48abbee125d5f915e37110c9f2bb6a95d1aa5ccf3c141f8fe10db3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
23961
x-xss-protection
0
pragma
public
x-fb-debug
uiW0CrtBslzMsLS9BKL154htNvzG3f9Gksm5tTyl7axNdmqVRs/+25Bbkjtg+0IvWml1L9A0keZCNnlmNw41kw==
date
Fri, 23 Apr 2021 01:01:31 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
client.js
cdn.gravitec.net/storage/74ed70387794afbfbcf9210da2aec7bc/
64 KB
18 KB
Script
General
Full URL
https://cdn.gravitec.net/storage/74ed70387794afbfbcf9210da2aec7bc/client.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PFHTMJ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.1 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
49a0ffc965fd36633ec954826b02b7891fa4d9296f89ca526e95ae5a2a28b165

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
gzip
last-modified
Wed, 23 Dec 2020 13:28:09 GMT
server
nginx
etag
W/"5fe345e9-fff0"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Thu, 01 Apr 2021 07:59:20 GMT
cache-control
max-age=10
x-proxy-cache
HIT
collect
www.google-analytics.com/j/
2 B
22 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j90&a=958326130&t=pageview&_s=1&dl=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&ul=en-us&de=UTF-8&dt=%D0%A1%D1%82%D0%BE%D0%BB%D1%82%D0%B5%D0%BD%D0%B1%D0%B5%D1%80%D0%B3%3A%20%D0%9D%D0%B0%D0%BC%20%D0%BF%D1%80%D0%B8%D0%B4%D0%B5%D1%82%D1%81%D1%8F%20%D0%B8%D0%BC%D0%B5%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BB%D0%BE%20%D1%81%20%D0%B5%D1%89%D0%B5%20%D0%B1%D0%BE%D0%BB%D1%8C%D1%88%D0%B8%D0%BC%20%D0%BD%D0%B0%D0%BF%D0%BE%D1%80%D0%BE%D0%BC%20%D1%81%D0%BE%20%D1%81%D1%82%D0%BE%D1%80%D0%BE%D0%BD%D1%8B%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%2F%20%D0%93%D0%9E%D0%A0%D0%94%D0%9E%D0%9D&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABAAAAAC~&jid=141480501&gjid=1728039342&cid=626854433.1619139692&tid=UA-45540577-1&_gid=626200510.1619139692&_r=1&gtm=2wg4e1PFHTMJ&cd1=30%20day%20more&cd3=&z=791553336
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:31 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://gordonua.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
1 B
83 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-45540577-1&cid=626854433.1619139692&jid=141480501&gjid=1728039342&_gid=626200510.1619139692&_u=YEBAAAAAAAAAAC~&z=18801375
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 23 Apr 2021 01:01:31 GMT
content-type
text/plain
access-control-allow-origin
https://gordonua.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
1323237824477639
connect.facebook.net/signals/config/
254 KB
72 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1323237824477639?v=2.9.39&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
062993fc1958ac05da3d96971e0060b8f21bb85d9686cdacc921a2e8b04ee41c
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
74067
x-fb-rlafr
0
pragma
public
x-fb-debug
oiPRFxSTDE6SsxegxsFYqpiKohrbz4r2hoytmO1hKZ3RkUPxrCBtaEwWOAr4D8evOXPLvFHKNJgNgltraHt7SA==
x-frame-options
DENY
date
Fri, 23 Apr 2021 01:01:31 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
260 B
Image
General
Full URL
https://www.facebook.com/tr/?id=442769489419723&ev=fb_page_view&dl=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&rl=&if=false&ts=1619139691968&sw=1600&sh=1200&at=
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f113:81:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:31 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 23 Apr 2021 01:01:31 GMT
pubads_impl_2021042001.js
securepubads.g.doubleclick.net/gpt/
301 KB
105 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042001.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
sffe /
Resource Hash
a2aca9aa200ad3e4dd9afcd27fd2bd5b272a5d297e9f85d708394857ca6a1ffe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Apr 2021 08:40:14 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
107961
x-xss-protection
0
expires
Fri, 23 Apr 2021 01:01:32 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1323237824477639&ev=PageView&dl=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&rl=&if=false&ts=1619139692027&sw=1600&sh=1200&v=2.9.39&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1619139692026.1767761047&it=1619139691942&coo=false&rqm=GET
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f113:81:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
expires
Fri, 23 Apr 2021 01:01:32 GMT
tracking
ghb.adtelligent.com/adunit/
43 B
414 B
XHR
General
Full URL
https://ghb.adtelligent.com/adunit/tracking?event=11&type=0&client_id=307359&site_id=6809&full_page_url=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&adid=tlyu4q.ph&vpbv=0774&lifecycle_tte=1009
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/449761/wrapper_hb_307359_6809.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://gordonua.com
Date
Fri, 23 Apr 2021 01:01:31 GMT
Access-Control-Allow-Credentials
true
Server
VertaMedia 1.0
Connection
Keep-Alive
Content-Length
43
Content-Type
image/gif
csyncs
ghb.adtelligent.com/
658 B
619 B
XHR
General
Full URL
https://ghb.adtelligent.com/csyncs?aid1=526558&aid2=526559&aid3=605039&aid4=607661
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/449761/wrapper_hb_307359_6809.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
0f834eeade60818b80774634d5bf54d69e0280d22c6c1fe449c6e0856c304b14

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:31 GMT
Content-Encoding
gzip
Server
VertaMedia 1.0
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://gordonua.com
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Length
332
hit
counter.yadro.ru/
Redirect Chain
  • https://counter.yadro.ru/hit?t16.6;r;s1600*1200*24;uhttps%3A//gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html;0.5763704230932636
  • https://counter.yadro.ru/hit?q;t16.6;r;s1600*1200*24;uhttps%3A//gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html;0.576370423093...
268 B
722 B
Image
General
Full URL
https://counter.yadro.ru/hit?q;t16.6;r;s1600*1200*24;uhttps%3A//gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html;0.5763704230932636
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
88.212.201.210 , Russian Federation, ASN39134 (UNITEDNET, RU),
Reverse DNS
host210.rax.ru
Software
nginx/1.17.9 /
Resource Hash
46adbd22911cba0cf25a326f69c47026cf379672d58c48d1d1f707a2e1b7c8e6
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:32 GMT
Server
nginx/1.17.9
Strict-Transport-Security
max-age=86400
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Cache-control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
268
Expires
Wed, 22 Apr 2020 21:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:32 GMT
Server
nginx/1.17.9
Strict-Transport-Security
max-age=86400
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Location
https://counter.yadro.ru/hit?q;t16.6;r;s1600*1200*24;uhttps%3A//gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html;0.5763704230932636
Cache-control
no-cache
Connection
keep-alive
Content-Type
text/html
Content-Length
32
Expires
Wed, 22 Apr 2020 21:00:00 GMT
b62_top.gif
i.bigmir.net/cnt/samples/diagonal/
65 B
237 B
Image
General
Full URL
https://i.bigmir.net/cnt/samples/diagonal/b62_top.gif
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.239.71.100 , Ukraine, ASN39468 (BIGMIR-INTERNET-AS, UA),
Reverse DNS
rs.img.com.ua
Software
nginx /
Resource Hash
f58fb168b5c39052b4aa63d1fcc6c0db683d26323a3b6c0fdf0cd8115a025012

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
last-modified
Tue, 23 Jan 2007 13:14:29 GMT
server
nginx
etag
"45b60a35-41"
content-type
image/gif
cache-control
max-age=259200
accept-ranges
bytes
content-length
65
expires
Mon, 26 Apr 2021 01:01:32 GMT
b62_center.gif
i.bigmir.net/cnt/samples/diagonal/
79 B
250 B
Image
General
Full URL
https://i.bigmir.net/cnt/samples/diagonal/b62_center.gif
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.239.71.100 , Ukraine, ASN39468 (BIGMIR-INTERNET-AS, UA),
Reverse DNS
rs.img.com.ua
Software
nginx /
Resource Hash
2088527e36ed6201b7746007c4233095b3b183f0eb851ea410ee2bf3f2b68a6e

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
last-modified
Tue, 23 Jan 2007 13:14:29 GMT
server
nginx
etag
"45b60a35-4f"
content-type
image/gif
cache-control
max-age=259200
accept-ranges
bytes
content-length
79
expires
Mon, 26 Apr 2021 01:01:32 GMT
b62_bottom.gif
i.bigmir.net/cnt/samples/diagonal/
66 B
237 B
Image
General
Full URL
https://i.bigmir.net/cnt/samples/diagonal/b62_bottom.gif
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.239.71.100 , Ukraine, ASN39468 (BIGMIR-INTERNET-AS, UA),
Reverse DNS
rs.img.com.ua
Software
nginx /
Resource Hash
064c2fbbda6a4badd6bb98c7adf5a182e85da377f2bc7b24dd580f00e9cc0243

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
last-modified
Tue, 23 Jan 2007 13:14:28 GMT
server
nginx
etag
"45b60a34-42"
content-type
image/gif
cache-control
max-age=259200
accept-ranges
bytes
content-length
66
expires
Mon, 26 Apr 2021 01:01:32 GMT
Cookie set csync
sync.adtelligent.com/ Frame 4005
Redirect Chain
  • https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D
  • https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=114293af-7252-496c-bd45-4e2721583258
86 B
547 B
Document
General
Full URL
https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=114293af-7252-496c-bd45-4e2721583258
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/449761/wrapper_hb_307359_6809.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Host
sync.adtelligent.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://gordonua.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
vmuid=37c8f4dd4b59cb2b
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://gordonua.com/

Response headers

Server
VertaMedia 1.0
Date
Fri, 23 Apr 2021 01:01:32 GMT
Content-Type
image/gif
Content-Length
86
Cache-Control
no-cache, no-store, must-revalidate
Set-Cookie
vmuid=37c8f4dd4b59cb2b; expires=Thu, 24 Jun 2021 01:01:32 GMT; domain=.adtelligent.com; path=/; secure; SameSite=None a319130=114293af-7252-496c-bd45-4e2721583258; expires=Thu, 24 Jun 2021 01:01:32 GMT; domain=.adtelligent.com; path=/; secure; SameSite=None

Redirect headers

set-cookie
viewer_token=114293af-7252-496c-bd45-4e2721583258; path=/; domain=csync.loopme.me; Expires=Sun, 23-May-2021 01:01:32 GMT
location
https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=114293af-7252-496c-bd45-4e2721583258
content-length
0
date
Fri, 23 Apr 2021 01:01:32 GMT
server
_
sync.html
s.console.adtarget.com.tr/ Frame A288
2 KB
1 KB
Document
General
Full URL
https://s.console.adtarget.com.tr/sync.html?aid=609096
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/449761/wrapper_hb_307359_6809.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5095:0:225:90ff:fefa:245d London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
d99a5d620473b33e0b2948ae3f50f8a7301865375603c3f889035449eeea773a

Request headers

Host
s.console.adtarget.com.tr
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://gordonua.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://gordonua.com/

Response headers

Server
VertaMedia 1.0
Date
Fri, 23 Apr 2021 01:01:31 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
938
Access-Control-Allow-Origin
https://gordonua.com
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Encoding
gzip
1px-matching-adtelligent.gif
t.trafmag.com/images/images/
Redirect Chain
  • https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D
  • https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=37c8f4dd4b59cb2b
35 B
232 B
Image
General
Full URL
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=37c8f4dd4b59cb2b
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
193.200.65.5 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
server
nginx
content-type
image/gif
content-length
35
p3p
CP="NON DSP COR CURa TIA"

Redirect headers

Location
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=37c8f4dd4b59cb2b
Date
Fri, 23 Apr 2021 01:01:31 GMT
Server
VertaMedia 1.0
Content-Length
43
Content-Type
image/gif
views_all.php
gordonua.com/exec/
7 B
126 B
Image
General
Full URL
https://gordonua.com/exec/views_all.php?art=860241&rnd=69512
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/exec/views_all.php?art=860241&rnd=69512
pragma
no-cache
cookie
_ga=GA1.2.626854433.1619139692; _gid=GA1.2.626200510.1619139692; _gat_UA-45540577-1=1; _fbp=fb.1.1619139692026.1767761047
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
server
nginx
x-xss-protection
1; mode=block
x-frame-options
sameorigin
content-type
application/json; charset=utf-8
share_button.php
www.facebook.com/v5.0/plugins/ Frame B3D1
Redirect Chain
  • https://web.facebook.com/v5.0/plugins/share_button.php?app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5b7a92dacf1%26domain...
  • https://www.facebook.com/v5.0/plugins/share_button.php?app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5b7a92dacf1%26domain...
58 KB
14 KB
Document
General
Full URL
https://www.facebook.com/v5.0/plugins/share_button.php?app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5b7a92dacf1%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&layout=button_count&locale=ru_RU&sdk=joey&size=small&_rdc=1&_rdr
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/ru_RU/sdk.js?hash=26f452649cca37d16e4d2ab4df9ce787&ua=modern_es6
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f113:81:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
90e255c879e169dd534cf2c682d517fcaf28f1a8da9ad250c7e89314b9e6bcc3
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/v5.0/plugins/share_button.php?app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5b7a92dacf1%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&layout=button_count&locale=ru_RU&sdk=joey&size=small&_rdc=1&_rdr
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://gordonua.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
fr=0epMuN9U3upWIGQ0I..Bgghxr...1.0.Bgghxr.
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
about:blank

Response headers

x-fb-rlafr
0
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-xss-protection
0
content-encoding
br
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=15552000; preload
facebook-api-version
v5.0
x-content-type-options
nosniff
vary
Accept-Encoding
pragma
no-cache
cross-origin-opener-policy
same-origin-allow-popups
content-type
text/html; charset="utf-8"
x-fb-debug
gdIlkefUnUshSSs9/shOM4wcFuxiZam8u2mxTh7SpNzIDDK99U/y/pBpF94Non9jN2ux9VvaweUoYR4dT8atYw==
date
Fri, 23 Apr 2021 01:01:32 GMT
priority
u=3,i
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

Redirect headers

location
https://www.facebook.com/v5.0/plugins/share_button.php?app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5b7a92dacf1%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&layout=button_count&locale=ru_RU&sdk=joey&size=small&_rdc=1&_rdr
x-fb-zr-redirect
02|1619226092|FzBEAiAuTGsxlpbN99AHPEbRZClyFuZBxCLWeZavz12TpDL_XwIgZdgHFXBJzBwJuNFoE2Yb2WEIJKv8tUx9QOmKNSgfLcA
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
ZK9cH1BVjjQYHhwmU5QkTqM6a54P92DZQsel42RZsHb3FVQIbaXn+jn+p2c50JlcO3H9+VNRZ9dbXQTkE2l3yg==
content-length
0
date
Fri, 23 Apr 2021 01:01:32 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
page.php
www.facebook.com/v5.0/plugins/ Frame 7E0D
Redirect Chain
  • https://web.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ab...
  • https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ab...
51 KB
16 KB
Document
General
Full URL
https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1abca4da71757c%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=0&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom%2F&locale=ru_RU&sdk=joey&show_facepile=true&small_header=true&_rdc=1&_rdr
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/ru_RU/sdk.js?hash=26f452649cca37d16e4d2ab4df9ce787&ua=modern_es6
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f113:81:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5c323c95f15e0159c25abd654f142a8a718eb23703f4ada86f54cf3069f2fe58
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1abca4da71757c%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=0&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom%2F&locale=ru_RU&sdk=joey&show_facepile=true&small_header=true&_rdc=1&_rdr
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://gordonua.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
fr=0epMuN9U3upWIGQ0I..Bgghxr...1.0.Bgghxr.
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
about:blank

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-xss-protection
0
strict-transport-security
max-age=15552000; preload
content-encoding
br
facebook-api-version
v5.0
x-content-type-options
nosniff
vary
Accept-Encoding
pragma
no-cache
x-fb-rlafr
0
content-type
text/html; charset="utf-8"
x-fb-debug
PfYFz1KxEikc8ctFTi47y67gwU4vYqVT/lgpvRjHHZ1U+G2W80Yzj54j6plwAodLPA89f+PLJ23Xp1p5pib9uQ==
date
Fri, 23 Apr 2021 01:01:32 GMT
priority
u=3,i
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

Redirect headers

location
https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1abca4da71757c%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=0&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom%2F&locale=ru_RU&sdk=joey&show_facepile=true&small_header=true&_rdc=1&_rdr
x-fb-zr-redirect
02|1619226092|FzBFAiAe2eSYh8z2yLEer0USjghsr2GLR78-Rm0lIktqST281AIhAJX1H1hzkV8ChlFHujEOs063VhgQpStwrpOJYSNB7oei
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
3Yms8nUcm7dj0m/dcwd11OyLvbugZmfaF5UQQgH/sPOYrhn0x3lcq0NViTcRH/5+MpL9ttw296ERqtWPujsrCA==
content-length
0
date
Fri, 23 Apr 2021 01:01:32 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
page.php
www.facebook.com/v5.0/plugins/ Frame 4C17
Redirect Chain
  • https://web.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca...
  • https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca...
112 KB
29 KB
Document
General
Full URL
https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/ru_RU/sdk.js?hash=26f452649cca37d16e4d2ab4df9ce787&ua=modern_es6
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f113:81:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
1f831b1e98a8715a13b39b15b8ed65793238b5fb007b0e5e9708e05da29bb8a0
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://gordonua.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
fr=0epMuN9U3upWIGQ0I..Bgghxr...1.0.Bgghxr.
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
about:blank

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-xss-protection
0
strict-transport-security
max-age=15552000; preload
content-encoding
br
facebook-api-version
v5.0
x-content-type-options
nosniff
vary
Accept-Encoding
pragma
no-cache
x-fb-rlafr
0
content-type
text/html; charset="utf-8"
x-fb-debug
hO0gGC9/KEsJ8KJjIplBwP4axgeDn0qAA7ZGJcajh/+XuVJqDO+Z0pO/8GoNUk+UHgAUkaw2NWR50Z7PxO4cVA==
date
Fri, 23 Apr 2021 01:01:32 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i

Redirect headers

location
https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
x-fb-zr-redirect
02|1619226092|FzBFAiAq6J-iAQJdDz4497Ajlc8gOqAqDFHoQruPEeofUBIvAAIhANYXUsb-M8TlXmD8aChiMHvHtplFbp6HBiBihUbXEUqZ
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
UQRaMRUwEKb9QTPA8o79rRPjCQa7C2YFATX1NcNcsW4KB4nJGS6/VCmME2cyLGaEmwBNnMLDs1gATSXGhzqiUw==
content-length
0
date
Fri, 23 Apr 2021 01:01:32 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
page.php
www.facebook.com/v5.0/plugins/ Frame FF21
Redirect Chain
  • https://web.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1...
  • https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1...
111 KB
29 KB
Document
General
Full URL
https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/ru_RU/sdk.js?hash=26f452649cca37d16e4d2ab4df9ce787&ua=modern_es6
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f113:81:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
311eff0ed111799efbe48a8317665211be87b60c1d6c09b18ef4b0915cc82f65
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://gordonua.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
fr=0epMuN9U3upWIGQ0I..Bgghxr...1.0.Bgghxr.
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
about:blank

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/;
content-encoding
br
strict-transport-security
max-age=15552000; preload
x-xss-protection
0
facebook-api-version
v5.0
x-content-type-options
nosniff
vary
Accept-Encoding
pragma
no-cache
x-fb-rlafr
0
content-type
text/html; charset="utf-8"
x-fb-debug
bvKqtI8YxTi5f1OkCv6zIC16yyP0BObINsPVKTo5A0Bc731SgjbSsCXdEO01ozzOAtxrID6gFt7bFWEERPZmzQ==
date
Fri, 23 Apr 2021 01:01:32 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i

Redirect headers

location
https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
x-fb-zr-redirect
02|1619226092|FzBFAiEAzCvBG2xLgBiBEnNbpa6SpEpM6VRGlOBm4COCp4XLpFMCICzHcrdeF0Ln6SbW9vT3MDj5Kyb8BdVFvvPo1TiNhTom
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
TvTj+OdiFraQmSjH6gZwASSZkK+qX7tn3qFwMRHerTb9w51hMZnhnzOVmfxpB8pZBJXHkLfHexXKcO3MRBK3Pw==
content-length
0
date
Fri, 23 Apr 2021 01:01:32 GMT
priority
u=3,i
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
widget_iframe.2e9f365dae390394eb8d923cba8c5b11.html
platform.twitter.com/widgets/ Frame 500D
15 KB
6 KB
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.2e9f365dae390394eb8d923cba8c5b11.html?origin=https%3A%2F%2Fgordonua.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6796) /
Resource Hash
e0a2d2ba1ca07e954274907246fdb700ca78d1c8cd64a109d1baf62ba90b4d57

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://gordonua.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://gordonua.com/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
608960
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Fri, 23 Apr 2021 01:01:32 GMT
Etag
"347ce5de96d97a02c18244967b8b6532+gzip"
Last-Modified
Thu, 07 Mar 2019 17:39:26 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/6796)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
5783
button.dd024c345fc26f7c7a8d9938b67e5d3d.js
platform.twitter.com/js/
7 KB
3 KB
Script
General
Full URL
https://platform.twitter.com/js/button.dd024c345fc26f7c7a8d9938b67e5d3d.js
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/675D) /
Resource Hash
bec117b5be8f22e9305be68965e3734a5135357a3ac88cda5814b7069a1c62dc

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:32 GMT
Content-Encoding
gzip
Last-Modified
Fri, 24 May 2019 16:14:06 GMT
Server
ECS (frb/675D)
Age
608535
Etag
"481d209bbcd2464884d57a77bc64e947+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
2293
25_tn2.jpg
gordonua.com/img/article/8599/
8 KB
9 KB
Image
General
Full URL
https://gordonua.com/img/article/8599/25_tn2.jpg?v1554321859
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
8a93db8c53045c079b447fe251c9474feaff9da40b7f46cb1546d122e31494e6
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/8599/25_tn2.jpg?v1554321859
pragma
no-cache
cookie
_ga=GA1.2.626854433.1619139692; _gid=GA1.2.626200510.1619139692; _gat_UA-45540577-1=1; _fbp=fb.1.1619139692026.1767761047
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
vary
Accept-Encoding
last-modified
Wed, 03 Apr 2019 17:31:59 GMT
server
nginx
etag
"5ca4ee0f-2115"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
8469
x-xss-protection
1; mode=block
expires
Fri, 07 May 2021 01:01:32 GMT
24_tn2.jpg
gordonua.com/img/article/8599/
14 KB
14 KB
Image
General
Full URL
https://gordonua.com/img/article/8599/24_tn2.jpg?v1554327102
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
227ef254ff22f2c592ef5d3804ee00128a834198102968a5ac33bd51f7164cc1
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/8599/24_tn2.jpg?v1554327102
pragma
no-cache
cookie
_ga=GA1.2.626854433.1619139692; _gid=GA1.2.626200510.1619139692; _gat_UA-45540577-1=1; _fbp=fb.1.1619139692026.1767761047
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
vary
Accept-Encoding
last-modified
Wed, 03 Apr 2019 17:17:09 GMT
server
nginx
etag
"5ca4ea95-38ca"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
14538
x-xss-protection
1; mode=block
expires
Fri, 07 May 2021 01:01:32 GMT
6_tn2.jpg
gordonua.com/img/article/8597/
9 KB
9 KB
Image
General
Full URL
https://gordonua.com/img/article/8597/6_tn2.jpg?v1554305021
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
67cf577c7b90d1e6317d0ecf74906df33ea30167ff007f1eb7a6a9ae5fef6be8
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/8597/6_tn2.jpg?v1554305021
pragma
no-cache
cookie
_ga=GA1.2.626854433.1619139692; _gid=GA1.2.626200510.1619139692; _gat_UA-45540577-1=1; _fbp=fb.1.1619139692026.1767761047
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
vary
Accept-Encoding
last-modified
Wed, 03 Apr 2019 14:46:57 GMT
server
nginx
etag
"5ca4c761-2205"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
8709
x-xss-protection
1; mode=block
expires
Fri, 07 May 2021 01:01:32 GMT
79_tn2.jpg
gordonua.com/img/article/8552/
8 KB
8 KB
Image
General
Full URL
https://gordonua.com/img/article/8552/79_tn2.jpg?v1554327516
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
7e65876481a124dc412ba0112f271f9879e456bddffd0c0a1dee0f53bd1c1cb6
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/8552/79_tn2.jpg?v1554327516
pragma
no-cache
cookie
_ga=GA1.2.626854433.1619139692; _gid=GA1.2.626200510.1619139692; _gat_UA-45540577-1=1; _fbp=fb.1.1619139692026.1767761047
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
vary
Accept-Encoding
last-modified
Mon, 01 Apr 2019 21:24:57 GMT
server
nginx
etag
"5ca281a9-1f14"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
7956
x-xss-protection
1; mode=block
expires
Fri, 07 May 2021 01:01:32 GMT
12_tn2.jpg
gordonua.com/img/article/8452/
8 KB
8 KB
Image
General
Full URL
https://gordonua.com/img/article/8452/12_tn2.jpg?v1553816179
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
c2d8cd3532d6461d616201735330466e6236fbf7c135dc529e39d36314dcd551
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/article/8452/12_tn2.jpg?v1553816179
pragma
no-cache
cookie
_ga=GA1.2.626854433.1619139692; _gid=GA1.2.626200510.1619139692; _gat_UA-45540577-1=1; _fbp=fb.1.1619139692026.1767761047
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
vary
Accept-Encoding
last-modified
Thu, 28 Mar 2019 21:14:13 GMT
server
nginx
etag
"5c9d3925-1f88"
x-frame-options
sameorigin
content-type
image/jpeg
accept-ranges
bytes
content-length
8072
x-xss-protection
1; mode=block
expires
Fri, 07 May 2021 01:01:32 GMT
xgemius.js
gaua.hit.gemius.pl/
39 KB
10 KB
Script
General
Full URL
https://gaua.hit.gemius.pl/xgemius.js
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS
ip28.ip-54-37-238.eu
Software
GHC /
Resource Hash
a127af41d27c28c65f968b49a6523c642374f983741f50eb822989c6a78c3111

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
gzip
last-modified
Wed, 17 Mar 2021 11:13:20 GMT
server
GHC
vary
Accept-Encoding,Origin
p3p
CP="NOI DSP COR NID PSAo OUR IND"
cache-control
max-age=43200
accept-ranges
none
content-type
application/x-javascript
content-length
10549
expires
Fri, 23 Apr 2021 13:01:32 GMT
config.json
player.adtelligent.com/exchange_rates/307358/
11 KB
5 KB
XHR
General
Full URL
https://player.adtelligent.com/exchange_rates/307358/config.json?cb=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/449761/hb_307359_6809.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.1 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
66f6ea721264102027d1fcf579877969615960a85b1800d6138e52f794efafc1

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
gzip
last-modified
Fri, 23 Apr 2021 00:02:09 GMT
server
nginx
etag
W/"60820e81-2b29"
content-type
application/json
access-control-allow-origin
https://gordonua.com
expires
Fri, 23 Apr 2021 02:01:32 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
settings
syndication.twitter.com/ Frame 500D
120 B
394 B
Fetch
General
Full URL
https://syndication.twitter.com/settings
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2e9f365dae390394eb8d923cba8c5b11.html?origin=https%3A%2F%2Fgordonua.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.136 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_devel /
Resource Hash
f8cacb171afeb1d90fb92a35f80f9110210a287be17eba6f3603d9d4a7e4527a
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
gzip
last-modified
Fri, 23 Apr 2021 01:01:32 GMT
server
tsa_devel
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
e032a669c8bb5bc2df9569b414a95f635459800dbaf250387b1197d934ab9df3
content-length
126
/
ads.us.e-planning.net/uspd/1/ Frame 6640
Redirect Chain
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
3 KB
1 KB
Document
General
Full URL
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.248 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
1ed6c1a411d54f52ccb4d9168d9d93f5a84e0c81d2a9b08db398c8ac3a88b396

Request headers

:method
GET
:authority
ads.us.e-planning.net
:scheme
https
:path
/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://s.console.adtarget.com.tr/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
CT=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://s.console.adtarget.com.tr/

Response headers

server
openresty
date
Fri, 23 Apr 2021 01:01:32 GMT
content-type
text/html
cache-control
max-age=0, no-cache
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
set-cookie
E=AKVN9MJlSt8s6Mt7; path=/; domain=e-planning.net; expires=Fri, 21-Apr-2028 01:01:32 GMT; SameSite=None; Secure
expires
Fri, 23 Apr 2021 01:01:32 GMT
x-sid
AMS-743
content-encoding
gzip

Redirect headers

server
openresty
date
Fri, 23 Apr 2021 01:01:32 GMT
content-type
text/html; charset=iso-8859-1
set-cookie
CT=1; path=/; SameSite=None; Secure
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location
/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
x-sid
AMS-743
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 89E6
8 KB
3 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://s.console.adtarget.com.tr/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://s.console.adtarget.com.tr/

Response headers

Last-Modified
Wed, 21 Oct 2020 18:57:29 GMT
ETag
"1300708-1f78-5b232eb4914bb"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
2654
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=145402
Expires
Sat, 24 Apr 2021 17:24:54 GMT
Date
Fri, 23 Apr 2021 01:01:32 GMT
Connection
keep-alive
Vary
Accept-Encoding
pbsync.html
js.adscale.de/ Frame B957
3 KB
2 KB
Document
General
Full URL
https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.237.88 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-237-88.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
ecde72bc5d9fd5bc5150218535ae8f75ad9161924b91e64b7995c495fc90c246

Request headers

Host
js.adscale.de
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://s.console.adtarget.com.tr/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://s.console.adtarget.com.tr/

Response headers

x-amz-id-2
gP4kyJgm9jhO0VUUdLTBT2FWpFhQmCAW/re9IS8ZQIJX8fTLSq2/YHJz4jHPt+LSgIODv8ND+4c=
x-amz-request-id
TJ1Q7NA6JYQADF0B
Last-Modified
Wed, 03 Mar 2021 00:56:54 GMT
ETag
"5550fca00caf055568d6ced373f2721f"
x-amz-version-id
ljUMRnw1Ux.L_G6sluuTuNwF_kYaf8ny
Accept-Ranges
bytes
Content-Type
text/html
Server
AmazonS3
Vary
Accept-Encoding
Content-Encoding
gzip
Cache-Control
max-age=300
Date
Fri, 23 Apr 2021 01:01:32 GMT
Content-Length
1509
Connection
keep-alive
cookie
cm.adform.net/ Frame 1CE8
43 B
106 B
Document
General
Full URL
https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.241 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

:method
GET
:authority
cm.adform.net
:scheme
https
:path
/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://s.console.adtarget.com.tr/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://s.console.adtarget.com.tr/

Response headers

server
nginx
date
Fri, 23 Apr 2021 01:01:32 GMT
content-type
image/gif
content-length
43
user
cdn.admatic.com.tr/ Frame 51C3
251 B
616 B
Document
General
Full URL
https://cdn.admatic.com.tr/user
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software
BunnyCDN-DE1-481 /
Resource Hash
62b58b017cf4d54dc404dbc48e49b0429cbbb46678a868a95bf17664cc6340fd

Request headers

:method
GET
:authority
cdn.admatic.com.tr
:scheme
https
:path
/user
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://s.console.adtarget.com.tr/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://s.console.adtarget.com.tr/

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-type
text/html
vary
Accept-Encoding
server
BunnyCDN-DE1-481
cdn-pullzone
266102
cdn-uid
bea626e5-d007-4073-8941-73ce8dd2f81c
cdn-requestcountrycode
DE
cdn-edgestorageid
481
cdn-storageserver
DE-51
cache-control
public, max-age=3600
last-modified
Thu, 11 Feb 2021 13:30:42 GMT
cdn-cachedat
2021-04-22 23:33:53
cdn-requestpullsuccess
True
cdn-requestpullcode
206
cdn-requestid
be50c4e5fa782b8b87aab9c144db89bc
cdn-cache
HIT
content-encoding
gzip
sync.html
s.adtelligent.com/ Frame F70F
2 KB
1 KB
Document
General
Full URL
https://s.adtelligent.com/sync.html?aid=609724
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5095:0:225:90ff:fefa:245d London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
06b0f91f690a5ddc096187307c63af0de19dc9d61cc95ef686e283c843895bb9

Request headers

Host
s.adtelligent.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://s.console.adtarget.com.tr/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
vmuid=37c8f4dd4b59cb2b
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://s.console.adtarget.com.tr/

Response headers

Server
VertaMedia 1.0
Date
Fri, 23 Apr 2021 01:01:31 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
901
Access-Control-Allow-Origin
https://s.console.adtarget.com.tr
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Encoding
gzip
Cookie set csync
sync.console.adtarget.com.tr/ Frame E32F
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=admatic
  • https://creativecdn.com/cm-notify?pi=admatic&tc=1
  • https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=GEZonDgO0eBWQ7La62qL&pi=admatic&tc=1
86 B
547 B
Document
General
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=GEZonDgO0eBWQ7La62qL&pi=admatic&tc=1
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Host
sync.console.adtarget.com.tr
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://s.console.adtarget.com.tr/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://s.console.adtarget.com.tr/

Response headers

Server
VertaMedia 1.0
Date
Fri, 23 Apr 2021 01:01:32 GMT
Content-Type
image/gif
Content-Length
86
Cache-Control
no-cache, no-store, must-revalidate
Set-Cookie
vmuid=97e25719fee34765; expires=Thu, 24 Jun 2021 01:01:32 GMT; domain=.console.adtarget.com.tr; path=/; secure; SameSite=None a307080=GEZonDgO0eBWQ7La62qL; expires=Thu, 24 Jun 2021 01:01:32 GMT; domain=.console.adtarget.com.tr; path=/; secure; SameSite=None

Redirect headers

date
Fri, 23 Apr 2021 01:01:32 GMT Fri, 23 Apr 2021 01:01:32 GMT
location
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=GEZonDgO0eBWQ7La62qL&pi=admatic&tc=1
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-length
0
csync
sync.console.adtarget.com.tr/ Frame A288
Redirect Chain
  • https://nep.advangelists.com/xp/user-sync?acctid=494&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D306709%26extuid%3D%7BPARTNER_VISITOR_ID%7D
  • https://sync.console.adtarget.com.tr/csync?t=a&ep=306709&extuid=av-f675d6f0-1b4f-4a44-aed8-0e9ccdfb41d1
86 B
566 B
Image
General
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=306709&extuid=av-f675d6f0-1b4f-4a44-aed8-0e9ccdfb41d1
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer
https://s.console.adtarget.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:32 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
VertaMedia 1.0
Content-Length
86
Content-Type
image/gif

Redirect headers

location
https://sync.console.adtarget.com.tr/csync?t=a&ep=306709&extuid=av-f675d6f0-1b4f-4a44-aed8-0e9ccdfb41d1
date
Fri, 23 Apr 2021 01:01:32 GMT
server
Apache-Coyote/1.1
content-length
0
csync
sync.adtelligent.com/ Frame A288
Redirect Chain
  • https://sync.console.adtarget.com.tr/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D318342%26extuid%3D%7Buid%7D
  • https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=97e25719fee34765
86 B
527 B
Image
General
Full URL
https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=97e25719fee34765
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=609096
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer
https://s.console.adtarget.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:32 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
VertaMedia 1.0
Content-Length
86
Content-Type
image/gif

Redirect headers

Location
https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=97e25719fee34765
Date
Fri, 23 Apr 2021 01:01:32 GMT
Server
VertaMedia 1.0
Content-Length
43
Content-Type
image/gif
tweet_button.2e9f365dae390394eb8d923cba8c5b11.en.html
platform.twitter.com/widgets/ Frame 2697
32 KB
12 KB
Document
General
Full URL
https://platform.twitter.com/widgets/tweet_button.2e9f365dae390394eb8d923cba8c5b11.en.html
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/675D) /
Resource Hash
2edf8554db9efd4893b94a10d544946151835133e5367aa5e5ffc0a88cbf23d0

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://gordonua.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://gordonua.com/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
608855
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Fri, 23 Apr 2021 01:01:32 GMT
Etag
"8dadfe02e828fc4a9d61e33bdd1df329+gzip"
Last-Modified
Thu, 07 Mar 2019 17:39:22 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/675D)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
12257
truncated
/ Frame 2697
822 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
bundle.js
cdn.admatic.com.tr/user/ Frame 51C3
54 KB
20 KB
Script
General
Full URL
https://cdn.admatic.com.tr/user/bundle.js
Requested by
Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software
BunnyCDN-DE1-481 /
Resource Hash
8b5cbe512fbb056de7aa42963d3bac7e38adb05e32fbe6f502b4fad3cabf57fc

Request headers

Referer
https://cdn.admatic.com.tr/user
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
cdn-edgestorageid
481
cdn-storageserver
DE-51
cdn-cachedat
2021-04-22 22:05:39
cdn-pullzone
266102
last-modified
Fri, 12 Mar 2021 04:24:48 GMT
server
BunnyCDN-DE1-481
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
bea626e5-d007-4073-8941-73ce8dd2f81c
cache-control
public, max-age=3600
cdn-requestid
5a471de884af4ba30ffa214e229e45f9
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
1px-matching-adtelligent.gif
t.trafmag.com/images/images/ Frame F70F
Redirect Chain
  • https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D
  • https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=37c8f4dd4b59cb2b
35 B
232 B
Image
General
Full URL
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=37c8f4dd4b59cb2b
Requested by
Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
193.200.65.5 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://s.adtelligent.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
server
nginx
content-type
image/gif
content-length
35
p3p
CP="NON DSP COR CURa TIA"

Redirect headers

Location
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=37c8f4dd4b59cb2b
Date
Fri, 23 Apr 2021 01:01:31 GMT
Server
VertaMedia 1.0
Content-Length
43
Content-Type
image/gif
d
ic.tynt.com/r/ Frame D11E
0
0
Document
General
Full URL
https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Requested by
Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.190 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash

Request headers

:method
GET
:authority
ic.tynt.com
:scheme
https
:path
/r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://s.adtelligent.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://s.adtelligent.com/

Response headers

server
nginx/1.16.1
date
Fri, 23 Apr 2021 01:01:32 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
csync
sync.adtelligent.com/ Frame F70F
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID&sovrn_retry=true
  • https://sync.adtelligent.com/csync?t=a&ep=310570&extuid=7769fa96d2dec248bb773327
86 B
535 B
Image
General
Full URL
https://sync.adtelligent.com/csync?t=a&ep=310570&extuid=7769fa96d2dec248bb773327
Requested by
Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer
https://s.adtelligent.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:32 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
VertaMedia 1.0
Content-Length
86
Content-Type
image/gif

Redirect headers

Date
Fri, 23 Apr 2021 01:01:32 GMT
Server
nginx
Location
https://sync.adtelligent.com/csync?t=a&ep=310570&extuid=7769fa96d2dec248bb773327
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
0
csync
sync.adtelligent.com/ Frame F70F
Redirect Chain
  • https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309255%26extuid%3D%24%7BUID%7D
  • https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309255%26extuid%3D%24%7BUID%7D&ox_sc=1
  • https://sync.adtelligent.com/csync?t=a&ep=309255&extuid=54e3fc98-e541-4023-bb24-8a03f2f4a470
86 B
547 B
Image
General
Full URL
https://sync.adtelligent.com/csync?t=a&ep=309255&extuid=54e3fc98-e541-4023-bb24-8a03f2f4a470
Requested by
Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer
https://s.adtelligent.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:32 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
VertaMedia 1.0
Content-Length
86
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:31 GMT
via
1.1 google
server
Cowboy
access-control-allow-origin
null
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://sync.adtelligent.com/csync?t=a&ep=309255&extuid=54e3fc98-e541-4023-bb24-8a03f2f4a470
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
0
x-request-id
arjnjen120ksoc80su5rdo0k3g289sel
csync
sync.adtelligent.com/ Frame F70F
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D297253%26extuid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.adtelligent.com%252Fcsync%253Ft%253Da%2526ep%253D297253%2526extuid%253D%2524UID
  • https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=295627870936991132
86 B
529 B
Image
General
Full URL
https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=295627870936991132
Requested by
Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer
https://s.adtelligent.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:32 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
VertaMedia 1.0
Content-Length
86
Content-Type
image/gif

Redirect headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:32 GMT
X-Proxy-Origin
37.120.211.132; 37.120.211.132; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.44:80
AN-X-Request-Uuid
ebedb508-97ad-4c0e-9714-b3b6d65f20c0
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=295627870936991132
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
csync
sync.console.adtarget.com.tr/ Frame F70F
Redirect Chain
  • https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D322988%26extuid%3D%7Buid%7D
  • https://sync.console.adtarget.com.tr/csync?t=a&ep=322988&extuid=37c8f4dd4b59cb2b
86 B
543 B
Image
General
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=322988&extuid=37c8f4dd4b59cb2b
Requested by
Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer
https://s.adtelligent.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:32 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
VertaMedia 1.0
Content-Length
86
Content-Type
image/gif

Redirect headers

Location
https://sync.console.adtarget.com.tr/csync?t=a&ep=322988&extuid=37c8f4dd4b59cb2b
Date
Fri, 23 Apr 2021 01:01:32 GMT
Server
VertaMedia 1.0
Content-Length
43
Content-Type
image/gif
fpdata.js
gaua.hit.gemius.pl/
281 B
393 B
Script
General
Full URL
https://gaua.hit.gemius.pl/fpdata.js?href=gordonua.com
Requested by
Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/xgemius.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS
ip28.ip-54-37-238.eu
Software
GHC /
Resource Hash
7e125d296c48520a302eb4e5909fefe2c25b7eaf2619403bb8723f348b3b24b6

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
last-modified
Mon, 16 Jul 2012 10:03:40 GMT
server
GHC
etag
PRIVATE7520710249
p3p
CP="NOI DSP COR NID PSAo OUR IND"
cache-control
private, max-age=2592000
accept-ranges
none
content-type
application/x-javascript
content-length
281
expires
Sun, 23 May 2021 01:01:32 GMT
jot
syndication.twitter.com/i/
43 B
329 B
Image
General
Full URL
https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22gordonuacom%22%2C%22widget_creator_screen_name%22%3A%22Gordonuacom%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1619139692443%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22c1f189f%3A1551939852453%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.136 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_devel /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
pragma
no-cache
last-modified
Fri, 23 Apr 2021 01:01:32 GMT
server
tsa_devel
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
e032a669c8bb5bc2df9569b414a95f635459800dbaf250387b1197d934ab9df3
x-transaction
9f1c900f61cf9cb7
expires
Tue, 31 Mar 1981 05:00:00 GMT
uu
ih.adscale.de/ Frame B957
Redirect Chain
  • https://ih.adscale.de/uu?cbfn=receive&t=1619139692
  • https://ih.adscale.de/uu?cbfn=receive&t=1619139692&nut&uu=10083598ef6b4e469e299562f7eb7630
44 B
213 B
Script
General
Full URL
https://ih.adscale.de/uu?cbfn=receive&t=1619139692&nut&uu=10083598ef6b4e469e299562f7eb7630
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-173-146.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
f7e1cafb55b6a493c3e316e6b4ee076eee246f14c4887e7944ba5a009b9ef2fe

Request headers

Referer
https://js.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-length
44
content-type
text/javascript;charset=ISO-8859-1

Redirect headers

location
https://ih.adscale.de/uu?cbfn=receive&t=1619139692&nut&uu=10083598ef6b4e469e299562f7eb7630
date
Fri, 23 Apr 2021 01:01:32 GMT
content-length
0
rexdot.js
gaua.hit.gemius.pl/__/_1619139692471/
Redirect Chain
  • https://gaua.hit.gemius.pl/_1619139692471/rexdot.js?l=100&id=B9CV7SrIJX2nvNGotyPT6oaT7zcpOCbAOJjDjlEwkLT.57&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2Fgordonua...
  • https://gaua.hit.gemius.pl/__/_1619139692471/rexdot.js?l=100&id=B9CV7SrIJX2nvNGotyPT6oaT7zcpOCbAOJjDjlEwkLT.57&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2Fgordo...
169 B
426 B
Script
General
Full URL
https://gaua.hit.gemius.pl/__/_1619139692471/rexdot.js?l=100&id=B9CV7SrIJX2nvNGotyPT6oaT7zcpOCbAOJjDjlEwkLT.57&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=0&lsdata=-NOTSUP&fpdata=bunMticMoC3svXKb6LveEhONetw3j_Um60zuGEI9OCb.T7&vis=1
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS
ip28.ip-54-37-238.eu
Software
GHC /
Resource Hash
33ca2658f422931a00b0c1a4d8099fb6eabaadc5e2ee4cef5c04c07b3ee13a56

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:32 GMT
server
GHC
p3p
CP="NOI DSP COR NID PSAo OUR IND"
cache-control
no-store, no-cache, must-revalidate, max-age=0
accept-ranges
none
content-type
application/x-javascript
content-length
169
expires
Thu, 22 Apr 2021 01:01:32 GMT

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:32 GMT
server
GHC
p3p
CP="NOI DSP COR NID PSAo OUR IND"
location
/__/_1619139692471/rexdot.js?l=100&id=B9CV7SrIJX2nvNGotyPT6oaT7zcpOCbAOJjDjlEwkLT.57&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=0&lsdata=-NOTSUP&fpdata=bunMticMoC3svXKb6LveEhONetw3j_Um60zuGEI9OCb.T7&vis=1
cache-control
no-store, no-cache, must-revalidate, max-age=0
accept-ranges
none
content-length
0
expires
Thu, 22 Apr 2021 01:01:32 GMT
showad.js
ads.pubmatic.com/AdServer/js/ Frame 9396
38 KB
14 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D

Response headers

Last-Modified
Wed, 14 Apr 2021 09:18:30 GMT
ETag
"13006b6-98c2-5bfeb3aef82b4"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
14060
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=29158
Expires
Fri, 23 Apr 2021 09:07:30 GMT
Date
Fri, 23 Apr 2021 01:01:32 GMT
Connection
keep-alive
Vary
Accept-Encoding
4CdxKscWxnA.css
static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/ Frame 7E0D
25 KB
6 KB
Stylesheet
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/4CdxKscWxnA.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1abca4da71757c%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=0&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom%2F&locale=ru_RU&sdk=joey&show_facepile=true&small_header=true&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
67700f5490adca14d6d29669cc771f52619f7c2123801d63091b9a361d7839bf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
W7DU2tynDe7RWmz8AkAZVA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
5878
x-fb-rlafr
0
x-fb-debug
6hoHNEYOJK6Bs3R0e2svtdJevyKsNNvZuPR+qr8zoa7M8/XySMpxIyJCTPdisvoVa7IUEtVYS7FX7J8So4T34A==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 17:55:13 GMT
gE_HYjdYxDu.js
static.xx.fbcdn.net/rsrc.php/v3/yu/r/ Frame 7E0D
273 KB
73 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/gE_HYjdYxDu.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1abca4da71757c%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=0&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom%2F&locale=ru_RU&sdk=joey&show_facepile=true&small_header=true&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7237f9cf9ebbb0d3d59948a1f6c9951f89b9e2cca391c1e1ead79579709ce826
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
MQDllNF8b3Jlx5vCXVZnOg==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
74201
x-fb-rlafr
0
x-fb-debug
dfLkotHTvNkL2aAjCMQvDX3+mS1Y0w1veO7adRckcthEFOWZMtRejNADRorOsb6N8FMZN0PmhWM4kzVEEoTN3g==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 18:27:54 GMT
OvefcJZkxS8.js
static.xx.fbcdn.net/rsrc.php/v3/yy/r/ Frame 7E0D
63 KB
19 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/OvefcJZkxS8.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1abca4da71757c%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=0&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom%2F&locale=ru_RU&sdk=joey&show_facepile=true&small_header=true&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ae6b7745daadd0d07cbc29710c708c84f5aa72d207531a965b3d39ddfdcc699e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
YMZHrMHH3vdVA3t9SrNWyw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
19601
x-fb-rlafr
0
x-fb-debug
KII2Wt0egCxO/HXOmmHYW6VSEVd/5y1wPNy5HtaOt+dECBaXo4aG6Q0Jgd4hdaPw5aRFyw0bRNA44jD0xnKAPA==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 17:55:13 GMT
BVLio3plneq.js
static.xx.fbcdn.net/rsrc.php/v3iI4w4/yj/l/ru_RU/ Frame 7E0D
129 KB
36 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iI4w4/yj/l/ru_RU/BVLio3plneq.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1abca4da71757c%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=0&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom%2F&locale=ru_RU&sdk=joey&show_facepile=true&small_header=true&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4be53eb02d94d6c8e44e1c0f764dcbdbf4fe3439f7034300d8139ea1a16e4a20
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
mbezDF7yu/O5QgGxBElh7A==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
36724
x-fb-rlafr
0
x-fb-debug
FMwyeeN1WZifkNEA0hgal1bCGLWjmSQ8oTqPhNMkmt2Gwx/0OCfO521Q5pG2g/6NrRDLv0PJ4u3jcs/OuFVMdg==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 18:22:55 GMT
IEOQM8FL8ot.js
static.xx.fbcdn.net/rsrc.php/v3/yr/r/ Frame 7E0D
5 KB
2 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/IEOQM8FL8ot.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1abca4da71757c%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=0&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom%2F&locale=ru_RU&sdk=joey&show_facepile=true&small_header=true&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
908edfa9f7ec9fd5cb6b2159b5cb305d9c2c88601c8bf00a23bb0e96fcea1e21
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
mrvV7Xg6Liq29ANLrbPdkw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1630
x-fb-rlafr
0
x-fb-debug
o7+v7LbnWHvW9BKrdhQMT5d6WEUj0vkgXLaeZUcXzJsdqQd2d5JS8XzgtZYtD7MrIjEL1GVlwNf3/VJm2aSpnQ==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 14 Apr 2022 11:04:10 GMT
4CdxKscWxnA.css
static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/ Frame FF21
25 KB
6 KB
Stylesheet
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/4CdxKscWxnA.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
67700f5490adca14d6d29669cc771f52619f7c2123801d63091b9a361d7839bf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
W7DU2tynDe7RWmz8AkAZVA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
5878
x-fb-rlafr
0
x-fb-debug
6hoHNEYOJK6Bs3R0e2svtdJevyKsNNvZuPR+qr8zoa7M8/XySMpxIyJCTPdisvoVa7IUEtVYS7FX7J8So4T34A==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 17:55:13 GMT
tiLfsG4W1Qy.css
static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/ Frame FF21
37 KB
7 KB
Stylesheet
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/tiLfsG4W1Qy.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
23f63ed5d5537417eb7f8db8fbd9f9ac0e01142ae8dbbd84f8c8587516ce8e6d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
bgN93RvGqgBwmT1bHuPWcA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
7410
x-fb-rlafr
0
x-fb-debug
3CHoThV2oNqbf3hOLRQbYVJV+4mt6HEDyvOAvrcYR2MOFCGqii/rOiCXPlWMYtI+NpUZmQ8wul85Ww+pvjT/4w==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 18:13:09 GMT
gE_HYjdYxDu.js
static.xx.fbcdn.net/rsrc.php/v3/yu/r/ Frame FF21
273 KB
73 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/gE_HYjdYxDu.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7237f9cf9ebbb0d3d59948a1f6c9951f89b9e2cca391c1e1ead79579709ce826
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
MQDllNF8b3Jlx5vCXVZnOg==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
74201
x-fb-rlafr
0
x-fb-debug
dfLkotHTvNkL2aAjCMQvDX3+mS1Y0w1veO7adRckcthEFOWZMtRejNADRorOsb6N8FMZN0PmhWM4kzVEEoTN3g==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 18:27:54 GMT
OvefcJZkxS8.js
static.xx.fbcdn.net/rsrc.php/v3/yy/r/ Frame FF21
63 KB
19 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/OvefcJZkxS8.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ae6b7745daadd0d07cbc29710c708c84f5aa72d207531a965b3d39ddfdcc699e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
YMZHrMHH3vdVA3t9SrNWyw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
19601
x-fb-rlafr
0
x-fb-debug
KII2Wt0egCxO/HXOmmHYW6VSEVd/5y1wPNy5HtaOt+dECBaXo4aG6Q0Jgd4hdaPw5aRFyw0bRNA44jD0xnKAPA==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 17:55:13 GMT
BVLio3plneq.js
static.xx.fbcdn.net/rsrc.php/v3iI4w4/yj/l/ru_RU/ Frame FF21
129 KB
36 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iI4w4/yj/l/ru_RU/BVLio3plneq.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4be53eb02d94d6c8e44e1c0f764dcbdbf4fe3439f7034300d8139ea1a16e4a20
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
mbezDF7yu/O5QgGxBElh7A==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
36724
x-fb-rlafr
0
x-fb-debug
FMwyeeN1WZifkNEA0hgal1bCGLWjmSQ8oTqPhNMkmt2Gwx/0OCfO521Q5pG2g/6NrRDLv0PJ4u3jcs/OuFVMdg==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 18:22:55 GMT
IEOQM8FL8ot.js
static.xx.fbcdn.net/rsrc.php/v3/yr/r/ Frame FF21
5 KB
2 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/IEOQM8FL8ot.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
908edfa9f7ec9fd5cb6b2159b5cb305d9c2c88601c8bf00a23bb0e96fcea1e21
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
mrvV7Xg6Liq29ANLrbPdkw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1630
x-fb-rlafr
0
x-fb-debug
o7+v7LbnWHvW9BKrdhQMT5d6WEUj0vkgXLaeZUcXzJsdqQd2d5JS8XzgtZYtD7MrIjEL1GVlwNf3/VJm2aSpnQ==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 14 Apr 2022 11:04:10 GMT
KMa6-js1idc.js
static.xx.fbcdn.net/rsrc.php/v3i_P84/yA/l/ru_RU/ Frame FF21
33 KB
9 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3i_P84/yA/l/ru_RU/KMa6-js1idc.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
78b400b9fd8dc4e2ddff76be1fd7fbd6da9ea6bbcc2e9f2267fc22484d655cd5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
t5OMG6j6v5FzjLLTlxgLvg==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
9046
x-fb-rlafr
0
x-fb-debug
5A1ShoR8JFiwQTmaKMiO0p8XzS0Ji5FWO3O/SaZeIjeO+xVryFf4oDknV2dgBkA8ihd2DpY+P55ovvK7yU2+mg==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 18:03:32 GMT
vOy4lNsMUbR.js
static.xx.fbcdn.net/rsrc.php/v3/yu/r/ Frame FF21
159 KB
47 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/vOy4lNsMUbR.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ee8dfb812cc7833bc8b244c704607548b2d8f33eb04eb262836f2071052f67b5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
NENT5AiNx/wWWKfBFmcH3A==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
47588
x-fb-rlafr
0
x-fb-debug
5c2Yg0a5dsumXCDk+o+ho+ikRFPO1o61gNKAQt0F4f/kT0bwHOKGmRmAK8bsZUZLCutPC05CJAhfxppBwn4KTw==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 18:27:29 GMT
GPw5TPcsm13.js
static.xx.fbcdn.net/rsrc.php/v3iEFa4/y3/l/ru_RU/ Frame FF21
443 KB
103 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iEFa4/y3/l/ru_RU/GPw5TPcsm13.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c493c4b73a02e6f4f9721d2399cb7f7df85388b68df03ca870836008e6cffa6a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
bI4Ca/ObkVoc267Q5xuYdQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
104828
x-fb-rlafr
0
x-fb-debug
iG5W24WE8VkCrlmylFAcyO6irNtXYT/WE+aGNS9EJYyeBub8ZiToQ2LcbXIgb4aPUEMLJckVR3pqV9g4DdKFpA==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 17:55:51 GMT
NAbxrfiREAq.js
static.xx.fbcdn.net/rsrc.php/v3/y7/r/ Frame FF21
93 KB
26 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/NAbxrfiREAq.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2812c4e6fb5db18c9a70640654c4bdb973427c4df56b96ec78bc1da5c6c443cf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
m97NipW9KPp6AhOWxb7GgQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
26095
x-fb-rlafr
0
x-fb-debug
jd5jhrfvqmFEo8Yc3WremHMHsq1gJHuBBL3fA1YaqquH11vKTRhE8Jj7bXMwe/EtxYL0BK47E/y4HsVPQJOHWw==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 18:08:25 GMT
y6QqQaNeJsz.js
static.xx.fbcdn.net/rsrc.php/v3/yS/r/ Frame FF21
19 KB
6 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/y6QqQaNeJsz.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
88d32cb380c8accd245e33fae7d1ede15212de9267688c84b0ff7a9c53e956d4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
heMcpMIrHrlHXNQA/HF8qQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
5979
x-fb-rlafr
0
x-fb-debug
ewD1CDC5lSTI7qS+b8wVPYWW1uIdZ1/obIdeOBquu+ooXo+REK2ugOZkvqNlV/QfrzDuiED6DDwaeuOW5lSrlg==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 17:55:13 GMT
1usRqtZVbfO.js
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ Frame FF21
37 KB
11 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/1usRqtZVbfO.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f5820244a2bb1a21fb966e2a417d1c12f43ad67d33c1275338d1b3d67caad567
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
rBc3q7LW/6BWJorlo9zSzQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
11415
x-fb-rlafr
0
x-fb-debug
ChvRMmvVswvjLPY8jQfyGkAV4z3hvmqv3bS4kfAJx0O9lrru94d12BnoqzgRm5UJZO/dRduOGKMZ8IqIlOiC/A==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 18:03:36 GMT
Fu0NXcrLIlu.js
static.xx.fbcdn.net/rsrc.php/v3/yU/r/ Frame FF21
348 KB
78 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/Fu0NXcrLIlu.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2a6f8d095690b29656db62c22c4803ea38fd4bdd332eb4984f06c96d42ee6df4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
5KGsqtWvPYD1KPZ8huXVyg==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
79872
x-fb-rlafr
0
x-fb-debug
zZh3Ow4TeHHHDKchGIlZKNn3iqaPF/L8pKJisIK/6MPC2vmB0zL4B0l/fvtKRVYSdW+ICYozWR7mnrLRwK3JRA==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 17:55:13 GMT
mjEb1VUq_qw.js
static.xx.fbcdn.net/rsrc.php/v3/yS/r/ Frame FF21
269 B
705 B
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/mjEb1VUq_qw.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
01be4a25baf193f4df75e91bc1f2d6352ea7dde1bd265bc7c0c04c0dda636bd8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
x-content-type-options
nosniff
content-md5
ycATGO9m9lP84Wkk22l0XA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
269
x-fb-rlafr
0
x-fb-debug
sFIcmdV43U2HLxiPbatS1f4JCgKsagHpVz7NsCyYNqUh8uRqO5ppNGAou7D9GQMP9/JCMl++wpqRRIf3Ykl+3A==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 15:52:06 GMT
16640_1508636782704787_8423163951224505892_n.png
scontent-frt3-1.xx.fbcdn.net/v/t1.18169-0/p130x130/ Frame FF21
50 KB
50 KB
Image
General
Full URL
https://scontent-frt3-1.xx.fbcdn.net/v/t1.18169-0/p130x130/16640_1508636782704787_8423163951224505892_n.png?_nc_cat=109&ccb=1-3&_nc_sid=dd9801&_nc_ohc=P2Ku-OkHi4oAX-GOcYP&_nc_ht=scontent-frt3-1.xx&tp=30&oh=b7cad75eaef0f604ad25ff62408a208d&oe=60A9A113
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
719311217bf7df41f1d81d55bd37863ccb971ef020d9b620b8a7ce2c79acade8

Request headers

Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haystack-needlechecksum
2510613361
date
Fri, 23 Apr 2021 01:01:32 GMT
last-modified
Tue, 05 Aug 2014 19:28:10 GMT
content-length
51638
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-FB-CEC-Video-Limit
cache-control
max-age=1209600, no-transform
cross-origin-resource-policy
cross-origin
x-needle-checksum
2905724461
x-fb-config-version-olb-prod
1071
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
10489650_1504449399790192_9167430718966506740_n.png
scontent-frt3-1.xx.fbcdn.net/v/t1.18169-1/cp0/p50x50/ Frame FF21
1 KB
1 KB
Image
General
Full URL
https://scontent-frt3-1.xx.fbcdn.net/v/t1.18169-1/cp0/p50x50/10489650_1504449399790192_9167430718966506740_n.png?_nc_cat=102&ccb=1-3&_nc_sid=dbb9e7&_nc_ohc=cDvTqTGLxp4AX9rGxc1&_nc_ht=scontent-frt3-1.xx&tp=30&oh=4eeb8f0aa1195b92fdc4ff8b5cf72a92&oe=60A94193
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6771e820615d43383a1c1323fba4c15afa31caa740912bdfc00306fd1a38d3a1

Request headers

Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haystack-needlechecksum
3587781967
date
Fri, 23 Apr 2021 01:01:32 GMT
last-modified
Thu, 24 Jul 2014 15:43:07 GMT
content-length
1460
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-FB-CEC-Video-Limit
cache-control
max-age=1209600, no-transform
cross-origin-resource-policy
cross-origin
x-needle-checksum
2640567716
x-fb-config-version-olb-prod
1071
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
10489650_1504449399790192_9167430718966506740_n.png
scontent-frt3-1.xx.fbcdn.net/v/t1.18169-1/cp0/p50x50/ Frame 7E0D
1 KB
2 KB
Image
General
Full URL
https://scontent-frt3-1.xx.fbcdn.net/v/t1.18169-1/cp0/p50x50/10489650_1504449399790192_9167430718966506740_n.png?_nc_cat=102&ccb=1-3&_nc_sid=dbb9e7&_nc_ohc=cDvTqTGLxp4AX9rGxc1&_nc_ht=scontent-frt3-1.xx&tp=30&oh=4eeb8f0aa1195b92fdc4ff8b5cf72a92&oe=60A94193
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1abca4da71757c%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=0&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom%2F&locale=ru_RU&sdk=joey&show_facepile=true&small_header=true&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6771e820615d43383a1c1323fba4c15afa31caa740912bdfc00306fd1a38d3a1

Request headers

Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haystack-needlechecksum
3587781967
date
Fri, 23 Apr 2021 01:01:32 GMT
x-fb-trip-id
2050670934
last-modified
Thu, 24 Jul 2014 15:43:07 GMT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-FB-CEC-Video-Limit
cache-control
max-age=1209600, no-transform
cross-origin-resource-policy
cross-origin
x-needle-checksum
2640567716
x-fb-config-version-olb-prod
1071
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1460
4CdxKscWxnA.css
static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/ Frame 4C17
25 KB
6 KB
Stylesheet
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/4CdxKscWxnA.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
67700f5490adca14d6d29669cc771f52619f7c2123801d63091b9a361d7839bf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
W7DU2tynDe7RWmz8AkAZVA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
5878
x-fb-rlafr
0
x-fb-debug
6hoHNEYOJK6Bs3R0e2svtdJevyKsNNvZuPR+qr8zoa7M8/XySMpxIyJCTPdisvoVa7IUEtVYS7FX7J8So4T34A==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 17:55:13 GMT
tiLfsG4W1Qy.css
static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/ Frame 4C17
37 KB
7 KB
Stylesheet
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/tiLfsG4W1Qy.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
23f63ed5d5537417eb7f8db8fbd9f9ac0e01142ae8dbbd84f8c8587516ce8e6d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
bgN93RvGqgBwmT1bHuPWcA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
7410
x-fb-rlafr
0
x-fb-debug
3CHoThV2oNqbf3hOLRQbYVJV+4mt6HEDyvOAvrcYR2MOFCGqii/rOiCXPlWMYtI+NpUZmQ8wul85Ww+pvjT/4w==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 18:13:09 GMT
gE_HYjdYxDu.js
static.xx.fbcdn.net/rsrc.php/v3/yu/r/ Frame 4C17
273 KB
73 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/gE_HYjdYxDu.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7237f9cf9ebbb0d3d59948a1f6c9951f89b9e2cca391c1e1ead79579709ce826
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
MQDllNF8b3Jlx5vCXVZnOg==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
74201
x-fb-rlafr
0
x-fb-debug
dfLkotHTvNkL2aAjCMQvDX3+mS1Y0w1veO7adRckcthEFOWZMtRejNADRorOsb6N8FMZN0PmhWM4kzVEEoTN3g==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 18:27:54 GMT
OvefcJZkxS8.js
static.xx.fbcdn.net/rsrc.php/v3/yy/r/ Frame 4C17
63 KB
19 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/OvefcJZkxS8.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ae6b7745daadd0d07cbc29710c708c84f5aa72d207531a965b3d39ddfdcc699e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
YMZHrMHH3vdVA3t9SrNWyw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
19601
x-fb-rlafr
0
x-fb-debug
KII2Wt0egCxO/HXOmmHYW6VSEVd/5y1wPNy5HtaOt+dECBaXo4aG6Q0Jgd4hdaPw5aRFyw0bRNA44jD0xnKAPA==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 17:55:13 GMT
BVLio3plneq.js
static.xx.fbcdn.net/rsrc.php/v3iI4w4/yj/l/ru_RU/ Frame 4C17
129 KB
36 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iI4w4/yj/l/ru_RU/BVLio3plneq.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4be53eb02d94d6c8e44e1c0f764dcbdbf4fe3439f7034300d8139ea1a16e4a20
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
mbezDF7yu/O5QgGxBElh7A==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
36724
x-fb-rlafr
0
x-fb-debug
FMwyeeN1WZifkNEA0hgal1bCGLWjmSQ8oTqPhNMkmt2Gwx/0OCfO521Q5pG2g/6NrRDLv0PJ4u3jcs/OuFVMdg==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 18:22:55 GMT
IEOQM8FL8ot.js
static.xx.fbcdn.net/rsrc.php/v3/yr/r/ Frame 4C17
5 KB
2 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/IEOQM8FL8ot.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
908edfa9f7ec9fd5cb6b2159b5cb305d9c2c88601c8bf00a23bb0e96fcea1e21
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
mrvV7Xg6Liq29ANLrbPdkw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1630
x-fb-rlafr
0
x-fb-debug
o7+v7LbnWHvW9BKrdhQMT5d6WEUj0vkgXLaeZUcXzJsdqQd2d5JS8XzgtZYtD7MrIjEL1GVlwNf3/VJm2aSpnQ==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 14 Apr 2022 11:04:10 GMT
KMa6-js1idc.js
static.xx.fbcdn.net/rsrc.php/v3i_P84/yA/l/ru_RU/ Frame 4C17
33 KB
9 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3i_P84/yA/l/ru_RU/KMa6-js1idc.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
78b400b9fd8dc4e2ddff76be1fd7fbd6da9ea6bbcc2e9f2267fc22484d655cd5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
t5OMG6j6v5FzjLLTlxgLvg==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
9046
x-fb-rlafr
0
x-fb-debug
5A1ShoR8JFiwQTmaKMiO0p8XzS0Ji5FWO3O/SaZeIjeO+xVryFf4oDknV2dgBkA8ihd2DpY+P55ovvK7yU2+mg==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 18:03:32 GMT
vOy4lNsMUbR.js
static.xx.fbcdn.net/rsrc.php/v3/yu/r/ Frame 4C17
159 KB
47 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/vOy4lNsMUbR.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ee8dfb812cc7833bc8b244c704607548b2d8f33eb04eb262836f2071052f67b5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
NENT5AiNx/wWWKfBFmcH3A==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
47588
x-fb-rlafr
0
x-fb-debug
5c2Yg0a5dsumXCDk+o+ho+ikRFPO1o61gNKAQt0F4f/kT0bwHOKGmRmAK8bsZUZLCutPC05CJAhfxppBwn4KTw==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 18:27:29 GMT
GPw5TPcsm13.js
static.xx.fbcdn.net/rsrc.php/v3iEFa4/y3/l/ru_RU/ Frame 4C17
443 KB
103 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iEFa4/y3/l/ru_RU/GPw5TPcsm13.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c493c4b73a02e6f4f9721d2399cb7f7df85388b68df03ca870836008e6cffa6a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
bI4Ca/ObkVoc267Q5xuYdQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
104828
x-fb-rlafr
0
x-fb-debug
iG5W24WE8VkCrlmylFAcyO6irNtXYT/WE+aGNS9EJYyeBub8ZiToQ2LcbXIgb4aPUEMLJckVR3pqV9g4DdKFpA==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 17:55:51 GMT
NAbxrfiREAq.js
static.xx.fbcdn.net/rsrc.php/v3/y7/r/ Frame 4C17
93 KB
26 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/NAbxrfiREAq.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2812c4e6fb5db18c9a70640654c4bdb973427c4df56b96ec78bc1da5c6c443cf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
m97NipW9KPp6AhOWxb7GgQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
26095
x-fb-rlafr
0
x-fb-debug
jd5jhrfvqmFEo8Yc3WremHMHsq1gJHuBBL3fA1YaqquH11vKTRhE8Jj7bXMwe/EtxYL0BK47E/y4HsVPQJOHWw==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 18:08:25 GMT
y6QqQaNeJsz.js
static.xx.fbcdn.net/rsrc.php/v3/yS/r/ Frame 4C17
19 KB
6 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/y6QqQaNeJsz.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
88d32cb380c8accd245e33fae7d1ede15212de9267688c84b0ff7a9c53e956d4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
heMcpMIrHrlHXNQA/HF8qQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
5979
x-fb-rlafr
0
x-fb-debug
ewD1CDC5lSTI7qS+b8wVPYWW1uIdZ1/obIdeOBquu+ooXo+REK2ugOZkvqNlV/QfrzDuiED6DDwaeuOW5lSrlg==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 17:55:13 GMT
1usRqtZVbfO.js
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ Frame 4C17
37 KB
11 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/1usRqtZVbfO.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f5820244a2bb1a21fb966e2a417d1c12f43ad67d33c1275338d1b3d67caad567
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
rBc3q7LW/6BWJorlo9zSzQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
11415
x-fb-rlafr
0
x-fb-debug
ChvRMmvVswvjLPY8jQfyGkAV4z3hvmqv3bS4kfAJx0O9lrru94d12BnoqzgRm5UJZO/dRduOGKMZ8IqIlOiC/A==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 18:03:36 GMT
Fu0NXcrLIlu.js
static.xx.fbcdn.net/rsrc.php/v3/yU/r/ Frame 4C17
348 KB
78 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/Fu0NXcrLIlu.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2a6f8d095690b29656db62c22c4803ea38fd4bdd332eb4984f06c96d42ee6df4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
5KGsqtWvPYD1KPZ8huXVyg==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
79872
x-fb-rlafr
0
x-fb-debug
zZh3Ow4TeHHHDKchGIlZKNn3iqaPF/L8pKJisIK/6MPC2vmB0zL4B0l/fvtKRVYSdW+ICYozWR7mnrLRwK3JRA==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 22 Apr 2022 17:55:13 GMT
mjEb1VUq_qw.js
static.xx.fbcdn.net/rsrc.php/v3/yS/r/ Frame 4C17
269 B
415 B
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/mjEb1VUq_qw.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
01be4a25baf193f4df75e91bc1f2d6352ea7dde1bd265bc7c0c04c0dda636bd8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
x-content-type-options
nosniff
content-md5
ycATGO9m9lP84Wkk22l0XA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
269
x-fb-rlafr
0
x-fb-debug
sFIcmdV43U2HLxiPbatS1f4JCgKsagHpVz7NsCyYNqUh8uRqO5ppNGAou7D9GQMP9/JCMl++wpqRRIf3Ykl+3A==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 15:52:06 GMT
um
u-ams02.e-planning.net/ Frame 6640
Redirect Chain
  • https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Dc73d61587ad18754
  • https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=c73d61587ad18754
42 B
103 B
Image
General
Full URL
https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=c73d61587ad18754
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.249 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
server
openresty
content-type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:32 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=c73d61587ad18754
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
um
sync.e-planning.net/ Frame 6640
Redirect Chain
  • https://sync.1rx.io/usersync2/eplanning
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8052848474
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8052848474
  • https://sync.1rx.io/usersync/tradedesk/36017f08-4a15-4969-8546-5999baa22b22
  • https://sync.targeting.unrulymedia.com/csync/RX-469d53fd-248c-4939-b2c9-a48d22dfef6e-003?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3DRX-469d53fd-248c-4939-b2c9-a48d22dfef6e-003%26dc%3D1079...
  • https://sync.e-planning.net/um?uid=RX-469d53fd-248c-4939-b2c9-a48d22dfef6e-003&dc=1079cc634ca638f8&iss=1
42 B
103 B
Image
General
Full URL
https://sync.e-planning.net/um?uid=RX-469d53fd-248c-4939-b2c9-a48d22dfef6e-003&dc=1079cc634ca638f8&iss=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.249 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:34 GMT
server
openresty
content-type
image/gif

Redirect headers

location
https://sync.e-planning.net/um?uid=RX-469d53fd-248c-4939-b2c9-a48d22dfef6e-003&dc=1079cc634ca638f8&iss=1
date
Fri, 23 Apr 2021 01:01:34 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX469d53fd248c4939b2c9a48d22dfef6e003
content-type
text/html
dataxpand_28122020.js
s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/ Frame 6640
39 KB
14 KB
Script
General
Full URL
https://s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/dataxpand_28122020.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
Software
openresty /
Resource Hash
792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
gzip
last-modified
Mon, 28 Dec 2020 16:45:03 GMT
server
openresty
etag
W/"5fea0b8f-9a72"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Wed, 22 Apr 2026 01:01:32 GMT
tm60118.js
tag.navdmp.com/ Frame 6640
12 KB
4 KB
Script
General
Full URL
https://tag.navdmp.com/tm60118.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:df3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc025890b2544e23fc6ee0df711326e1b4a38b00849b9e5c914ad074902edec5

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
gzip
cf-cache-status
HIT
age
3101
p3p
CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cf-request-id
099dd81ff80000d6f5309ff000000001
last-modified
Wed, 18 Nov 2020 16:32:07 GMT
server
cloudflare
etag
W/"5fb54c87-2ef4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cf-ray
644329465bacd6f5-FRA
expires
Fri, 23 Apr 2021 01:09:51 GMT
retargetly_030920.js
s.e-planning.net/esb/4/1/3fb8/7bb4893a30d21aef/ Frame 6640
2 KB
1 KB
Script
General
Full URL
https://s.e-planning.net/esb/4/1/3fb8/7bb4893a30d21aef/retargetly_030920.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
Software
openresty /
Resource Hash
18cbfcb608af5885f7916274b60578d32006c90e8fce3d98dbcc89a646707608

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
gzip
last-modified
Thu, 03 Sep 2020 18:45:03 GMT
server
openresty
etag
W/"5f5139af-857"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Wed, 22 Apr 2026 01:01:32 GMT
um
u-ams02.e-planning.net/ Frame 6640
Redirect Chain
  • https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3Dc73d61587ad18754%26uid%3D%24%7BUID%7D
  • https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3Dc73d61587ad18754%26uid%3D%24%7BUID%7D&ox_sc=1
  • https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=c73d61587ad18754&uid=652807ed-514b-4e0b-a868-f22e2f46826e
42 B
104 B
Image
General
Full URL
https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=c73d61587ad18754&uid=652807ed-514b-4e0b-a868-f22e2f46826e
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.249 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
server
openresty
content-type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:31 GMT
via
1.1 google
server
Cowboy
access-control-allow-origin
null
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=c73d61587ad18754&uid=652807ed-514b-4e0b-a868-f22e2f46826e
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
0
x-request-id
600j0r7h35g4iies7me5b4i5icj09i3a
ptag
a.audrte.com/ Frame 6640
5 KB
2 KB
Script
General
Full URL
https://a.audrte.com/ptag?p=M1353665098
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.221.146.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-221-146-169.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
ed09b1c7b0be0e0fd168e89cf94ed84d9164046a48c2efcfb73ea8c1c33730f1

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:32 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-transform, public, max-age=3600
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1682
lotame.js
s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/ Frame 6640
266 B
415 B
Script
General
Full URL
https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
Software
openresty /
Resource Hash
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
gzip
last-modified
Thu, 19 Nov 2020 16:18:03 GMT
server
openresty
etag
W/"5fb69abb-10a"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Wed, 22 Apr 2026 01:01:32 GMT
current
prebid-match.dotomi.com/match/bounce/ Frame 6640
0
104 B
Image
General
Full URL
https://prebid-match.dotomi.com/match/bounce/current?networkId=72582&version=1&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dfbb23d0ef33aad5d%26fi%3Dc73d61587ad18754%26uid%3D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1370 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:32 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
/
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/ Frame 6640
Redirect Chain
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3Dc73d61587ad18754
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
95 B
222 B
Image
General
Full URL
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.119.149.178 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.178.149.119.168.clients.your-server.de
Software
nginx/1.10.3 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
server
nginx/1.10.3
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png

Redirect headers

location
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
date
Fri, 23 Apr 2021 01:01:32 GMT
server
nginx/1.10.3
content-type
text/html; charset=UTF-8
um
u-ams02.e-planning.net/ Frame 6640
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Dc73d61587ad18754%26uid%3D%24UID
  • https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=c73d61587ad18754&uid=295627870936991132
42 B
103 B
Image
General
Full URL
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=c73d61587ad18754&uid=295627870936991132
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.249 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:32 GMT
X-Proxy-Origin
37.120.211.132; 37.120.211.132; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.85:80
AN-X-Request-Uuid
42226bf0-04c1-4034-8fc7-89a3e1ade5a8
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=c73d61587ad18754&uid=295627870936991132
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
us
sync.go.sonobi.com/ Frame 6640
0
474 B
Image
General
Full URL
https://sync.go.sonobi.com/us?loc=%0A%0Ahttps%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3De52415579699e09f%26fi%3Dc73d61587ad18754%26uid%3D%5BUID%5D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:32 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
um
sync.e-planning.net/ Frame 6640
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58414/occ
  • https://ups.analytics.yahoo.com/ups/58414/occ?verify=true
  • https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-2t_tPw1E2uEEPaadjj_RZ.OWbSBIpuSF3hgHAmQ-~A
42 B
103 B
Image
General
Full URL
https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-2t_tPw1E2uEEPaadjj_RZ.OWbSBIpuSF3hgHAmQ-~A
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.249 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
server
openresty
content-type
image/gif

Redirect headers

Date
Fri, 23 Apr 2021 01:01:32 GMT
Server
ATS/7.1.2.128
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-2t_tPw1E2uEEPaadjj_RZ.OWbSBIpuSF3hgHAmQ-~A
Connection
keep-alive
Content-Length
0
um
u-ams02.e-planning.net/ Frame 6640
Redirect Chain
  • https://cs.admanmedia.com/sync/eplanning?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D227acb3d18564968%26fi%3Dc73d61587ad18754%26uid%3D%7B%24UID%7D
  • https://u-ams02.e-planning.net/um?dc=227acb3d18564968&fi=c73d61587ad18754&uid=5651f3b5ad495670b9e8afea73c65f3ac93e884f
42 B
103 B
Image
General
Full URL
https://u-ams02.e-planning.net/um?dc=227acb3d18564968&fi=c73d61587ad18754&uid=5651f3b5ad495670b9e8afea73c65f3ac93e884f
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.249 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:34 GMT
server
openresty
content-type
image/gif

Redirect headers

Location
https://u-ams02.e-planning.net/um?dc=227acb3d18564968&fi=c73d61587ad18754&uid=5651f3b5ad495670b9e8afea73c65f3ac93e884f
Date
Fri, 23 Apr 2021 01:01:34 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
test_dmp.html
s.e-planning.net/esb/4/0/1992d/29c512b3a85254c8/ Frame 6640
0
0
Script
General
Full URL
https://s.e-planning.net/esb/4/0/1992d/29c512b3a85254c8/test_dmp.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
usync.html
eus.rubiconproject.com/ Frame ECC4
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu
  • https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-230-142.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://ads.us.e-planning.net/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.us.e-planning.net/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 23 Feb 2021 20:47:52 GMT
ETag
"402b0-119-5bc0708346e00"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 23 Apr 2021 01:01:35 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Date
Fri, 23 Apr 2021 01:01:32 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame F4E5
8 KB
3 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc73d61587ad18754%26uid%3D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://ads.us.e-planning.net/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.us.e-planning.net/

Response headers

Last-Modified
Wed, 21 Oct 2020 18:57:29 GMT
ETag
"1300708-1f78-5b232eb4914bb"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
2654
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=145402
Expires
Sat, 24 Apr 2021 17:24:54 GMT
Date
Fri, 23 Apr 2021 01:01:32 GMT
Connection
keep-alive
Vary
Accept-Encoding
166857331_300389931449065_4450759617510783268_n.jpg
scontent-frt3-1.xx.fbcdn.net/v/t1.6435-0/s320x320/ Frame 4C17
8 KB
8 KB
Image
General
Full URL
https://scontent-frt3-1.xx.fbcdn.net/v/t1.6435-0/s320x320/166857331_300389931449065_4450759617510783268_n.jpg?_nc_cat=104&ccb=1-3&_nc_sid=dd9801&_nc_ohc=fsPtciUdYs4AX_J1rC8&_nc_ht=scontent-frt3-1.xx&tp=7&oh=09895f2382529c03391f3415ba8f7b31&oe=60A9110A
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8076f0faa827ee270d0726eb09ac6cb73e41661e76684f801b3e3e8079b9da86

Request headers

Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haystack-needlechecksum
1288810903
date
Fri, 23 Apr 2021 01:01:32 GMT
last-modified
Tue, 30 Mar 2021 16:46:07 GMT
content-length
8639
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-FB-CEC-Video-Limit
cache-control
max-age=1209600, no-transform
cross-origin-resource-policy
cross-origin
x-needle-checksum
1895015908
x-fb-config-version-olb-prod
1071
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
166749697_300389924782399_7961507951142044876_n.jpg
scontent-frx5-1.xx.fbcdn.net/v/t1.6435-1/cp0/p50x50/ Frame 4C17
1 KB
2 KB
Image
General
Full URL
https://scontent-frx5-1.xx.fbcdn.net/v/t1.6435-1/cp0/p50x50/166749697_300389924782399_7961507951142044876_n.jpg?_nc_cat=1&ccb=1-3&_nc_sid=dbb9e7&_nc_ohc=Uz-1eKeu0i8AX8BpuXv&_nc_ht=scontent-frx5-1.xx&tp=27&oh=847a2b23f6a0deb00356bb4ea5782f56&oe=60A92815
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a3228982ae921382943773ba11d5a0b0ad662a85f032a0513a54cd92dd461104

Request headers

Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haystack-needlechecksum
298678405
date
Fri, 23 Apr 2021 01:01:32 GMT
x-fb-trip-id
917726464
last-modified
Tue, 30 Mar 2021 16:46:07 GMT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-FB-CEC-Video-Limit
cache-control
max-age=1209600, no-transform
cross-origin-resource-policy
cross-origin
x-needle-checksum
3901595536
x-fb-config-version-olb-prod
1071
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1429
/
www.facebook.com/tr/
0
15 B
Ping
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f113:81:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryVe8RNwhuo0xrrCJj

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Fri, 23 Apr 2021 01:01:32 GMT
content-type
text/plain
access-control-allow-origin
https://gordonua.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-length
0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
zSKZHMh8mXU.png
static.xx.fbcdn.net/rsrc.php/v3/yr/r/ Frame B3D1
388 B
636 B
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/zSKZHMh8mXU.png
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/share_button.php?app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5b7a92dacf1%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&layout=button_count&locale=ru_RU&sdk=joey&size=small&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f9a1a0ac26eaf5b7f6cc7223b5dd4b5f545b5a48fb598c7442e5f76384f1be8c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
x-content-type-options
nosniff
content-md5
mLIKfuTnwd0c8uA9BXg4cQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
388
x-fb-rlafr
0
x-fb-debug
DRX8jk9NZbv0sJ578biY3lHk+so++vdY3kQO3YpJB6X4YwP/Sls8aL7wXNkf3CTF0YxSkY+z30Pbc/7uSREcQw==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 20 Apr 2022 19:37:42 GMT
3OvS0c2R132.js
static.xx.fbcdn.net/rsrc.php/v3iI4w4/yG/l/ru_RU/ Frame B3D1
486 KB
125 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iI4w4/yG/l/ru_RU/3OvS0c2R132.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v5.0/plugins/share_button.php?app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5b7a92dacf1%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&layout=button_count&locale=ru_RU&sdk=joey&size=small&_rdc=1&_rdr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
748ba60b997ec42f4c0953d5cef783634b820581d717790e4e8f445ecbef95fc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
m48C3px1CdaNlSatDDx89A==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
128239
x-fb-rlafr
0
x-fb-debug
bpXEgmIMQoXgHYjG/tLHU3A2lUReE07EWoYY8O4PDqFjhmMmOMiHLOIpOcxhGqsS0fZOLfj/pNlfQMKCzZYXeg==
x-fb-trip-id
1679558926
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 16:17:55 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 9396
0
75 B
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=10316550&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:32 GMT
Content-Length
0
showad.js
ads.pubmatic.com/AdServer/js/ Frame F3B4
38 KB
14 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc73d61587ad18754%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc73d61587ad18754%26uid%3D
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
KCCH=YES
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc73d61587ad18754%26uid%3D

Response headers

Last-Modified
Wed, 14 Apr 2021 09:18:30 GMT
ETag
"13006b6-98c2-5bfeb3aef82b4"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
14060
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=29158
Expires
Fri, 23 Apr 2021 09:07:30 GMT
Date
Fri, 23 Apr 2021 01:01:32 GMT
Connection
keep-alive
Vary
Accept-Encoding
cavalry_endpoint.php
www.facebook.com/common/ Frame B3D1
67 B
97 B
Image
General
Full URL
https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1619139692540&t_start=1619139692540&t_domcontent=1619139692575&t_layout=1619139692644&t_onload=1619139692644&t_paint=1619139692644&t_creport=1619139692644&t_tti=1619139692575&lid=6954152026528099217-0
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f113:81:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v5.0/plugins/share_button.php?app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5b7a92dacf1%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&layout=button_count&locale=ru_RU&sdk=joey&size=small&_rdc=1&_rdr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
br
x-content-type-options
nosniff
x-xss-protection
0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
LL9rxGiG5Ow8R9a1AtvUQBWtxfHIeOv07J8pR7bhvcTKxbo9t2zj+/HkbCfgZneS6XJphhZ+kPZ9esLjp9g/2w==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 23 Apr 2021 01:01:32 GMT
strict-transport-security
max-age=15552000; preload
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
image/png
vary
Accept-Encoding
cache-control
private, no-store, no-cache, must-revalidate
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
userconnect.js
js.adscale.de/ Frame B957
14 KB
5 KB
Script
General
Full URL
https://js.adscale.de/userconnect.js
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.237.88 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-237-88.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
58ed344732766704ee535508e3dcd8d4a8ec0c9c79d16adf02293adde110926c

Request headers

Referer
https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
Vg_Jp.ZJ2u3YbQXNKkA7T4fbgrmEYgFi
Content-Encoding
gzip
Last-Modified
Wed, 03 Mar 2021 00:56:54 GMT
Server
AmazonS3
x-amz-request-id
FSVMN4NAT29K7A67
ETag
"98f37b242862929d9aef4bde91abc8ad"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=300
Date
Fri, 23 Apr 2021 01:01:32 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4485
x-amz-id-2
6QUOYCNbvtUL3ZhmW7J9md43BdYE0qwmy68DuImMhfbKvjQThSpN/VcdIjXp9gsf6kQf986OZ48=
csync
sync.console.adtarget.com.tr/ Frame B957
86 B
559 B
Image
General
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=307565&extuid=10083598ef6b4e469e299562f7eb7630
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Referer
https://js.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:32 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
VertaMedia 1.0
Content-Length
86
Content-Type
image/gif
Cookie set usermatch
ssum.casalemedia.com/ Frame 54C2
Redirect Chain
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
2 KB
3 KB
Document
General
Full URL
https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8b38a885932039a3a0c45142b0755bf590fc7785a5cc5fa52fd1f2e62d4b1e8b

Request headers

Host
ssum.casalemedia.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://ads.us.e-planning.net/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
CMPS=1178; CMPRO=1133; CMST=YIIcbWCCHG4A; CMRUM3=5860821c6e2760YIIcbgAAZUthDwBg&2d60821c6d2760CAESEDlxQPk0gpLHVsamSPScYFg&e660821c6d27600&f160821c6d05a0&6f60821c6d05a0&dd60821c6d27600&2760821c6d0b40&2960821c6d05a00; CMID=YIIccFV1RBxsx5vIoo49GwAA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.us.e-planning.net/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
73|46|3|206|176|152|39|190
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1618
Expires
Fri, 23 Apr 2021 01:01:36 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:36 GMT
Connection
keep-alive
Set-Cookie
CMID=YIIccFV1RBxsx5vIoo49GwAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 23 Apr 2022 01:01:36 GMT CMPS=1178;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 22 Jul 2021 01:01:36 GMT CMPRO=1133;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 22 Jul 2021 01:01:36 GMT CMRUM3=dd60821c6d27600&2760821c700b40&b060821c7005a00&4960821c7005a00&2960821c6d05a00&ce60821c7005a00&2e60821c7005a0&9860821c7005a00&f160821c6d05a0&2d60821c6d2760CAESEDlxQPk0gpLHVsamSPScYFg&e660821c6d27600&5860821c6e2760YIIcbgAAZUthDwBg&be60821c7005a0&0360821c7005a0&6f60821c6d05a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 23 Apr 2022 01:01:36 GMT CMST=YIIcbWCCHHAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 24 Apr 2021 01:01:36 GMT

Redirect headers

Server
Apache
Content-Length
345
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Fri, 23 Apr 2021 01:01:36 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:36 GMT
Connection
keep-alive
Set-Cookie
CMID=YIIccFV1RBxsx5vIoo49GwAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 23 Apr 2022 01:01:36 GMT CMPS=1178;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 22 Jul 2021 01:01:36 GMT
/
spl.zeotap.com/ Frame 97A8
8 KB
2 KB
Document
General
Full URL
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
abdc135c8cbe3a9f9befb0a4fb49edbd757c734f8b0824bc1024c76a3b6bd2a6

Request headers

:method
GET
:authority
spl.zeotap.com
:scheme
https
:path
/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.us.e-planning.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.us.e-planning.net/

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-type
text/html
set-cookie
__cfduid=d7dfe020c073df5c2fec7ed4f66e178d61619139692; expires=Sun, 23-May-21 01:01:32 GMT; path=/; domain=.zeotap.com; HttpOnly; SameSite=Lax zc=da4e1ab7-39d4-480a-766e-8fdf96bd7262; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure zsc=%CD%8B%C2G%C4%C0%CD%0C%E5j1b%C6%E97D%A2%A6%13%84%F7%A7O%02%02k%26%A57%A0I%A2%8A%84%90ng%94%DEH%E3%FBd%91h9%3C%3F%24M%DD6%A2%92K%B8dH%E0%81%88%81%8EyC%F7s%97%F6%AFh%D5%11T%FC%DDN%A1%18%F9%17%94M%3F%81%10%40%92w%B8%DF%2C%15d%0BG%85%A6%C9%1D%B6%B4%FEF%C9%A0%25%2A%7B%ED%7F%B77%12%978_hS%92w%8F%E0%9Epc%245%13b_%E7XY%121%86%CF%7C%D8%2Bw1%3CY%3C%CB%CB%891%D7%25%F7%9Fw%0FJ%24w%AD%7FU%B6%C5%BB%808%D9; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://ads.us.e-planning.net
vary
Origin
via
1.1 google
cf-cache-status
DYNAMIC
cf-request-id
099dd820b900004e2c700c2000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
644329478e374e2c-FRA
content-encoding
br
userconnect
ih.adscale.de/ Frame B957
149 B
224 B
Script
General
Full URL
https://ih.adscale.de/userconnect?ssl=1&sid=0&cbfn=stroeerCoreConnect&ts=1619139692707&umd=false&gdpr=0&gdpr_version=2&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-173-146.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8

Request headers

Referer
https://js.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-length
149
content-type
application/javascript
3gKIw20zpPx.js
static.xx.fbcdn.net/rsrc.php/v3/yc/r/ Frame 7E0D
18 KB
6 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/3gKIw20zpPx.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/gE_HYjdYxDu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
732f2d6e7767e7978cf70554aec8f7b40d5d6da4b601e528f136473c1b965c93
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
+WweuYtea66RPAEX0Vl2fg==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
5954
x-fb-rlafr
0
x-fb-debug
GJSH1UwobsQ0zAWVG2iMNcI/LtftADULyUq8WAayCGK9RbFBfe69fGCGf+u6TNSZGa1Rs8xP6YTTTC/cItJQEA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Tue, 19 Apr 2022 18:50:38 GMT
JopZtdti8dq.js
static.xx.fbcdn.net/rsrc.php/v3/y_/r/ Frame 7E0D
7 KB
2 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/JopZtdti8dq.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/gE_HYjdYxDu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
95d95840165ea5fc374a27f1cffe88a1b3d033562916ef1071393c9c8adbfe86
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
mTMNw9OoY8KLmzHcqJmeVA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
2270
x-fb-rlafr
0
x-fb-debug
N6uRXzDa+1ShUU4vpwdeaAMdlwDSGksRhNcCqESQbdCAyZb/Plfm7pgf/HT9a53aDMQ3Z8Jav7SBIyV/hqw87Q==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 07:18:48 GMT
map
ih.adscale.de/ Frame 18A3
3 KB
3 KB
Document
General
Full URL
https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-173-146.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
b59f41ab36784ecf6f5974b18b3f2bf359344c3cc7622563d2a6b35a98ce80b9

Request headers

:method
GET
:authority
ih.adscale.de
:scheme
https
:path
/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://js.adscale.de/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
uu=10083598ef6b4e469e299562f7eb7630; cct=1619139692579
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://js.adscale.de/

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-type
text/html;charset=ISO-8859-1
content-length
2702
set-cookie
tu=4#1204852843#48~~449761~449761~1#101~~449761~449761~1#39~~449761~449761~1#40~~449761~449761~1#42~~449761~449761~1#75~~449761~449761~1#108~~449761~449761~1#63~~449761~449761~1; Max-Age=31336000; Domain=ih.adscale.de; Path=/; Secure; SameSite=None cct=1619139692945; Max-Age=31336000; Domain=.adscale.de; Path=/; Secure; SameSite=None
qGoWo6gBwwP.png
static.xx.fbcdn.net/rsrc.php/v3/yy/r/ Frame 4C17
3 KB
3 KB
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/qGoWo6gBwwP.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/4CdxKscWxnA.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
66efeaacbd90eba053bda6c0f17599873a6d2023a9408bd9ad2d414cf9813444
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/4CdxKscWxnA.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug
lxDjZckJKTZadoBklGsXPgK28X2ESOkl3GWJzbxEtHrYD4UY07WBlb2Vs6ruKRiVhjCPy106G6XizJ2bhuDaDg==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
iN31dShDArRt9ZikrDb13w==
date
Fri, 23 Apr 2021 01:01:32 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
content-length
2616
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
x-fb-rlafr
0
expires
Thu, 21 Apr 2022 18:31:23 GMT
ApcBOUT5FoS.png
static.xx.fbcdn.net/rsrc.php/v3/y_/r/ Frame 4C17
573 B
624 B
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/ApcBOUT5FoS.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/4CdxKscWxnA.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
641e03dfeee60c05e0794bace5fc58d2fba409fee529a114459e44cee0d9d069
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/4CdxKscWxnA.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug
WOeWPhaowkIug+/7srSZWfRaoMSSovEpQwZ/Sn6LS0jluFDk2Bn5eV19NvrA814t9PO53hRjwHiu3h7uDpToJA==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
Y/eW3MWFNJnkcpEqoXzG3Q==
date
Fri, 23 Apr 2021 01:01:32 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
priority
u=3,i
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
573
x-fb-rlafr
0
expires
Tue, 19 Apr 2022 21:34:40 GMT
ApcBOUT5FoS.png
static.xx.fbcdn.net/rsrc.php/v3/y_/r/ Frame FF21
573 B
624 B
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/ApcBOUT5FoS.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/4CdxKscWxnA.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
641e03dfeee60c05e0794bace5fc58d2fba409fee529a114459e44cee0d9d069
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/4CdxKscWxnA.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug
WOeWPhaowkIug+/7srSZWfRaoMSSovEpQwZ/Sn6LS0jluFDk2Bn5eV19NvrA814t9PO53hRjwHiu3h7uDpToJA==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
Y/eW3MWFNJnkcpEqoXzG3Q==
date
Fri, 23 Apr 2021 01:01:32 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
priority
u=3,i
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
573
x-fb-rlafr
0
expires
Tue, 19 Apr 2022 21:34:40 GMT
/
www.facebook.com/pages/call_to_action/fetch_dialog_data/ Frame FF21
1 KB
775 B
XHR
General
Full URL
https://www.facebook.com/pages/call_to_action/fetch_dialog_data/?id=2910939712474480&surface=pagePlugin&unit_type=VIEWER
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3iI4w4/yj/l/ru_RU/BVLio3plneq.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f113:81:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2c3b262013c9cdc7c7dde3a352334d6ff1061a84990fbad0085c638d64b5a491
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c1fc83ea72e6%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordonuacom&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
x-content-type-options
nosniff
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
2JRWmfkJ+OZF2SkbrZXbLcHUJchRECNwm3StBeAK2P1l3sDZxyOu1DrOiI0nQOVcrXA086IX1SgAJgqNY9OabQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 23 Apr 2021 01:01:33 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
vary
Origin, Accept-Encoding
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
3gKIw20zpPx.js
static.xx.fbcdn.net/rsrc.php/v3/yc/r/ Frame FF21
18 KB
6 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/3gKIw20zpPx.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/gE_HYjdYxDu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
732f2d6e7767e7978cf70554aec8f7b40d5d6da4b601e528f136473c1b965c93
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
+WweuYtea66RPAEX0Vl2fg==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
5954
x-fb-rlafr
0
x-fb-debug
GJSH1UwobsQ0zAWVG2iMNcI/LtftADULyUq8WAayCGK9RbFBfe69fGCGf+u6TNSZGa1Rs8xP6YTTTC/cItJQEA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Tue, 19 Apr 2022 18:50:38 GMT
JopZtdti8dq.js
static.xx.fbcdn.net/rsrc.php/v3/y_/r/ Frame FF21
7 KB
2 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/JopZtdti8dq.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/gE_HYjdYxDu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
95d95840165ea5fc374a27f1cffe88a1b3d033562916ef1071393c9c8adbfe86
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
mTMNw9OoY8KLmzHcqJmeVA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
2270
x-fb-rlafr
0
x-fb-debug
N6uRXzDa+1ShUU4vpwdeaAMdlwDSGksRhNcCqESQbdCAyZb/Plfm7pgf/HT9a53aDMQ3Z8Jav7SBIyV/hqw87Q==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 07:18:48 GMT
2kxuOhboiVu.js
static.xx.fbcdn.net/rsrc.php/v3/yC/r/ Frame FF21
273 KB
57 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yC/r/2kxuOhboiVu.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/gE_HYjdYxDu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2af5bfcede521a97bd3de87ff10bbe38742c2f06ac2cde01ca27ce1e84d8b8ea
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
iEvqbQudLamyDQr7gJMA8g==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
58338
x-fb-rlafr
0
x-fb-debug
tiQ7MrQ6yJWqy7BXOHN3rRk1c7MfHOI4aVbILitexvOy08PyKjzZslJhBvAa6Iff0u4E9kO91AsE+u5AIN2pyQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 19:48:04 GMT
cAEvN19HjM2.js
static.xx.fbcdn.net/rsrc.php/v3/yB/r/ Frame FF21
885 B
431 B
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/cAEvN19HjM2.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/gE_HYjdYxDu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e913d0c8195023fea768aa63161cfe870b077cd360806e3905002e74acc7423e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:32 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
lRXvpxxdUT7QUnYyGQ+l6g==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
378
x-fb-rlafr
0
x-fb-debug
dZB+lE+E09X45vhdXsXy6GkbjDkxmm71qjwPTOu1aTf7imPPC1O8aKLM5ihDtk9pU4UQuglxBzWAH3JQ/RrwWg==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 16:40:51 GMT
nuSZvOPs-lg.png
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame FF21
12 KB
12 KB
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/nuSZvOPs-lg.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/tiLfsG4W1Qy.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9e51e7c1f2f3bd86cc3e9dcd1ad5403db927f32533f0a8b29bc15f11b40c6376
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/tiLfsG4W1Qy.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug
1lk3kmEX49k/Y3zpVvkkQO8cPHsCrJ8dFrJTf3THtdiNxkFElcMCMLBrhYJJPv8uEWtIfNz+INNOoJQudpSiJw==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
+tH9SoPO1ugg3HR9LK4liQ==
date
Fri, 23 Apr 2021 01:01:32 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
content-length
11870
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
x-fb-rlafr
0
expires
Fri, 15 Apr 2022 10:32:15 GMT
/
www.facebook.com/pages/call_to_action/fetch_dialog_data/ Frame 4C17
1 KB
830 B
XHR
General
Full URL
https://www.facebook.com/pages/call_to_action/fetch_dialog_data/?id=933708733339829&surface=pagePlugin&unit_type=VIEWER
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3iI4w4/yj/l/ru_RU/BVLio3plneq.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f113:81:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9f22171d9f7bd894b73fbeaca1d64b9294c98a0ce42ea049cc030030dd141635
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=442769489419723&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ca672019ca35%26domain%3Dgordonua.com%26origin%3Dhttps%253A%252F%252Fgordonua.com%252Ff2f44f011e50d7c%26relation%3Dparent.parent&container_width=323&height=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fgordondmitry&locale=ru_RU&sdk=joey&show_facepile=true&small_header=false&width=300&_rdc=1&_rdr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
x-content-type-options
nosniff
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
SA6rmiIISlnPP3PcyLwVvzUJlXa+VG5FfGrqFBGf3gsdGVMQgH0DgeWvJsN9v39aPhP4EXWGAjY/byX/EYLKYQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 23 Apr 2021 01:01:33 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
vary
Origin, Accept-Encoding
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
3gKIw20zpPx.js
static.xx.fbcdn.net/rsrc.php/v3/yc/r/ Frame 4C17
18 KB
6 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/3gKIw20zpPx.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/gE_HYjdYxDu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
732f2d6e7767e7978cf70554aec8f7b40d5d6da4b601e528f136473c1b965c93
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
+WweuYtea66RPAEX0Vl2fg==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
5954
x-fb-rlafr
0
x-fb-debug
GJSH1UwobsQ0zAWVG2iMNcI/LtftADULyUq8WAayCGK9RbFBfe69fGCGf+u6TNSZGa1Rs8xP6YTTTC/cItJQEA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Tue, 19 Apr 2022 18:50:38 GMT
JopZtdti8dq.js
static.xx.fbcdn.net/rsrc.php/v3/y_/r/ Frame 4C17
7 KB
2 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/JopZtdti8dq.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/gE_HYjdYxDu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
95d95840165ea5fc374a27f1cffe88a1b3d033562916ef1071393c9c8adbfe86
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
mTMNw9OoY8KLmzHcqJmeVA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
2270
x-fb-rlafr
0
x-fb-debug
N6uRXzDa+1ShUU4vpwdeaAMdlwDSGksRhNcCqESQbdCAyZb/Plfm7pgf/HT9a53aDMQ3Z8Jav7SBIyV/hqw87Q==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 07:18:48 GMT
2kxuOhboiVu.js
static.xx.fbcdn.net/rsrc.php/v3/yC/r/ Frame 4C17
273 KB
57 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yC/r/2kxuOhboiVu.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/gE_HYjdYxDu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2af5bfcede521a97bd3de87ff10bbe38742c2f06ac2cde01ca27ce1e84d8b8ea
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
iEvqbQudLamyDQr7gJMA8g==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
58338
x-fb-rlafr
0
x-fb-debug
tiQ7MrQ6yJWqy7BXOHN3rRk1c7MfHOI4aVbILitexvOy08PyKjzZslJhBvAa6Iff0u4E9kO91AsE+u5AIN2pyQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 19:48:04 GMT
cAEvN19HjM2.js
static.xx.fbcdn.net/rsrc.php/v3/yB/r/ Frame 4C17
885 B
431 B
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/cAEvN19HjM2.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/gE_HYjdYxDu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e913d0c8195023fea768aa63161cfe870b077cd360806e3905002e74acc7423e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
lRXvpxxdUT7QUnYyGQ+l6g==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
378
x-fb-rlafr
0
x-fb-debug
dZB+lE+E09X45vhdXsXy6GkbjDkxmm71qjwPTOu1aTf7imPPC1O8aKLM5ihDtk9pU4UQuglxBzWAH3JQ/RrwWg==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 22 Apr 2022 16:40:51 GMT
nuSZvOPs-lg.png
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame 4C17
12 KB
12 KB
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/nuSZvOPs-lg.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/tiLfsG4W1Qy.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f013:d:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9e51e7c1f2f3bd86cc3e9dcd1ad5403db927f32533f0a8b29bc15f11b40c6376
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/tiLfsG4W1Qy.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug
1lk3kmEX49k/Y3zpVvkkQO8cPHsCrJ8dFrJTf3THtdiNxkFElcMCMLBrhYJJPv8uEWtIfNz+INNOoJQudpSiJw==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
+tH9SoPO1ugg3HR9LK4liQ==
date
Fri, 23 Apr 2021 01:01:33 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
content-length
11870
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
x-fb-rlafr
0
expires
Fri, 15 Apr 2022 10:32:15 GMT
getuid
ib.adnxs.com/ Frame 97A8
0
0
Image
General
Full URL
https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40...
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-4...
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEKtQyG4AOjwWstpP9Rf8Bc8&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c...
95 B
179 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?google_gid=CAESEKtQyG4AOjwWstpP9Rf8Bc8&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6443294afa324e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd822df00004e2c81b04000000001

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:33 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://mwzeom.zeotap.com/mw?google_gid=CAESEKtQyG4AOjwWstpP9Rf8Bc8&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
470
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
  • https://mwzeom.zeotap.com/mw?cid=76436c61-a3cf-11eb-a57c-ee4330ad0bed&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95...
95 B
404 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=76436c61-a3cf-11eb-a57c-ee4330ad0bed&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
644329772ce54e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd83e7700004e2ca33d7000000001

Redirect headers

date
Fri, 23 Apr 2021 01:01:40 GMT
via
1.1 google
server
Jetty(9.4.28.v20200408)
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://mwzeom.zeotap.com/mw?cid=76436c61-a3cf-11eb-a57c-ee4330ad0bed&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
alt-svc
clear
content-length
0
/
dmp.adform.net/serving/cookie/match/ Frame 97A8
0
330 B
Image
General
Full URL
https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.241 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:33 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc...
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc...
  • https://mwzeom.zeotap.com/mw?cid=36017f08-4a15-4969-8546-5999baa22b22&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95...
95 B
284 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=36017f08-4a15-4969-8546-5999baa22b22&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:34 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6443295098c04e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd8266200004e2ca430f000000001

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:34 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://mwzeom.zeotap.com/mw?cid=36017f08-4a15-4969-8546-5999baa22b22&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
481
cm
trc.taboola.com/sg/zeotap/1/ Frame 97A8
0
163 B
Image
General
Full URL
https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms
57
date
Fri, 23 Apr 2021 01:01:40 GMT
via
1.1 varnish
server
nginx
x-timer
S1619139700.261666,VS0,VE57
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-fra19175-FRA
u
dmp.v.fwmrm.net/ad/ Frame 97A8
0
361 B
Image
General
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
154.57.158.51 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:40 GMT
Cache-Control
no-store
Expires
0
Content-Type
text/html
Content-Length
0
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 97A8
0
240 B
Image
General
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:32 GMT
P3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
0
Content-Type
text/html; charset=UTF-8
mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=136...
  • https://mwzeom.zeotap.com/mw?cid=d720e301-3c69-4d9f-9f2d-479347e95214&zpartnerid=317&gdpr=1&gdpr_consent=
95 B
295 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=d720e301-3c69-4d9f-9f2d-479347e95214&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6443294ac9fc4e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd822bf00004e2cbe988000000001

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:33 GMT
server
Apache-Coyote/1.1
location
https://mwzeom.zeotap.com/mw?cid=d720e301-3c69-4d9f-9f2d-479347e95214&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
x-xss-protection
1; mode=block
expires
0
mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=da4e1ab7-39d4-480a-766e-8fdf96bd7262&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=da4e1ab7-39d4-480a-766e-8fdf96bd7262&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
  • https://mwzeom.zeotap.com/mw?cid=81026365817338775154535014202940888986&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-...
95 B
179 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=81026365817338775154535014202940888986&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:34 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
644329534bad4e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd8281000004e2c78b09000000001

Redirect headers

DCS
dcs-prod-irl1-1-v005-07cd7aa19.edge-irl1.demdex.com 6.2.1.20210422111706-PR_1432-SNAPSHOT
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
2ZiCDCEhTPM=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://mwzeom.zeotap.com/mw?cid=81026365817338775154535014202940888986&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
/
loadeu.exelator.com/load/ Frame 97A8
0
324 B
Image
General
Full URL
https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.78.254.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://bn01.er.bemail.it/zeotap.php?_bid=da4e1ab7-39d4-480a-766e-8fdf96bd7262&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-...
  • https://mwzeom.zeotap.com/mw?cid=BE1-2021042303-26730-0.155553001619139693-cfd73a5bd8a3914481b068c580566408&zdid=533&env=mWeb
95 B
179 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=BE1-2021042303-26730-0.155553001619139693-cfd73a5bd8a3914481b068c580566408&zdid=533&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6443294b4a884e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd8230e00004e2c5226a000000001

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=BE1-2021042303-26730-0.155553001619139693-cfd73a5bd8a3914481b068c580566408&zdid=533&env=mWeb
Date
Fri, 23 Apr 2021 01:01:33 GMT
Server
nginx/1.10.2
Connection
keep-alive
X-Powered-By
PHP/5.4.16
Transfer-Encoding
chunked
Content-Type
text/html
mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
  • https://mwzeom.zeotap.com/mw?cid=6954152033387214993&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-...
95 B
179 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=6954152033387214993&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:34 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
64432951194e4e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd826af00004e2cc33e8000000001

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=6954152033387214993&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Date
Fri, 23 Apr 2021 01:01:34 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
check
pixel.tapad.com/idsync/ex/receive/ Frame 97A8
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=da4e1ab7-39d4-480a-766e-8fdf96bd7262
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=da4e1ab7-39d4-480a-766e-8fdf96bd7262
95 B
424 B
Image
General
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=da4e1ab7-39d4-480a-766e-8fdf96bd7262
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Jetty(9.4.28.v20200408) /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
via
1.1 google
server
Jetty(9.4.28.v20200408)
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/png
alt-svc
clear
content-length
95

Redirect headers

date
Fri, 23 Apr 2021 01:01:40 GMT
via
1.1 google
server
Jetty(9.4.28.v20200408)
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=da4e1ab7-39d4-480a-766e-8fdf96bd7262
alt-svc
clear
content-length
0
mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=da4e1ab7-39d4-480a-766e-8fdf96bd7262&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=da4e1ab7-39d4-480a-766e-8fdf96bd7262&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://mwzeom.zeotap.com/mw?webouuid=91dcj2pzPQ/MsVvKquDVpe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c...
95 B
179 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?webouuid=91dcj2pzPQ/MsVvKquDVpe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6443294c6bc64e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd823bd00004e2c6337a000000001

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:33 GMT
via
1.1 google
last-modified
Fri, 23 Apr 2021 01:01:33 GMT
server
nginx/1.12.0
location
https://mwzeom.zeotap.com/mw?webouuid=91dcj2pzPQ/MsVvKquDVpe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
2.gif
dmp.theadex.com/d/949/i/ Frame 97A8
36 B
378 B
Image
General
Full URL
https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=da4e1ab7-39d4-480a-766e-8fdf96bd7262&axd_pid=175
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.163.159.103 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
nginx /
Resource Hash
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:33 GMT
server
nginx
p3p
CP="CAO PSAa PSDa IVAa IVDa OUR UNI COM NAV"
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
content-length
36
expires
0
mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=da4e1ab7-39d4-480a-766e-8fdf96bd7262?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=da4e1ab7-39d4-480a-766e-8fdf96bd7262?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdp...
  • https://mwzeom.zeotap.com/mw?pid=bf2c753c8356f3e112ee26c6a9a2ac4&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-212...
95 B
179 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?pid=bf2c753c8356f3e112ee26c6a9a2ac4&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6443294e3ddf4e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd824de00004e2c96893000000001

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:33 GMT
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://mwzeom.zeotap.com/mw?pid=bf2c753c8356f3e112ee26c6a9a2ac4&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
cache-control
no-cache
x-server
10.45.21.3
content-length
0
expires
0
mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
  • https://mwzeom.zeotap.com/mw?cid=y-Di.P6JRE2op8Myv1vvDlEZWHiaa.Iwmo6w--~A&zpartnerid=570&env=mWeb
95 B
179 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=y-Di.P6JRE2op8Myv1vvDlEZWHiaa.Iwmo6w--~A&zpartnerid=570&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:34 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6443294f7f824e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd825ac00004e2ca6b0e000000001

Redirect headers

date
Fri, 23 Apr 2021 01:01:33 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
text/html;charset=utf-8
location
https://mwzeom.zeotap.com/mw?cid=y-Di.P6JRE2op8Myv1vvDlEZWHiaa.Iwmo6w--~A&zpartnerid=570&env=mWeb
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000
content-length
0
x-content-type-options
nosniff
mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zd...
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=GKVmlgiyGdgs5apM0xfpNd69lryWrOUT%2BS41iYitP1U%3D
95 B
202 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=GKVmlgiyGdgs5apM0xfpNd69lryWrOUT%2BS41iYitP1U%3D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:34 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6443294f7f7b4e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd825a800004e2c57be1000000001

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:33 GMT
server
AAWebServer
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=GKVmlgiyGdgs5apM0xfpNd69lryWrOUT%2BS41iYitP1U%3D
cache-control
no-cache, no-store, must-revalidate
content-length
0
expires
0
v2
odr.mookie1.com/t/ Frame 97A8
43 B
324 B
Image
General
Full URL
https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=da4e1ab7-39d4-480a-766e-8fdf96bd7262&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:35 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
clear
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT
usermatch.gif
beacon.krxd.net/ Frame 97A8
0
337 B
Image
General
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.170.10.95 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:34 GMT
cache-control
private, no-cache, no-store
x-request-time
D=45 t=1619139694
x-served-by
beacon-n012-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame 97A8
95 B
360 B
Image
General
Full URL
https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=da4e1ab7-39d4-480a-766e-8fdf96bd7262&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.119.149.178 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.178.149.119.168.clients.your-server.de
Software
nginx/1.10.3 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
server
nginx/1.10.3
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png
mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YIIcbgAAZT9iagBg&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638...
95 B
179 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YIIcbgAAZT9iagBg&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361&_test=YIIcbgAAZT9iagBg
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:34 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
644329531b7f4e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd827ee00004e2c57bfd000000001

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:34 GMT
via
1.1 varnish
server
Varnish
x-timer
S1619139695.550484,VS0,VE0
x-served-by
cache-hhn4083-HHN
x-cache
HIT
location
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YIIcbgAAZT9iagBg&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361&_test=YIIcbgAAZT9iagBg
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://mwzeom.zeotap.com/mw?cid=30576082-1c6f-4000-a58c-882887c2373a&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c7...
95 B
387 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=30576082-1c6f-4000-a58c-882887c2373a&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6443295849894e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd82b3200004e2c81b6b000000001

Redirect headers

Date
Fri, 23 Apr 2021 01:01:35 GMT
Server
MT3 3660 495c301 master cdg-pixel-x25
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://mwzeom.zeotap.com/mw?cid=30576082-1c6f-4000-a58c-882887c2373a&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
0
Expires
Fri, 23 Apr 2021 01:03:07 GMT
usermatch.gif
beacon.krxd.net/ Frame 97A8
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
  • https://mwzeom.zeotap.com/mw?zpartnerid=768&cid=OE94J1p4&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
  • https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=da4e1ab7-39d4-480a-766e-8fdf96bd7262
0
336 B
Image
General
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=da4e1ab7-39d4-480a-766e-8fdf96bd7262
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.170.10.95 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:35 GMT
cache-control
private, no-cache, no-store
x-request-time
D=26 t=1619139695
x-served-by
beacon-n018-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Fri, 23 Apr 2021 01:01:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-origin
https://spl.zeotap.com
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
text/html; charset=utf-8
location
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=da4e1ab7-39d4-480a-766e-8fdf96bd7262
access-control-allow-credentials
true
cf-ray
6443295a0b6c4e2c-FRA
access-control-allow-headers
*
cf-request-id
099dd82c4600004e2c54341000000001
dcm
aax-eu.amazon-adsystem.com/s/ Frame 97A8
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=da4e1ab7-39d4-480a-766e-8fdf96bd7262&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766...
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=da4e1ab7-39d4-480a-766e-8fdf96bd7262&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766...
43 B
433 B
Image
General
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=da4e1ab7-39d4-480a-766e-8fdf96bd7262&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361&dcc=t
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:34 GMT
Server
Server
Vary
User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:34 GMT
Server
Server
Vary
User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=da4e1ab7-39d4-480a-766e-8fdf96bd7262&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 97A8
Redirect Chain
  • https://tags.bluekai.com/site/87734?id=da4e1ab7-39d4-480a-766e-8fdf96bd7262&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK...
  • https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
95 B
229 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:34 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
644329554dfa4e2c-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
099dd8294f00004e2c68000000000001

Redirect headers

Location
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Date
Fri, 23 Apr 2021 01:01:34 GMT
Connection
keep-alive
Content-Length
0
BK-Server
77a1
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
zeo
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/ Frame 97A8
0
38 B
Image
General
Full URL
https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dda4e1ab7-39d4-480a-766e-8fdf96bd7262%26reqId%3Dc62c8c73-2124-4c95-40c6-638c253a60ce%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.71.14 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:35 GMT
content-length
0
cmp.min.js
spl.zeotap.com/ Frame 97A8
557 B
618 B
Script
General
Full URL
https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b11dfefef3b7fb7ee82d4c30c1538d24dff79885e2a4ac05ccd48a774721971b

Request headers

Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray
64432949788e4e2c-FRA
date
Fri, 23 Apr 2021 01:01:33 GMT
via
1.1 google
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
content-encoding
br
access-control-allow-headers
*
cf-request-id
099dd821ea00004e2c78ac1000000001
cc.js
tags.crwdcntrl.net/c/15238/ Frame 6640
38 KB
11 KB
Script
General
Full URL
https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.95.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-95-123.zrh50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 22 Apr 2021 18:35:07 GMT
content-encoding
gzip
etag
W/"2b2f816f40499d384e118ce88a266e02"
last-modified
Thu, 02 Jul 2020 15:35:12 GMT
server
AmazonS3
age
23189
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
via
1.1 048a65288aba3f3565a971a2e44151be.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
ZRH50-C1
x-amz-cf-id
v5VFo5R2d_QQyvYRrPh3R8omzKJXv5a679nwfgzG9aA_HNeBTzB0LA==
sirdata_03022021.html
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 091D
636 B
577 B
Document
General
Full URL
https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
Software
openresty /
Resource Hash
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

:method
GET
:authority
s.e-planning.net
:scheme
https
:path
/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.us.e-planning.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
E=AKVN9MJlSt8s6Mt7
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.us.e-planning.net/

Response headers

server
openresty
date
Fri, 23 Apr 2021 01:01:32 GMT
content-type
text/html
last-modified
Wed, 03 Feb 2021 21:18:20 GMT
etag
W/"601b131c-27c"
expires
Wed, 22 Apr 2026 01:01:32 GMT
cache-control
max-age=157680000
access-control-allow-origin
*
content-encoding
gzip
e-planning
sync.quantumdex.io/usersync/ Frame 42AF
2 KB
1 KB
Document
General
Full URL
https://sync.quantumdex.io/usersync/e-planning
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d7bb6b38b41fd8d8ca363004edb067c20c332d4d82b8b83d953b6b0011a89c3

Request headers

:method
GET
:authority
sync.quantumdex.io
:scheme
https
:path
/usersync/e-planning
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.us.e-planning.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.us.e-planning.net/

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
content-type
text/html
set-cookie
__cfduid=d172eac6ec0ee87da733eaf322e7352391619139693; expires=Sun, 23-May-21 01:01:33 GMT; path=/; domain=.quantumdex.io; HttpOnly; SameSite=Lax uid=5f9f8876-ae4c-4553-9f25-51dd1332bdfd; expires=Thu, 13 May 2021 01:01:33 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status
DYNAMIC
cf-request-id
099dd82212000006259e9e8000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=it2MfaLj0PfA0CeRYFIY74b9YBt8hodz%2FH5bMzKNAdK1DH1EsQfSsdefffrZN%2FAB17as4e4Sd%2B23kcE%2BpfMPs%2FFhFxS29iHiNkDP1fgsgUMi4vJEuTifyyCSwJhXBnU%3D"}],"group":"cf-nel"}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
64432949ba410625-FRA
content-encoding
br
Cookie set csync
sync.console.adtarget.com.tr/ Frame 6B33
86 B
543 B
Document
General
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=307442&extuid=AKVN9MJlSt8s6Mt7
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Host
sync.console.adtarget.com.tr
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://ads.us.e-planning.net/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
vmuid=97e25719fee34765
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.us.e-planning.net/

Response headers

Server
VertaMedia 1.0
Date
Fri, 23 Apr 2021 01:01:32 GMT
Content-Type
image/gif
Content-Length
86
Cache-Control
no-cache, no-store, must-revalidate
Set-Cookie
vmuid=97e25719fee34765; expires=Thu, 24 Jun 2021 01:01:33 GMT; domain=.console.adtarget.com.tr; path=/; secure; SameSite=None a307442=AKVN9MJlSt8s6Mt7; expires=Thu, 24 Jun 2021 01:01:33 GMT; domain=.console.adtarget.com.tr; path=/; secure; SameSite=None
match.js
js.adscale.de/ Frame 18A3
4 KB
2 KB
Script
General
Full URL
https://js.adscale.de/match.js
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.237.88 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-237-88.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
91b4eb09154d5ebef46352e922194ec6dbb9547b63f9776ae10133fe1ca66879

Request headers

Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
wLpT08_wLXVkyJ1J8XFuEEwEpe2lwEj_
Content-Encoding
gzip
Last-Modified
Wed, 03 Mar 2021 00:56:54 GMT
Server
AmazonS3
x-amz-request-id
0CJGEPQ2ZKSDZJTR
ETag
"b75124846aec28a28b7a3441813682d5"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=300
Date
Fri, 23 Apr 2021 01:01:33 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1700
x-amz-id-2
rTeXxEVlmwvubu+6mFW79yFbR/gN1X2gq0lQgaMPHQj754I0ueECxgXGlb1NT3Jw/38xunNd2r8=
cmp
spl.zeotap.com/ Frame 97A8
0
0
Document
General
Full URL
https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361&cmp=0
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
spl.zeotap.com
:scheme
https
:path
/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=da4e1ab7-39d4-480a-766e-8fdf96bd7262&reqId=c62c8c73-2124-4c95-40c6-638c253a60ce&zdid=1361&cmp=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
zc=da4e1ab7-39d4-480a-766e-8fdf96bd7262; zsc=%CD%8B%C2G%C4%C0%CD%0C%E5j1b%C6%E97D%A2%A6%13%84%F7%A7O%02%02k%26%A57%A0I%A2%8A%84%90ng%94%DEH%E3%FBd%91h9%3C%3F%24M%DD6%A2%92K%B8dH%E0%81%88%81%8EyC%F7s%97%F6%AFh%D5%11T%FC%DDN%A1%18%F9%17%94M%3F%81%10%40%92w%B8%DF%2C%15d%0BG%85%A6%C9%1D%B6%B4%FEF%C9%A0%25%2A%7B%ED%7F%B77%12%978_hS%92w%8F%E0%9Epc%245%13b_%E7XY%121%86%CF%7C%D8%2Bw1%3CY%3C%CB%CB%891%D7%25%F7%9Fw%0FJ%24w%AD%7FU%B6%C5%BB%808%D9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
set-cookie
__cfduid=dd3dc8f308955ac7a7d5a9edbd08be13d1619139693; expires=Sun, 23-May-21 01:01:33 GMT; path=/; domain=.zeotap.com; HttpOnly; SameSite=Lax
access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://spl.zeotap.com
vary
Origin
via
1.1 google
cf-cache-status
DYNAMIC
cf-request-id
099dd8221100004e2c67bfc000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
64432949b8d94e2c-FRA
GS.d
js.cookieless-data.com/ Frame 091D
0
367 B
Script
General
Full URL
https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1619139693109
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.15.145.115 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS
Software
nginx/1.11.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains; preload
X-Xss-Protection 0

Request headers

Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:33 GMT
server
nginx/1.11.3
strict-transport-security
max-age=15724800; includeSubDomains; preload
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cross-origin-resource-policy
cross-origin
content-length
0
x-xss-protection
0
expires
Tue, 01 Jan 2000 00:00:00 GMT
img
ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/ Frame 18A3
Redirect Chain
  • https://bbnaut.ibillboard.com/match/AdScale?partneruid=10083598ef6b4e469e299562f7eb7630&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a6f3aea857f826d8%2F1619139692945%2F0%2Fimg%3Ftpid%...
  • https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/img?tpid=101&tpuid=BBID-01-02938537005297030-16269048
49 B
372 B
Image
General
Full URL
https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/img?tpid=101&tpuid=BBID-01-02938537005297030-16269048
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-173-146.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Date
Fri, 23 Apr 2021 01:01:40 GMT
Server
nginx
Transfer-Encoding
chunked
p3p
CP="CUR ADM DEV OUR STP PRE DSP NOI COR NID"
Location
https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/img?tpid=101&tpuid=BBID-01-02938537005297030-16269048
Cache-Control
private, max-age=3600
Access-Control-Allow-Credentials
true
Connection
close
setuid
sync.quantumdex.io/ Frame 42AF
Redirect Chain
  • https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
  • https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1
  • https://sync.quantumdex.io/setuid?bidder=between&uid=83c38c5b-2422-5271-8f3f-5bf5efbd4798
43 B
326 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=between&uid=83c38c5b-2422-5271-8f3f-5bf5efbd4798
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KNzO8c%2FYFxTQIxInY30S1ZJOWV0ZAkbKkpOeqL2kVDiUWwox3Iu%2Fds7iuSnTXQAVgEgd8jO1gfOL2sFKTT3WfYbTXLxvfmQEgvUZaAL2NIyFY0klNzuWYhLXFbbegV8%3D"}],"group":"cf-nel"}
content-type
image/gif
cf-ray
6443294c4c950625-FRA
content-length
43
cf-request-id
099dd823aa0000062594835000000001

Redirect headers

location
https://sync.quantumdex.io/setuid?bidder=between&uid=83c38c5b-2422-5271-8f3f-5bf5efbd4798
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
setuid
sync.quantumdex.io/ Frame 42AF
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
  • https://sync.quantumdex.io/setuid?bidder=appnexus&uid=295627870936991132
43 B
326 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=295627870936991132
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iR%2BLwcuu8BrhQFgosG5KnR01DSWIbwa3bZEdoPVNKFsWdTwRkoV%2FqKYQmdye1KB5hd%2F5WzmXbFkeSuRguue2HLa5oxrWJQzCb7Rv3hbcoENmehn7KpVoEhXJ9G%2FVcGY%3D"}],"group":"cf-nel"}
content-type
image/gif
cf-ray
6443294adb380625-FRA
content-length
43
cf-request-id
099dd822c5000006257e14f000000001

Redirect headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:33 GMT
X-Proxy-Origin
37.120.211.132; 37.120.211.132; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.145:80
AN-X-Request-Uuid
86c9558d-ca7a-45ed-b97b-4afa9e5429f1
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=295627870936991132
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
sync.quantumdex.io/ Frame 42AF
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID
  • https://sync.quantumdex.io/setuid?bidder=answermedia&uid=295627870936991132
43 B
329 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=295627870936991132
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=h%2FLrVlqXJg6WispyBMoMy196uvoeWVoRxm7WMtgwjbYUh%2FGFIRTSLNadgRt8E%2FQrnQI2XTGqvnVhZ%2BYZhYerdrl7Rv3JfJCSbTzM2QDmHowTJsI651YKE%2B5Jx2PbkcQ%3D"}],"group":"cf-nel"}
content-type
image/gif
cf-ray
6443294b2b8c0625-FRA
content-length
43
cf-request-id
099dd822f400000625882aa000000001

Redirect headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:33 GMT
X-Proxy-Origin
37.120.211.132; 37.120.211.132; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.139:80
AN-X-Request-Uuid
abfde32d-ff5e-4b52-b54a-ec9174433947
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=295627870936991132
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
us
sync.go.sonobi.com/ Frame 42AF
0
478 B
Image
General
Full URL
https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:33 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
setuid
sync.quantumdex.io/ Frame 42AF
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58424/occ
  • https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-2t_tPw1E2uEEPaadjj_RZ.OWbSBIpuSF3hgHAmQ-~A
43 B
447 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-2t_tPw1E2uEEPaadjj_RZ.OWbSBIpuSF3hgHAmQ-~A
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zkI6cb2EgMQxiRIKlgkja2T9U6Z%2FMiLXH1vhg%2FlD6lXnRkl%2F%2FamWL4huPTW%2FIaDkm9EPcdIz7H9kpHMqsLPG0trkiBAqiEWXI7JuhlppG7A1W2HtBy6NRC8aaAJBBWI%3D"}],"group":"cf-nel"}
content-type
image/gif
cf-ray
6443294adb3b0625-FRA
content-length
43
cf-request-id
099dd822c70000062575972000000001

Redirect headers

Date
Fri, 23 Apr 2021 01:01:33 GMT
Server
ATS/7.1.2.128
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-2t_tPw1E2uEEPaadjj_RZ.OWbSBIpuSF3hgHAmQ-~A
Connection
keep-alive
Content-Length
0
um
sync.e-planning.net/ Frame 42AF
42 B
103 B
Image
General
Full URL
https://sync.e-planning.net/um?dc=bcf310d1654d268f&iss=1&uid=5f9f8876-ae4c-4553-9f25-51dd1332bdfd
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.249 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
server
openresty
content-type
image/gif
Cookie set usermatch
ssum-sec.casalemedia.com/ Frame 590B
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
  • https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
2 KB
3 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8be7fbec84ac9b3907541c3ff52b6b0f67e40cf42c8b33492d7a5f82c2b02bc1

Request headers

Host
ssum-sec.casalemedia.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://sync.quantumdex.io/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
CMID=YIIcbXpSPAFvUg-Jyf3WrAAA; CMPS=1178
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://sync.quantumdex.io/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
241|39|45|230|111|41|88|221
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1744
Expires
Fri, 23 Apr 2021 01:01:33 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:33 GMT
Connection
keep-alive
Set-Cookie
CMID=YIIcbXpSPAFvUg-Jyf3WrAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 23 Apr 2022 01:01:33 GMT CMPS=1178;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 22 Jul 2021 01:01:33 GMT CMPRO=1133;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 22 Jul 2021 01:01:33 GMT CMST=YIIcbWCCHG0A;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 24 Apr 2021 01:01:33 GMT CMRUM3=6f60821c6d05a0&e660821c6d27600&2d60821c6d05a0&5860821c6d05a0&f160821c6d05a0&2960821c6d05a00&2760821c6d0b40&dd60821c6d27600;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 23 Apr 2022 01:01:33 GMT

Redirect headers

Server
Apache
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Fri, 23 Apr 2021 01:01:33 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:33 GMT
Connection
keep-alive
Set-Cookie
CMID=YIIcbXpSPAFvUg-Jyf3WrAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 23 Apr 2022 01:01:33 GMT CMPS=1178;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 22 Jul 2021 01:01:33 GMT
/
onetag-sys.com/usync/ Frame 8B05
2 KB
818 B
Document
General
Full URL
https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip251.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

:method
GET
:authority
onetag-sys.com
:scheme
https
:path
/usync/?pubId=2bb78272a859ca6
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://sync.quantumdex.io/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://sync.quantumdex.io/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
strict-transport-security
max-age=15552000
Cookie set uc.html
sync.go.sonobi.com/ Frame 196B
43 B
555 B
Document
General
Full URL
https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Host
sync.go.sonobi.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://sync.quantumdex.io/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://sync.quantumdex.io/

Response headers

Date
Fri, 23 Apr 2021 01:01:33 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control
no-cache, no-store, private
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma
no-cache
Tcn
Choice
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
X-Xss-Protection
0
Content-Encoding
gzip
Server
sonobi-go
Set-Cookie
HAPLB5S=s57129|YIIcc; path=/; domain=.go.sonobi.com
d
ic.tynt.com/r/ Frame F11B
0
0
Document
General
Full URL
https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.190 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash

Request headers

:method
GET
:authority
ic.tynt.com
:scheme
https
:path
/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://sync.quantumdex.io/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://sync.quantumdex.io/

Response headers

server
nginx/1.16.1
date
Fri, 23 Apr 2021 01:01:33 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
dcm
s.amazon-adsystem.com/ Frame 590B
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YIIcbXpSPAFvUg_Jyf3WrAAABG0AAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YIIcbXpSPAFvUg_Jyf3WrAAABG0AAAIB&dcc=t
43 B
433 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YIIcbXpSPAFvUg_Jyf3WrAAABG0AAAIB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.130.13 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:37 GMT
Server
Server
Vary
User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:37 GMT
Server
Server
Vary
User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YIIcbXpSPAFvUg_Jyf3WrAAABG0AAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 590B
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=39&cm_user_id=YIIcbXpSPAFvUg-Jyf3WrAAA&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.33.11.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-11-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:34 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame 590B
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YIIcbXpSPAFvUg-Jyf3WrAAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDlxQPk0gpLHVsamSPScYFg&google_cver=1
43 B
1002 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDlxQPk0gpLHVsamSPScYFg&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:33 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 23 Apr 2021 01:01:33 GMT

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:33 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDlxQPk0gpLHVsamSPScYFg&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame 590B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YIIcbXpSPAFvUg_Jyf3WrAAABG0AAAIB
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEA0ye-eKZO53qpY1XIvqY54&google_cver=1
43 B
315 B
Image
General
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEA0ye-eKZO53qpY1XIvqY54&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:33 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Fri, 23 Apr 2021 01:01:33 GMT

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:33 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEA0ye-eKZO53qpY1XIvqY54&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
match
c1.adform.net/serving/cookie/ Frame 590B
0
330 B
Image
General
Full URL
https://c1.adform.net/serving/cookie/match?party=29&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.241 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:33 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
bridge
cm.adgrx.com/ Frame 590B
43 B
408 B
Image
General
Full URL
https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.231.180.197 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:34 GMT
server
Cowboy
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
X-RealServer-NX
ams-delivery-1
Content-Length
43
Expires
Thu, 23 Sep 2004 17:42:04 GMT
rum
dsum-sec.casalemedia.com/ Frame 590B
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
  • https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1&_test=YIIcbgAAZUthDwBg
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YIIcbgAAZUthDwBg&gdpr=1&_test=YIIcbgAAZUthDwBg
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YIIcbgAAZUthDwBg&gdpr=1&_test=YIIcbgAAZUthDwBg
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:34 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 23 Apr 2021 01:01:34 GMT

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:34 GMT
via
1.1 varnish
server
Varnish
x-timer
S1619139694.452917,VS0,VE0
x-served-by
cache-hhn4083-HHN
x-cache
HIT
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YIIcbgAAZUthDwBg&gdpr=1&_test=YIIcbgAAZUthDwBg
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
tpid=YIIcbXpSPAFvUg-Jyf3WrAAA%261133
bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/ Frame 590B
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YIIcbXpSPAFvUg-Jyf3WrAAA%261133
  • https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YIIcbXpSPAFvUg-Jyf3WrAAA%261133
49 B
711 B
Image
General
Full URL
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YIIcbXpSPAFvUg-Jyf3WrAAA%261133
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.130.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:33 GMT
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.25.253
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:33 GMT
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YIIcbXpSPAFvUg-Jyf3WrAAA%261133
cache-control
no-cache
x-server
10.45.26.226
content-length
0
expires
0
setuid
sync.quantumdex.io/ Frame 590B
43 B
432 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=ix&uid=YIIcbXpSPAFvUg_Jyf3WrAAABG0AAAIB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:33 GMT
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NhuJU%2FcLzEM5JJLvPjwyiN71Q55xqeljoS746aSmjS4eg%2Fi7wifaP53UQQdRwLeTZ66YzvsOmeZIGZSuGmLARQiQaZnyNnpeYNYximxY9ZwbDUG3CJfO8nCNrzfxqpM%3D"}],"group":"cf-nel"}
content-type
image/gif
cf-ray
6443294d8df10625-FRA
content-length
43
cf-request-id
099dd82475000006258aaf5000000001
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 18A3
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=bc89f3cda3d190a9ee5a2af...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=2b1b6082-1c6f-4900-9488-0045cdacf9e5&gdpr=0&gdpr_consent=
49 B
548 B
Image
General
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=2b1b6082-1c6f-4900-9488-0045cdacf9e5&gdpr=0&gdpr_consent=
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-173-146.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:35 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Date
Fri, 23 Apr 2021 01:01:04 GMT
Server
MT3 3660 495c301 master cdg-pixel-x2
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=2b1b6082-1c6f-4900-9488-0045cdacf9e5&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 23 Apr 2021 01:01:03 GMT
v2_307359_6809.json
player.adtelligent.com/prebidlink/2698566/
105 KB
6 KB
XHR
General
Full URL
https://player.adtelligent.com/prebidlink/2698566/v2_307359_6809.json?cb=gordonua.com
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/449761/wrapper_hb_307359_6809.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.1 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
82f26daa47437ac368131c92f96ca0f8fafa7218bbb5eb9b03d5992480f6ed8c

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:35 GMT
content-encoding
gzip
last-modified
Thu, 22 Apr 2021 11:30:45 GMT
server
nginx
etag
W/"60815e65-1a588"
content-type
application/json
access-control-allow-origin
https://gordonua.com
expires
Fri, 23 Apr 2021 02:01:35 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
img
ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/ Frame 18A3
Redirect Chain
  • https://adscale-emea.adnxs.com/getuid?https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a6f3aea857f826d8%2F1619139692945%2F0%2Fimg%3Ftpid%3D75%26tpuid%3D%24UID&gdpr=0
  • https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/img?tpid=75&tpuid=295627870936991132&gdpr=0
49 B
526 B
Image
General
Full URL
https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/img?tpid=75&tpuid=295627870936991132&gdpr=0
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-173-146.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:35 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:35 GMT
X-Proxy-Origin
37.120.211.132; 37.120.211.132; 829.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.202:80
AN-X-Request-Uuid
89414ccc-ccc7-45e4-ae0d-41350e959a0b
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/img?tpid=75&tpuid=295627870936991132&gdpr=0
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 18A3
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=19e1342399f7033eb7fa133ad...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=YIIcbXpSPAFvUg-Jyf3WrAAA%261133&gdpr=0
49 B
568 B
Image
General
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=YIIcbXpSPAFvUg-Jyf3WrAAA%261133&gdpr=0
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-173-146.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:36 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:36 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=YIIcbXpSPAFvUg-Jyf3WrAAA%261133&gdpr=0
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
310
Expires
Fri, 23 Apr 2021 01:01:36 GMT
usync.js
eus.rubiconproject.com/ Frame ECC4
31 KB
9 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-230-142.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
ed2d993c35cd51826ee304739d91e554bd9faa1b120602fc4b3baa15941a9e35

Request headers

Referer
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:35 GMT
Content-Encoding
gzip
Last-Modified
Mon, 19 Apr 2021 20:34:13 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=35002
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9242
Expires
Fri, 23 Apr 2021 10:44:57 GMT
khaos.jpg
token.rubiconproject.com/ Frame ECC4
284 B
536 B
Image
General
Full URL
https://token.rubiconproject.com/khaos.jpg?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
284
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Content-Type
image/jpg
img
ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/ Frame 18A3
Redirect Chain
  • https://track.adform.net/serving/cookie/match/?party=9&uid=0cce9455eea1ced80e791c683c234877dfb1d0c389f88e70319bd437687a49a8&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a6f3ae...
  • https://track.adform.net/serving/cookie/match/?CC=1&party=9&uid=0cce9455eea1ced80e791c683c234877dfb1d0c389f88e70319bd437687a49a8&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac3577564949a...
  • https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/img?tpid=42&gdpr=0&tpuid=1265407494166813987
49 B
579 B
Image
General
Full URL
https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/img?tpid=42&gdpr=0&tpuid=1265407494166813987
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-173-146.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:36 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:36 GMT
server
nginx
location
https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/img?tpid=42&gdpr=0&tpuid=1265407494166813987
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
YIIccFV1RBxsx5vIoo49GwAABG0AAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 54C2
43 B
919 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/YIIccFV1RBxsx5vIoo49GwAABG0AAAAB
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:36 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
getuid
secure.adnxs.com/ Frame 54C2
0
0
Image
General
Full URL
https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

crum
dsum-sec.casalemedia.com/ Frame 54C2
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=30576082-1c6f-4000-a58c-882887c2373a&gdpr=1&gdpr_consent=
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=30576082-1c6f-4000-a58c-882887c2373a&gdpr=1&gdpr_consent=
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:36 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 23 Apr 2021 01:01:36 GMT

Redirect headers

Date
Fri, 23 Apr 2021 01:01:05 GMT
Server
MT3 3660 495c301 master cdg-pixel-x4
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=30576082-1c6f-4000-a58c-882887c2373a&gdpr=1&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 23 Apr 2021 01:01:04 GMT
YIIccFV1RBxsx5vIoo49GwAABG0AAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 54C2
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YIIccFV1RBxsx5vIoo49GwAABG0AAAAB
  • https://pr-bh.ybp.yahoo.com/sync/casale/YIIccFV1RBxsx5vIoo49GwAABG0AAAAB
43 B
88 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/YIIccFV1RBxsx5vIoo49GwAABG0AAAAB
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:36 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Fri, 23 Apr 2021 01:01:36 GMT
Server
ATS/7.1.2.128
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://pr-bh.ybp.yahoo.com/sync/casale/YIIccFV1RBxsx5vIoo49GwAABG0AAAAB
Connection
keep-alive
Content-Length
0
113
match.deepintent.com/usersync/ Frame 54C2
0
44 B
Image
General
Full URL
https://match.deepintent.com/usersync/113
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:37 GMT
content-length
0
server
a
crum
dsum-sec.casalemedia.com/ Frame 54C2
Redirect Chain
  • https://sync.extend.tv/r.gif?exchange=index
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=5a53e5ea-fffd-439e-9b15-a329e187605f
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=5a53e5ea-fffd-439e-9b15-a329e187605f&C=1
43 B
1023 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=5a53e5ea-fffd-439e-9b15-a329e187605f&C=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:38 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 23 Apr 2021 01:01:38 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:38 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=5a53e5ea-fffd-439e-9b15-a329e187605f&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
301
Expires
Fri, 23 Apr 2021 01:01:38 GMT
casale
match.adsrvr.org/track/cmf/ Frame 54C2
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=70&cm_user_id=YIIccFV1RBxsx5vIoo49GwAA&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.33.11.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-11-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:36 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
getuid
ib.adnxs.com/ Frame 54C2
0
0
Image
General
Full URL
https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

um
u-ams02.e-planning.net/ Frame 54C2
42 B
103 B
Image
General
Full URL
https://u-ams02.e-planning.net/um?dc=99e41df815fd80b4&fi=c73d61587ad18754&uid=YIIccFV1RBxsx5vIoo49GwAA%261133
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc73d61587ad18754%26uid%3D&C=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.249 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:36 GMT
server
openresty
content-type
image/gif
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 18A3
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&u...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=75214bc5-f806-421d-a1d1-92f8e6c97ec5
49 B
527 B
Image
General
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=75214bc5-f806-421d-a1d1-92f8e6c97ec5
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-173-146.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:36 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

pragma
no-cache
x-errorlevel
0
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=75214bc5-f806-421d-a1d1-92f8e6c97ec5
cache-control
no-cache
date
Fri, 23 Apr 2021 01:01:36 GMT
server-processing-duration-in-ticks
2061
content-type
text/html; charset=utf-8
content-length
237
expires
Fri, 23 Apr 2021 00:00:00 GMT
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 18A3
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=eb8445d8cf965a3801b44f8a...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=30576082-1c6f-4000-a58c-882887c2373a&gdpr=0&gdpr_consent=
49 B
621 B
Image
General
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=30576082-1c6f-4000-a58c-882887c2373a&gdpr=0&gdpr_consent=
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-173-146.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:36 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Date
Fri, 23 Apr 2021 01:01:05 GMT
Server
MT3 3660 495c301 master cdg-pixel-x2
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=30576082-1c6f-4000-a58c-882887c2373a&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 23 Apr 2021 01:01:04 GMT
js
ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/ Frame 18A3
Redirect Chain
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=d36f912ab6498dbd6fb3f68d237ab7414cd86db26d545bc3c76809ed06d1a518&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac35775649...
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=d36f912ab6498dbd6fb3f68d237ab7414cd86db26d545bc3c76809ed06d1a518&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2eebac35775649...
  • https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/js?tpid=48&tpuid=8845b388e7e99284f50cb25d0bc25a4a
44 B
359 B
Script
General
Full URL
https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/js?tpid=48&tpuid=8845b388e7e99284f50cb25d0bc25a4a
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-173-146.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
14870671fbcb712491fcd7de340929accc31944179471e3cac13b3093309308f

Request headers

Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:37 GMT
p3p
CP=NOI PSA OUR
content-length
44
content-type
text/javascript

Redirect headers

Location
https://ih.adscale.de/sium/2eebac3577564949a6f3aea857f826d8/1619139692945/0/js?tpid=48&tpuid=8845b388e7e99284f50cb25d0bc25a4a
Date
Fri, 23 Apr 2021 01:01:37 GMT
Server
nginx
Connection
keep-alive
Content-Type
text/plain; charset=utf-8
Content-Length
147
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
sium
ih.adscale.de/ Frame 18A3
0
190 B
XHR
General
Full URL
https://ih.adscale.de/sium
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/match.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.173.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-173-146.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ih.adscale.de
date
Fri, 23 Apr 2021 01:01:37 GMT
access-control-allow-credentials
true
access-control-allow-headers
x-openrtb-version
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
ptrack
a.audrte.com/ Frame 6640
368 B
880 B
XHR
General
Full URL
https://a.audrte.com/ptrack?arlocation=37.120.211.132&p=M1353665098&artime=2021-04-23T01:01:40.590Z&arlocation=YWRzLnVzLmUtcGxhbm5pbmcubmV0L3VzcGQvMT9jdD0xJmR1PWh0dHBzJTNBJTJGJTJGc3luYy5jb25zb2xlLmFkdGFyZ2V0LmNvbS50ciUyRmNzeW5jJTNGdCUzRGElMjZlcCUzRDMwNzQ0MiUyNmV4dHVpZCUzRCUyNFVJRA==&gdpr=0&gdpr_consent=null&gdpr_version=1&arreferer=cy5jb25zb2xlLmFkdGFyZ2V0LmNvbS50ci8=
Requested by
Host: a.audrte.com
URL: https://a.audrte.com/ptag?p=M1353665098
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.221.146.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-221-146-169.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
4f2e5e9d1d2739e14c42952b46afd01b9a39cdd2f0eba2eba2a9c1108411e111

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:40 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
https://ads.us.e-planning.net
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
263
allvotes_1.json
gordonua.com/pub/corevotes/
4 B
249 B
XHR
General
Full URL
https://gordonua.com/pub/corevotes/allvotes_1.json
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/pub/corevotes/allvotes_1.json
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
sec-fetch-dest
empty
:authority
gordonua.com
x-requested-with
XMLHttpRequest
:scheme
https
sec-fetch-site
same-origin
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
vary
Accept-Encoding
last-modified
Fri, 13 Jun 2014 10:45:07 GMT
server
nginx
etag
"539ad633-4"
x-frame-options
sameorigin
content-type
application/json
cache-control
max-age=60
accept-ranges
bytes
content-length
4
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
46.xml
gordonua.com/pub/banners/xml/
57 B
293 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/46.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
cf945ffc193bb3ede4a5471d87cd6072be2328ea13a0db275356dfb88f4189c0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/46.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-39"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
33.xml
gordonua.com/pub/banners/xml/
57 B
293 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/33.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
cf945ffc193bb3ede4a5471d87cd6072be2328ea13a0db275356dfb88f4189c0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/33.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-39"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
21.xml
gordonua.com/pub/banners/xml/
57 B
293 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/21.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
cf945ffc193bb3ede4a5471d87cd6072be2328ea13a0db275356dfb88f4189c0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/21.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-39"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
42.xml
gordonua.com/pub/banners/xml/
3 KB
1 KB
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/42.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
39cb1689e9f6759a3585f52e5141691dd875ea9cd6d0a5ced9d9fcf4347a38ad
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/42.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-af5"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
22.xml
gordonua.com/pub/banners/xml/
2 KB
1 KB
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/22.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
3b98e9f6b930db3d431b76b27fa39f977e4073f5f03a0cdb0842b777beb6a24d
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/22.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-7dd"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
43.xml
gordonua.com/pub/banners/xml/
57 B
293 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/43.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
cf945ffc193bb3ede4a5471d87cd6072be2328ea13a0db275356dfb88f4189c0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/43.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-39"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
44.xml
gordonua.com/pub/banners/xml/
57 B
293 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/44.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
cf945ffc193bb3ede4a5471d87cd6072be2328ea13a0db275356dfb88f4189c0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/44.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-39"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
151.xml
gordonua.com/pub/banners/xml/
57 B
293 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/151.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
cf945ffc193bb3ede4a5471d87cd6072be2328ea13a0db275356dfb88f4189c0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/151.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-39"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
152.xml
gordonua.com/pub/banners/xml/
57 B
293 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/152.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
cf945ffc193bb3ede4a5471d87cd6072be2328ea13a0db275356dfb88f4189c0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/152.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-39"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
35.xml
gordonua.com/pub/banners/xml/
5 KB
2 KB
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/35.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
c6c43654bfdd0b6c99611d1250bd957c7878941e091ad1eaaaeeab33af892cd4
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/35.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-12e4"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
95.xml
gordonua.com/pub/banners/xml/
460 B
508 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/95.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
cb5abd05cda617a5cec27543025abf4465e7d7d20bded866af72caafdde816fe
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/95.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-1cc"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
37.xml
gordonua.com/pub/banners/xml/
456 B
470 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/37.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
276067b218a647197ae379e6a43e7d12dfd872d3d1b0c2b43c1cd2ff8a67cd50
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/37.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-1c8"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
38.xml
gordonua.com/pub/banners/xml/
458 B
469 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/38.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
980f545c558861910550fde1b8cea86d3b5f75bcf0394d579d140728609d1394
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/38.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-1ca"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
39.xml
gordonua.com/pub/banners/xml/
57 B
293 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/39.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
cf945ffc193bb3ede4a5471d87cd6072be2328ea13a0db275356dfb88f4189c0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/39.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-39"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
40.xml
gordonua.com/pub/banners/xml/
57 B
293 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/40.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
cf945ffc193bb3ede4a5471d87cd6072be2328ea13a0db275356dfb88f4189c0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/40.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-39"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
41.xml
gordonua.com/pub/banners/xml/
57 B
293 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/41.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
cf945ffc193bb3ede4a5471d87cd6072be2328ea13a0db275356dfb88f4189c0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/41.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-39"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
45.xml
gordonua.com/pub/banners/xml/
57 B
293 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/45.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
cf945ffc193bb3ede4a5471d87cd6072be2328ea13a0db275356dfb88f4189c0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/45.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-39"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
31.xml
gordonua.com/pub/banners/xml/
57 B
293 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/31.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
cf945ffc193bb3ede4a5471d87cd6072be2328ea13a0db275356dfb88f4189c0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/31.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-39"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
111.xml
gordonua.com/pub/banners/xml/
358 B
457 B
XHR
General
Full URL
https://gordonua.com/pub/banners/xml/111.xml
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
6ea7985b0f1137adfb547252ce348a044937e3d833a8d4176cc354b41decf049
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/banners/xml/111.xml
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/xml, text/xml, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/xml, text/xml, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-166"
x-frame-options
sameorigin
content-type
text/xml; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
jsonp_v3.js
phoenix-widget.com/static/js/
62 KB
22 KB
Script
General
Full URL
https://phoenix-widget.com/static/js/jsonp_v3.js
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
188.166.21.205 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
b85aaab05f50dec9de1b7e2c1842c59a9be4af4e140b39c958cb20281bf4aa1c

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:40 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Apr 2021 11:22:36 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
W/"60800afc-f6cb"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
public, no-transform
Connection
keep-alive
741.jpg
gordonua.com/pub/banners/img/
31 KB
32 KB
Image
General
Full URL
https://gordonua.com/pub/banners/img/741.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
e4a994e500009cb933e447ce21ec78e2fc6a3fd5aec75e94fd8803812fa16c24
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/pub/banners/img/741.jpg
pragma
no-cache
cookie
facebookCounter=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
vary
Accept-Encoding
last-modified
Mon, 19 Apr 2021 19:46:43 GMT
server
nginx
etag
"607dde23-7db1"
x-frame-options
sameorigin
content-type
image/jpeg
cache-control
max-age=60
accept-ranges
bytes
content-length
32177
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
coreola.php
gordonua.com/exec/ajax/
305 B
488 B
XHR
General
Full URL
https://gordonua.com/exec/ajax/coreola.php?articles%5B859925%5D=859925&articles%5B859924%5D=859924&articles%5B859706%5D=859706&articles%5B855279%5D=855279&articles%5B845212%5D=845212&article=860241&articles%5B860241%5D=860241&artrate%5B860241%5D=860241&sec=2256&langid=1&bnrs=732%2C388%2C451%2C176%2C526%2C175%2C741&debug=%D0%A1%7C&_=1619139700715
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
158e32459dc254a767a425b39fe0342c2a68cfa8a451a7e0da9ebe2d94f7332c
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/exec/ajax/coreola.php?articles%5B859925%5D=859925&articles%5B859924%5D=859924&articles%5B859706%5D=859706&articles%5B855279%5D=855279&articles%5B845212%5D=845212&article=860241&articles%5B860241%5D=860241&artrate%5B860241%5D=860241&sec=2256&langid=1&bnrs=732%2C388%2C451%2C176%2C526%2C175%2C741&debug=%D0%A1%7C&_=1619139700715
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Fri, 23 Apr 2021 01:01:40 GMT
server
nginx
x-xss-protection
1; mode=block
x-frame-options
sameorigin
content-type
application/json; charset=utf-8
pixel
ps.eyeota.net/ Frame 6640
1 KB
1 KB
Image
General
Full URL
https://ps.eyeota.net/pixel?pid=kh51m51&t=ajs&uid=0hdjXXCmwLsQnuyRqifs-XbSQ&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.121.27.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:40 GMT
Content-Length
1241
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
p
a.audrte.com/ Frame 6640
Redirect Chain
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent=
  • https://dmp.adform.net/serving/cookie/match/?CC=1&party=1003&gdpr=0&gdpr_consent=
  • https://a.audrte.com/a?adform_uid=5945109568169925881
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoidGFwYWQifV19&gdpr=0&gdpr_consent=
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoidGFwYWQifV19&gdpr=0&gdpr_consent=&google_gid=CAESECfd5ESb3GBxnjUw6h8eNvk&google_cver=1
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3307&partner_device_id=0hdjXXCmwLsQnuyRqifs-XbSQ&partner_url=https%3A%2F%2Fa.audrte.com%2Ftp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206N...
  • https://a.audrte.com/tp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=
  • https://a.audrte.com/p
68 B
1 KB
Image
General
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.221.146.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-221-146-169.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:41 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/avif
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Fri, 23 Apr 2021 01:01:41 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
p
a.audrte.com/ Frame 6640
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=0hdjXXCmwLsQnuyRqifs-XbSQ&gdpr=0&gdpr_consent=
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=0hdjXXCmwLsQnuyRqifs-XbSQ&gdpr=0&gdpr_consent=&google_gid=CAESECfd5ESb3GBxnjUw6h8eNvk&google_cver=1
  • https://a.audrte.com/p
68 B
618 B
Image
General
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.221.146.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-221-146-169.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:41 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/avif
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Fri, 23 Apr 2021 01:01:40 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
page=1.html
gordonua.com/html/comments/comtype=1/absnum=860241/
3 KB
1 KB
XHR
General
Full URL
https://gordonua.com/html/comments/comtype=1/absnum=860241/page=1.html?1619139700773
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
7ecdd326888122c2cad6e885a69ff0e2e80c37dd1e77f8ae1f2d3daaacbbb4e7
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/html/comments/comtype=1/absnum=860241/page=1.html?1619139700773
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html, */*; q=0.01
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
text/html, */*; q=0.01
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
last-modified
Fri, 23 Apr 2021 01:01:40 GMT
server
nginx
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
create-date
Fri, 23 Apr 2021 04:01:40 +0300
set-cookie
xs=ba2c2a39475c351cb44e1b4e805a907e; expires=Sat, 24-Apr-2021 01:01:40 GMT; Max-Age=86400; path=/; domain=.gordonua.com
x-xss-protection
1; mode=block
expires
Mon, 26 Jul 1997 05:00:00 GMT
top.html
gordonua.com/pub/data/
8 KB
3 KB
XHR
General
Full URL
https://gordonua.com/pub/data/top.html
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
319387b97993111493eab2a615d51f204e12127968dccab6b0a67696b24feca0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/data/top.html
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
*/*
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-1f01"
x-frame-options
sameorigin
content-type
text/html; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
top.html
gordonua.com/pub/data/
8 KB
3 KB
XHR
General
Full URL
https://gordonua.com/pub/data/top.html?3
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
319387b97993111493eab2a615d51f204e12127968dccab6b0a67696b24feca0
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
facebookCounter=0
:path
/pub/data/top.html?3
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
*/*
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 23 Apr 2021 01:00:01 GMT
server
nginx
etag
W/"60821c11-1f01"
x-frame-options
sameorigin
content-type
text/html; charset=utf-8
cache-control
max-age=60
x-xss-protection
1; mode=block
expires
Fri, 23 Apr 2021 01:02:40 GMT
blank.png
gordonua.com/theme/img/
985 B
1 KB
Image
General
Full URL
https://gordonua.com/theme/img/blank.png
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
8cb00e63cb966ea0388fda3357402ba93e460dbfe82019f9695d895f04d3d40b
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/img/blank.png
pragma
no-cache
cookie
facebookCounter=0; xs=ba2c2a39475c351cb44e1b4e805a907e
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
"603911ce-3d9"
x-frame-options
sameorigin
content-type
image/png
accept-ranges
bytes
content-length
985
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:09 GMT
flags.png
gordonua.com/theme/img/
78 KB
78 KB
Image
General
Full URL
https://gordonua.com/theme/img/flags.png
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
9bb25fb7788587d4d6dc12d70e89e7aff8c24dfbda518e8bd8325803f415d21a
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/img/flags.png
pragma
no-cache
cookie
facebookCounter=0; xs=ba2c2a39475c351cb44e1b4e805a907e
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
"603911ce-13809"
x-frame-options
sameorigin
content-type
image/png
accept-ranges
bytes
content-length
79881
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:16 GMT
rate_on_off.png
gordonua.com/theme/img/
477 B
701 B
Image
General
Full URL
https://gordonua.com/theme/img/rate_on_off.png
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
ed82ed7f1860eed8ad984923a6532f485f28fbf4dfef40661a9f721a0b560298
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/img/rate_on_off.png
pragma
no-cache
cookie
facebookCounter=0; xs=ba2c2a39475c351cb44e1b4e805a907e
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
"603911ce-1dd"
x-frame-options
sameorigin
content-type
image/png
accept-ranges
bytes
content-length
477
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:16 GMT
39_main.png
gordonua.com/img/user/679/
2 KB
2 KB
Image
General
Full URL
https://gordonua.com/img/user/679/39_main.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
e95c5849289711d87c1364cd1aec4ecf5cfbb169236ce771b5e9bbfdc58dcc6c
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/user/679/39_main.png
pragma
no-cache
cookie
facebookCounter=0; xs=ba2c2a39475c351cb44e1b4e805a907e
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
vary
Accept-Encoding
last-modified
Thu, 18 Apr 2019 10:46:01 GMT
server
nginx
etag
"5cb85569-6f8"
x-frame-options
sameorigin
content-type
image/png
accept-ranges
bytes
content-length
1784
x-xss-protection
1; mode=block
expires
Fri, 07 May 2021 01:01:40 GMT
22_main.png
gordonua.com/img/user/617/
12 KB
13 KB
Image
General
Full URL
https://gordonua.com/img/user/617/22_main.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
194cf1e329dab099f24557fbe278ead8ea378a42a06820c1e0a2d1e48d9ecf84
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/img/user/617/22_main.png
pragma
no-cache
cookie
facebookCounter=0; xs=ba2c2a39475c351cb44e1b4e805a907e
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:40 GMT
vary
Accept-Encoding
last-modified
Tue, 10 Mar 2020 13:22:44 GMT
server
nginx
etag
"5e6794a4-311e"
x-frame-options
sameorigin
content-type
image/png
accept-ranges
bytes
content-length
12574
x-xss-protection
1; mode=block
expires
Fri, 07 May 2021 01:01:40 GMT
getdata
api.phoenix-widget.com/api/v2/
9 KB
10 KB
XHR
General
Full URL
https://api.phoenix-widget.com/api/v2/getdata?callback=phoenix24240&site_id=58416ca14f32fe3c0502a759&widget_id=5fbb915bc903de27cc06a54f&puid=7c1cea30bd880d0382245630&url=https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Requested by
Host: phoenix-widget.com
URL: https://phoenix-widget.com/static/js/jsonp_v3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.142.14 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
TornadoServer/4.3 /
Resource Hash
3e9018c6058c3bbff38679ce6474917dcd208f08afa810b9bcbdbb0288a5760b

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:42 GMT
server
TornadoServer/4.3
amp-same-origin
true
etag
"1d36d520ed7937d93667056e3dad253bf6355c03"
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
https://gordonua.com
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, *
content-length
9360
gordonua.com.727300.js
jsc.idealmedia.io/g/o/
273 KB
75 KB
Script
General
Full URL
https://jsc.idealmedia.io/g/o/gordonua.com.727300.js?t=20213231
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.199.73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12b8ecd4d3c194ac8f2d47620fd3802c1449fc07a39110bebd1e5485e8a91654

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:41 GMT
content-encoding
gzip
cf-cache-status
HIT
age
2049
cf-ray
6443297c4bf2c833-AMS
content-length
76374
x-amz-id-2
SjoUT8YyAQWs57IBbrYiySJXDR/S+Oq9FO8qFVSEh6UzGyX/fNTKlX+mIh3KNiiwDnRqNq9rxWI=
last-modified
Thu, 22 Apr 2021 10:30:52 GMT
server
cloudflare
etag
"54088d6b398b11c0c2b9e1ed86ed9647"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-request-id
MW3X0T4ZQQX1WFMV
cache-control
public, max-age=10800
cf-request-id
099dd841ae0000c8332b292000000001
accept-ranges
bytes
content-type
text/javascript
expires
Fri, 23 Apr 2021 04:01:41 GMT
plugin.min.js
get.optad360.io/sf/2da27e90-aa23-40af-bd42-bb945be197ee/
309 KB
90 KB
Script
General
Full URL
https://get.optad360.io/sf/2da27e90-aa23-40af-bd42-bb945be197ee/plugin.min.js
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:da00:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e0c42d536505d198df6b50209bdf654c7053bfb1a7fb84bb2c54368f49577f2a

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 00:20:36 GMT
content-encoding
gzip
last-modified
Thu, 22 Apr 2021 12:10:51 GMT
server
AmazonS3
age
2466
etag
W/"9f7de92faa8b00483ed61d7f9189f70a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
cache-control
public, max-age=3600
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
HlHlUlTcBO4YGbqEJumLVrDuL6v0b6AuSbJS8PXteFcTUI3wh3zxrQ==
holder.js
i.holder.com.ua/t/
9 KB
4 KB
Script
General
Full URL
https://i.holder.com.ua/t/holder.js
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
91.198.36.26 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software
nginx /
Resource Hash
8fc4de112cb05f02f61d7856ee3b9ca6a8cd68ea5397520120c5183b99bffc17

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:41 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Jul 2017 14:14:15 GMT
Server
nginx
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=5
Expires
Sat, 23 Apr 2022 01:01:41 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/
62 KB
21 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/2da27e90-aa23-40af-bd42-bb945be197ee/plugin.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
sffe /
Resource Hash
ac4c2d1083556ee3bab8bc188432351b2fc3501b5876791d49153ab08d8180b6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"850 / 155 of 1000 / last-modified: 1619129408"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21104
x-xss-protection
0
expires
Fri, 23 Apr 2021 01:01:41 GMT
prebid4.28.1.js
get.optad360.io/sf/
463 KB
145 KB
Script
General
Full URL
https://get.optad360.io/sf/prebid4.28.1.js
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/2da27e90-aa23-40af-bd42-bb945be197ee/plugin.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:da00:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b1efea1ea1d5dacd4e53c4d220663ec89ebc5c91f6b99c4d7e8f3a670e901ff4

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 21 Apr 2021 17:17:09 GMT
content-encoding
gzip
last-modified
Tue, 02 Mar 2021 09:09:00 GMT
server
AmazonS3
age
114273
etag
W/"584a9977889abad1ce606050f709f6b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
cache-control
public, max-age=360000000
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
ymjMHWp1KcrQRURxfLSm2Y98-NCfp_MCpqwze_U0uPhbVo9iBfjxWw==
sprites.png
gordonua.com/theme/img/
27 KB
27 KB
Image
General
Full URL
https://gordonua.com/theme/img/sprites.png
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.83.188.228 , France, ASN16276 (OVH, FR),
Reverse DNS
front2.gordonua.tk
Software
nginx /
Resource Hash
464590a4da9d186b32647d5a7d566e954debfc54633ba8efa1fe0751e8255618
Security Headers
Name Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:path
/theme/img/sprites.png
pragma
no-cache
cookie
facebookCounter=0; xs=ba2c2a39475c351cb44e1b4e805a907e
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
gordonua.com
referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://gordonua.com/pub/bb10f14113dc45a7d66d2b91277126d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:41 GMT
vary
Accept-Encoding
last-modified
Fri, 26 Feb 2021 15:20:46 GMT
server
nginx
etag
"603911ce-6b98"
x-frame-options
sameorigin
content-type
image/png
accept-ranges
bytes
content-length
27544
x-xss-protection
1; mode=block
expires
Thu, 29 Apr 2021 09:27:11 GMT
latest.json
cdn.jsdelivr.net/gh/prebid/currency-file@1/
2 KB
1 KB
XHR
General
Full URL
https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20210423
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.28.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3422c2a3f20dceba12daf02dee0e1b1df0afc6f58ef0f85a7b08ea40231624eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
17665
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
content-length
928
etag
W/"671-9A/mGQBD0AMNyhzjruJ/CYkw4rw"
x-served-by
cache-fra19123-FRA, cache-hhn4037-HHN
date
Fri, 23 Apr 2021 01:01:41 GMT
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
truncated
/
138 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a1a77755f1456d12630d93a9016e43f6888d2885a7605d5647854e93aef3303c

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
s
h.holder.com.ua/
0
126 B
Script
General
Full URL
https://h.holder.com.ua/s?ta&b6083&c1&r31879187&dholder_300x600_83&hhttps%3A//gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
91.198.36.35 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:41 GMT
Server
nginx
Connection
keep-alive
Keep-Alive
timeout=5
holder.js
i.holder.com.ua/t/
9 KB
4 KB
Script
General
Full URL
https://i.holder.com.ua/t/holder.js
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
91.198.36.26 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software
nginx /
Resource Hash
8fc4de112cb05f02f61d7856ee3b9ca6a8cd68ea5397520120c5183b99bffc17

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:41 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Jul 2017 14:14:15 GMT
Server
nginx
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=5
Expires
Sat, 23 Apr 2022 01:01:41 GMT
integrator.js
adservice.google.pl/adsid/
107 B
799 B
Script
General
Full URL
https://adservice.google.pl/adsid/integrator.js?domain=gordonua.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 23 Apr 2021 01:01:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
553 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=gordonua.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 23 Apr 2021 01:01:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
13 KB
6 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1780748890091853&correlator=1604335953498767&output=ldjh&impl=fifs&eid=31060032%2C31060784%2C31060788%2C31060789%2C31060853%2C31060862%2C31060809%2C31060825%2C31060840&vrg=2021042001&ptt=17&sc=1&sfv=1-0-38&ecs=20210423&iu_parts=96294950%2CGrd-pc_300-250%2C600_sdbar12&enc_prev_ius=%2F0%2F1%2F%2F2&prev_iu_szs=300x600%7C300x250&prev_scp=excl_cat%3DPREPOST&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1554328116&dt=1619139701383&dlt=1619139691602&idt=670&frm=20&biw=1600&bih=1200&oid=3&adxs=1033&adys=1498&adks=5011230&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&vis=1&dmc=8&scr_x=0&scr_y=0&psz=363x52&msz=300x0&ga_vid=626854433.1619139692&ga_sid=1619139701&ga_hid=958326130&ga_fc=false&fws=0&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042001.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
c73ea58630cec9b67ecc7cd4990dbb2a536b482dbb9b3241fea5411151d9b70f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:41 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6496
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://gordonua.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/
0
0
Other
General
Full URL
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/
0
0
Other
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

/
c.idealmedia.io/pv/
0
69 B
Script
General
Full URL
https://c.idealmedia.io/pv/?w=706&h=204&cols=4&pv=5&cbuster=1619139701402195964026&uniqId=04018&niet=4g&nisd=false&ref=&cxurl=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&lu=https%3A%2F%2Fgordonua.com%2Fnews%2Fworldnews%2Fstoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html&pageView=1&site=465757&pvid=178fc3f2a9a988b2682&implVersion=11&dpr=1
Requested by
Host: jsc.idealmedia.io
URL: https://jsc.idealmedia.io/g/o/gordonua.com.727300.js?t=20213231
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.199.73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id
099dd842c60000c83336027000000001
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6443297e0caac833-AMS
date
Fri, 23 Apr 2021 01:01:41 GMT
content-length
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
s
h.holder.com.ua/
0
126 B
Script
General
Full URL
https://h.holder.com.ua/s?ta&b6082&c1&r31879187&dholder_300x600_82&hhttps%3A//gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Requested by
Host: gordonua.com
URL: https://gordonua.com/pub/30bef0f23f1e8ae577422b43ba8112bc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
91.198.36.35 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:41 GMT
Server
nginx
Connection
keep-alive
Keep-Alive
timeout=5
container.html
91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 49C1
6 KB
3 KB
Document
General
Full URL
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042001.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-38/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://gordonua.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://gordonua.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
3108
date
Fri, 23 Apr 2021 01:01:41 GMT
expires
Sat, 23 Apr 2022 01:01:41 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/
73 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4956137c69656045c048a157aaa84859657bbc7744019d26cce6b5bded84cc49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1619017352525402"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28270
x-xss-protection
0
expires
Fri, 23 Apr 2021 01:01:41 GMT
sodar
pagead2.googlesyndication.com/getconfig/
9 KB
7 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021042001&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
92162f728f8f20e9ae2d792dd05c53f391da1c61553714981304fa957a7d4449
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 23 Apr 2021 01:01:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6949
x-xss-protection
0
adview
securepubads.g.doubleclick.net/pagead/ Frame 49C1
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CQPrgdRyCYI-QG9WO7_UPza2qgA-RrcW8XN3m7KbuAsCNtwEQASAAYOnkyYXYGoIBF2NhLXB1Yi0xMDcxMzEzNTI5NjQ0MDIyyAEJqQJ1yGN9j6yFPuACAKgDAaoEsQJP0FSgXHXYAE-ppGL08R6S7P31MK0IKQQzPKRZWzCtPEUdwMwr1iT5XqVQbG560KJB3nov-y5qClQmx3aaAmqvEm8rMlbvFWCLfHL6n859XYnnpgEBpVrPmKhAWYSNmdh28y3xDPz6czMRV96bqZreElThaTtXSD8r6EuOAy2OPrOHVyXc_4Fw8jPHzXubhrMk2TJynjetAshKAWG5RhPpe643bfRz6eEnRKnmt3bx8Qk-1OImou-769-vXuzgym-4ktqisKsV-ApLMDBoE8kwv5Ow0_jb8cfayBdx4dG7ZZkr7D75VppvSkel3KW7YJgjBEY-z1a3d6SPLF4hopPheBD0n9UXPPErRMokd3ZAL6ByxvT0ELsnjmD_7tv3ExOauE4ta8w9krnpc7cutG2pUOAEAYAG-YOz9NuOuNhwoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGAoWEhRwdWItMTA3MTMxMzUyOTY0NDAyMg&sigh=QlvheVyZuug
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
/
Resource Hash

Request headers

Referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

/
track.adform.net/adfscript/ Frame 49C1
2 KB
2 KB
Script
General
Full URL
https://track.adform.net/adfscript/?bn=45192071;rtbwp=YIIcdQAGyA8Iu8dVAAqWzRGzLLLNP6FdcajEYQ;rtbdata=213YhU2VLU2upwoQxDYWT0JZGQewthieQLxvsEHVkvh80Po-m5BCWQ6lzVbaIVSCCKPJRocpxzelYa1Bt3SBp8OkgzyTMb-TFHaH2kns0xx5kKhk1rOH3jIH60BiaLr4BC28Rk9No40zilvyKu3bB5PMQNnqU12sK3nzj7ufZf_Jh3zzzjfITwJqoTOpbOPpWxCukYZqyyicjwRO4eW8B4dQcdJktBlLj1A0hrmL_6CmdQZeSy6aVf5-RrK7aVZskZCC3KBl8cqApqGXz_1HBfnHlnaNDLlGCmrNwH9veAo0iyyBEtE8HZKDe79dJ6FZW3qBGJ7wkcWhpaLISYABjX-1ztReH1XSubpR7v_PmyLG5NtaE8z_tNXoyxn2WjLaZRpjc8HfoVaTmHYsPu6VTt4tyJRg3zUUabB0AxNUQR6zTlLOTnqMFSKRNWKSWrgQbnupuZhE8sDWaUjPx3SqVw2;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CJ7nGdRyCYI-QG9WO7_UPza2qgA-RrcW8XN3m7KbuAsCNtwEQASAAYOnkyYXYGoIBF2NhLXB1Yi0xMDcxMzEzNTI5NjQ0MDIyyAEJqQJ1yGN9j6yFPuACAKgDAaoEtAJP0FSgXHXYAE-ppGL08R6S7P31MK0IKQQzPKRZWzCtPEUdwMwr1iT5XqVQbG560KJB3nov-y5qClQmx3aaAmqvEm8rMlbvFWCLfHL6n859XYnnpgEBpVrPmKhAWYSNmdh28y3xDPz6czMRV96bqZreElThaTtXSD8r6EuOAy2OPrOHVyXc_4Fw8jPHzXubhrMk2TJynjetAshKAWG5RhPpe643bfRz6eEnRKnmt3bx8Qk-1OImou-769-vXuzgym-4ktqisKsV-ApLMDBoE8kwv5Ow0_jb8cfayBdx4dG7ZZkr7D75VppvSkel3KW7YJgjBEY-z1a3d6SPLF4hopPheBD0n9UXPPErRMokd3ZAL6ByxvT0ELsnjmD_7tv3E1GYtdznzkpJKj-m6EtoK7m_RMzrpOAEAYAG-YOz9NuOuNhwoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ&num=1&sig=AOD64_0Ym3eui-rlsasmqmenF9j7E80DXw&client=ca-pub-1071313529644022&adurl=
Requested by
Host: 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
URL: https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
88f3eb06d19d178fcc56b6f239a67d38e0decdc030c0f24819086cf2c476a7d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:41 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
1936
expires
-1
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/ Frame 49C1
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/window_focus_fy2019.js
Requested by
Host: 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
URL: https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 00:38:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1371
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1303
x-xss-protection
0
server
cafe
etag
14729628269804859526
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 07 May 2021 00:38:50 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 49C1
116 KB
35 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
URL: https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dc015126841eaa9b1b79ee123e13d7d07ad7fe77f22366b05c480eff59a7a25e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1619017370605640"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36032
x-xss-protection
0
expires
Fri, 23 Apr 2021 01:01:41 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/ Frame 49C1
13 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
URL: https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
77b1239f60afc374166c593a8591105b705fe4fbe70d95fe2149160b84e7ff9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 00:45:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
957
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5606
x-xss-protection
0
server
cafe
etag
18162876464550245940
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 07 May 2021 00:45:44 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 49C1
22 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js
Requested by
Host: 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
URL: https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 22 Apr 2021 10:15:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
53145
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7022
x-xss-protection
0
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 22 Apr 2022 10:15:56 GMT
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042001.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1616005470650935"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Fri, 23 Apr 2021 01:01:41 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 0ECD
12 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/222/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://gordonua.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://gordonua.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
5022
date
Fri, 23 Apr 2021 01:00:40 GMT
expires
Sat, 23 Apr 2022 01:00:40 GMT
last-modified
Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
61
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bootstrap.js
s1.adform.net/stoat/622/s1.adform.net/ Frame 49C1
35 KB
16 KB
Script
General
Full URL
https://s1.adform.net/stoat/622/s1.adform.net/bootstrap.js
Requested by
Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=45192071;rtbwp=YIIcdQAGyA8Iu8dVAAqWzRGzLLLNP6FdcajEYQ;rtbdata=213YhU2VLU2upwoQxDYWT0JZGQewthieQLxvsEHVkvh80Po-m5BCWQ6lzVbaIVSCCKPJRocpxzelYa1Bt3SBp8OkgzyTMb-TFHaH2kns0xx5kKhk1rOH3jIH60BiaLr4BC28Rk9No40zilvyKu3bB5PMQNnqU12sK3nzj7ufZf_Jh3zzzjfITwJqoTOpbOPpWxCukYZqyyicjwRO4eW8B4dQcdJktBlLj1A0hrmL_6CmdQZeSy6aVf5-RrK7aVZskZCC3KBl8cqApqGXz_1HBfnHlnaNDLlGCmrNwH9veAo0iyyBEtE8HZKDe79dJ6FZW3qBGJ7wkcWhpaLISYABjX-1ztReH1XSubpR7v_PmyLG5NtaE8z_tNXoyxn2WjLaZRpjc8HfoVaTmHYsPu6VTt4tyJRg3zUUabB0AxNUQR6zTlLOTnqMFSKRNWKSWrgQbnupuZhE8sDWaUjPx3SqVw2;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CJ7nGdRyCYI-QG9WO7_UPza2qgA-RrcW8XN3m7KbuAsCNtwEQASAAYOnkyYXYGoIBF2NhLXB1Yi0xMDcxMzEzNTI5NjQ0MDIyyAEJqQJ1yGN9j6yFPuACAKgDAaoEtAJP0FSgXHXYAE-ppGL08R6S7P31MK0IKQQzPKRZWzCtPEUdwMwr1iT5XqVQbG560KJB3nov-y5qClQmx3aaAmqvEm8rMlbvFWCLfHL6n859XYnnpgEBpVrPmKhAWYSNmdh28y3xDPz6czMRV96bqZreElThaTtXSD8r6EuOAy2OPrOHVyXc_4Fw8jPHzXubhrMk2TJynjetAshKAWG5RhPpe643bfRz6eEnRKnmt3bx8Qk-1OImou-769-vXuzgym-4ktqisKsV-ApLMDBoE8kwv5Ow0_jb8cfayBdx4dG7ZZkr7D75VppvSkel3KW7YJgjBEY-z1a3d6SPLF4hopPheBD0n9UXPPErRMokd3ZAL6ByxvT0ELsnjmD_7tv3E1GYtdznzkpJKj-m6EtoK7m_RMzrpOAEAYAG-YOz9NuOuNhwoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ&num=1&sig=AOD64_0Ym3eui-rlsasmqmenF9j7E80DXw&client=ca-pub-1071313529644022&adurl=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
2a7a5a103d7d2d395f95fabbcbce1e975df8fee2226795a2a9880d99a3cf6cbe

Request headers

Referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:41 GMT
content-encoding
gzip
last-modified
Fri, 09 Apr 2021 09:15:30 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Sat, 24 Apr 2021 04:11:31 GMT
wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js
pagead2.googlesyndication.com/bg/ Frame 0ECD
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
sffe /
Resource Hash
c24a517cf3dc453e6046e54ec1f6944bd762da6fc68447fcfa84c374723bbb09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 22 Apr 2021 21:01:31 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Thu, 08 Apr 2021 09:18:00 GMT
server
sffe
age
14410
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5710
x-xss-protection
0
expires
Fri, 22 Apr 2022 21:01:31 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
265 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021042001&jk=1780748890091853&bg=!NjWlNXHNAAZUuIlwVLg7ACkAdvg8WkSlX3i9koVmlMaGw_Xoz4NV5Y1DHJ-POi_GJ7tjkdfNdj2n7AIAAABnUgAAAA1oAQcKAHSn5cksAf77bHCkyz7C4g2-wqfaz7DNDzUvVMrvWc1MSCyNFdnDLWY1lzeDenxTRDfMGJTFkHoAfyYV51Ry_Sy4UeVPRbn3NVNwLKQKdr_so98Ndffdi0c0b5ZHAOxQ4lwCFsGHVBPMaiy6kYXmhUBYp96ejJkCG-8UsQvfINjltbfAHPgTz5YPv-og0r5edFvGmnL_da5Y5sWUtV0CTkvkkIrDMv72Sm4GUldLdKwIvZ0fUivtjkCkqhcqUj4WouYC0xjt1m0AB8DkxeCFD7k9rj6klmEO3NkklnNNRr1h6w1qVkFh9w4A1qbm7ImgWtsze3BBKWW9aJmKwUpbCEU49HQ5aQpgyPLCC7MHtMLQpbJe-FFuRVI0t6Pcehxee4YAGRT6KOygBUlgP654M9D4qX7HGS9ANzxsH02ED7pWdtXxt4oViRJAvjek5Jf-uQRPJTPeqfVi0exDA5lf94lwRVXUrUGtBSRIf5bUWUKFebxJ-hvAM-G4O4YvuZZqQZeFgcz1MhtcSDUXFAJKvjappT14WnRe5XPBiU78WmHUYfCQVRV5o2O1zIY1S0cTcC_FIfRGgvRhPkh2iFY6V3_jBUkeyVTMwWDjbwqiVmeJ8nvvnOxzzTNn6XOj58Y_jzgf19iRCbI79OY-AqOMan9G77SxkJZKuLesxDi9M4ldi6dkNkZHD0c_kg74MSpr8zLOH-n3Ilbw5GZeyfmYlpNMR768Rz79U3OUfgxpy3DWl4xaDdsXd4Aasjh3iqg2kzGX5Ctjk0iruSDSA5Vz50RKFGKXvW6CmsX83oKaN5-dW9kLR4trSgXIuws7wTT1yQIE-iw4YlvdVgGQ-EHwl86iJq0qlVJJ5y5wxZHKj5LCXjrd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
track.adform.net/adfserve/ Frame 49C1
Redirect Chain
  • https://track.adform.net/adfserve/?bn=45192071;rtbwp=YIIcdQAGyA8Iu8dVAAqWzRGzLLLNP6FdcajEYQ;rtbdata=213YhU2VLU2upwoQxDYWT0JZGQewthieQLxvsEHVkvh80Po-m5BCWQ6lzVbaIVSCCKPJRocpxzelYa1Bt3SBp8OkgzyTMb-TF...
  • https://track.adform.net/adfserve/?CC=1&bn=45192071;rtbwp=YIIcdQAGyA8Iu8dVAAqWzRGzLLLNP6FdcajEYQ;rtbdata=213YhU2VLU2upwoQxDYWT0JZGQewthieQLxvsEHVkvh80Po-m5BCWQ6lzVbaIVSCCKPJRocpxzelYa1Bt3SBp8OkgzyT...
8 KB
4 KB
Script
General
Full URL
https://track.adform.net/adfserve/?CC=1&bn=45192071;rtbwp=YIIcdQAGyA8Iu8dVAAqWzRGzLLLNP6FdcajEYQ;rtbdata=213YhU2VLU2upwoQxDYWT0JZGQewthieQLxvsEHVkvh80Po-m5BCWQ6lzVbaIVSCCKPJRocpxzelYa1Bt3SBp8OkgzyTMb-TFHaH2kns0xx5kKhk1rOH3jIH60BiaLr4BC28Rk9No40zilvyKu3bB5PMQNnqU12sK3nzj7ufZf_Jh3zzzjfITwJqoTOpbOPpWxCukYZqyyicjwRO4eW8B4dQcdJktBlLj1A0hrmL_6CmdQZeSy6aVf5-RrK7aVZskZCC3KBl8cqApqGXz_1HBfnHlnaNDLlGCmrNwH9veAo0iyyBEtE8HZKDe79dJ6FZW3qBGJ7wkcWhpaLISYABjX-1ztReH1XSubpR7v_PmyLG5NtaE8z_tNXoyxn2WjLaZRpjc8HfoVaTmHYsPu6VTt4tyJRg3zUUabB0AxNUQR6zTlLOTnqMFSKRNWKSWrgQbnupuZhE8sDWaUjPx3SqVw2;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CJ7nGdRyCYI-QG9WO7_UPza2qgA-RrcW8XN3m7KbuAsCNtwEQASAAYOnkyYXYGoIBF2NhLXB1Yi0xMDcxMzEzNTI5NjQ0MDIyyAEJqQJ1yGN9j6yFPuACAKgDAaoEtAJP0FSgXHXYAE-ppGL08R6S7P31MK0IKQQzPKRZWzCtPEUdwMwr1iT5XqVQbG560KJB3nov-y5qClQmx3aaAmqvEm8rMlbvFWCLfHL6n859XYnnpgEBpVrPmKhAWYSNmdh28y3xDPz6czMRV96bqZreElThaTtXSD8r6EuOAy2OPrOHVyXc_4Fw8jPHzXubhrMk2TJynjetAshKAWG5RhPpe643bfRz6eEnRKnmt3bx8Qk-1OImou-769-vXuzgym-4ktqisKsV-ApLMDBoE8kwv5Ow0_jb8cfayBdx4dG7ZZkr7D75VppvSkel3KW7YJgjBEY-z1a3d6SPLF4hopPheBD0n9UXPPErRMokd3ZAL6ByxvT0ELsnjmD_7tv3E1GYtdznzkpJKj-m6EtoK7m_RMzrpOAEAYAG-YOz9NuOuNhwoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ&num=1&sig=AOD64_0Ym3eui-rlsasmqmenF9j7E80DXw&client=ca-pub-1071313529644022&adurl=;js=1;adfxid=1x;7911;set=en-US|en-US|1600X1200|0|300|600|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fgordonua.com
Requested by
Host: 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
URL: https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
a5e71552eb7c6da006430d6c48da4f4e8b5232bed3a70d502a11eff62e17591a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:41 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
3455
expires
-1

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:41 GMT
server
nginx
location
https://track.adform.net/adfserve/?CC=1&bn=45192071;rtbwp=YIIcdQAGyA8Iu8dVAAqWzRGzLLLNP6FdcajEYQ;rtbdata=213YhU2VLU2upwoQxDYWT0JZGQewthieQLxvsEHVkvh80Po-m5BCWQ6lzVbaIVSCCKPJRocpxzelYa1Bt3SBp8OkgzyTMb-TFHaH2kns0xx5kKhk1rOH3jIH60BiaLr4BC28Rk9No40zilvyKu3bB5PMQNnqU12sK3nzj7ufZf_Jh3zzzjfITwJqoTOpbOPpWxCukYZqyyicjwRO4eW8B4dQcdJktBlLj1A0hrmL_6CmdQZeSy6aVf5-RrK7aVZskZCC3KBl8cqApqGXz_1HBfnHlnaNDLlGCmrNwH9veAo0iyyBEtE8HZKDe79dJ6FZW3qBGJ7wkcWhpaLISYABjX-1ztReH1XSubpR7v_PmyLG5NtaE8z_tNXoyxn2WjLaZRpjc8HfoVaTmHYsPu6VTt4tyJRg3zUUabB0AxNUQR6zTlLOTnqMFSKRNWKSWrgQbnupuZhE8sDWaUjPx3SqVw2;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CJ7nGdRyCYI-QG9WO7_UPza2qgA-RrcW8XN3m7KbuAsCNtwEQASAAYOnkyYXYGoIBF2NhLXB1Yi0xMDcxMzEzNTI5NjQ0MDIyyAEJqQJ1yGN9j6yFPuACAKgDAaoEtAJP0FSgXHXYAE-ppGL08R6S7P31MK0IKQQzPKRZWzCtPEUdwMwr1iT5XqVQbG560KJB3nov-y5qClQmx3aaAmqvEm8rMlbvFWCLfHL6n859XYnnpgEBpVrPmKhAWYSNmdh28y3xDPz6czMRV96bqZreElThaTtXSD8r6EuOAy2OPrOHVyXc_4Fw8jPHzXubhrMk2TJynjetAshKAWG5RhPpe643bfRz6eEnRKnmt3bx8Qk-1OImou-769-vXuzgym-4ktqisKsV-ApLMDBoE8kwv5Ow0_jb8cfayBdx4dG7ZZkr7D75VppvSkel3KW7YJgjBEY-z1a3d6SPLF4hopPheBD0n9UXPPErRMokd3ZAL6ByxvT0ELsnjmD_7tv3E1GYtdznzkpJKj-m6EtoK7m_RMzrpOAEAYAG-YOz9NuOuNhwoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ&num=1&sig=AOD64_0Ym3eui-rlsasmqmenF9j7E80DXw&client=ca-pub-1071313529644022&adurl=;js=1;adfxid=1x;7911;set=en-US|en-US|1600X1200|0|300|600|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fgordonua.com
strict-transport-security
max-age=31536000; includeSubDomains
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
text/html; charset=utf-8
expires
-1
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 5CFB
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
URL: https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
pagead2.googlesyndication.com
:scheme
https
:path
/pagead/s/cookie_push_onload.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Thu, 22 Apr 2021 06:38:34 GMT
expires
Fri, 23 Apr 2021 06:38:34 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
cache-control
public, max-age=86400
age
66188
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 49C1
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fcdef0b734182817831c5a65f1eef473813ce89c96c7123dccf6dcc1db73d3e6

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
dpixel
cms.quantserve.com/ Frame 5CFB
35 B
463 B
Image
General
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEdXiqy1Ub0BYQduZI7VkEg&google_cver=1&google_push=AQvitULDtoUqU-O44UDR9tZZN7cWgwpS57NP_8j5BFKfeQSzaHJlmv1MeZh3RQAOjZKXnrhRpOzeNPeub1-qXO6vu3Y7nSNElxz4
Requested by
Host: 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
URL: https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:42 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 5CFB
Redirect Chain
  • https://d.agkn.com/pixel/2175/?google_gid=CAESEEUjGGGkoKiKMAH8--QGHlg&google_cver=1&google_push=AQvitUJhevIa8rJIO5kXA4KTZMOk5qFinyDUh5cD_Yy9Cik3sqERPJePXl79DV5fbL-lCrLxFY3EHqrwObyh72pNRP-WjtMQreA
  • https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJhevIa8rJIO5kXA4KTZMOk5qFinyDUh5cD_Yy9Cik3sqERPJePXl79DV5fbL-lCrLxFY3EHqrwObyh72pNRP-WjtMQreA&google_hm=Q0FFU0VFVWpHR0drb0tpS0...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJhevIa8rJIO5kXA4KTZMOk5qFinyDUh5cD_Yy9Cik3sqERPJePXl79DV5fbL-lCrLxFY3EHqrwObyh72pNRP-WjtMQreA&google_hm=Q0FFU0VFVWpHR0drb0tpS01BSDgtLVFHSGxn
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:42 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 23 Apr 2021 01:01:41 GMT
Server
Apache-Coyote/1.1
P3P
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJhevIa8rJIO5kXA4KTZMOk5qFinyDUh5cD_Yy9Cik3sqERPJePXl79DV5fbL-lCrLxFY3EHqrwObyh72pNRP-WjtMQreA&google_hm=Q0FFU0VFVWpHR0drb0tpS01BSDgtLVFHSGxn
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 5CFB
Redirect Chain
  • https://rtb.openx.net/sync/dds?google_gid=CAESEHI-nXnl0nyxS19vp8WboKU&google_cver=1&google_push=AQvitUJ9sgFy6FnDwETM3OhUtBlJzCE3_Yh7SNvk-6fIky05TR-ppIT6nMm6ZzRus1NJoSawrD1JR-3KikBdvBQ-a_OGgaS7ufCa
  • https://rtb.openx.net/sync/dds?google_gid=CAESEHI-nXnl0nyxS19vp8WboKU&google_cver=1&google_push=AQvitUJ9sgFy6FnDwETM3OhUtBlJzCE3_Yh7SNvk-6fIky05TR-ppIT6nMm6ZzRus1NJoSawrD1JR-3KikBdvBQ-a_OGgaS7ufCa&...
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ9sgFy6FnDwETM3OhUtBlJzCE3_Yh7SNvk-6fIky05TR-ppIT6nMm6ZzRus1NJoSawrD1JR-3KikBdvBQ-a_OGgaS7ufCa&google_hm=ROrkzcFBz0YgNhjDwLrovQ==
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ9sgFy6FnDwETM3OhUtBlJzCE3_Yh7SNvk-6fIky05TR-ppIT6nMm6ZzRus1NJoSawrD1JR-3KikBdvBQ-a_OGgaS7ufCa&google_hm=ROrkzcFBz0YgNhjDwLrovQ=...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ9sgFy6FnDwETM3OhUtBlJzCE3_Yh7SNvk-6fIky05TR-ppIT6nMm6ZzRus1NJoSawrD1JR-3KikBdvBQ-a_OGgaS7ufCa&google_hm=ROrkzcFBz0YgNhjDwLrovQ==&google_tc=
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:42 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:42 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ9sgFy6FnDwETM3OhUtBlJzCE3_Yh7SNvk-6fIky05TR-ppIT6nMm6ZzRus1NJoSawrD1JR-3KikBdvBQ-a_OGgaS7ufCa&google_hm=ROrkzcFBz0YgNhjDwLrovQ==&google_tc=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
418
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 5CFB
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=mlQR1gXKSbid00xpXWBHYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=mlQR1gXKSbid00xpXWBHYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=mlQR1gXKSbid00xpXWBHYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUIhTyO5kjHOg_4qmwWG-zEVa05CQKIi_qhG_J8iqKbxL2d_wYxx96H6K-KTc0DsMc5xWkcgQ80XwWn3Btgdh7P2gsdWGLDo&google_tc=
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:42 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:42 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=mlQR1gXKSbid00xpXWBHYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUIhTyO5kjHOg_4qmwWG-zEVa05CQKIi_qhG_J8iqKbxL2d_wYxx96H6K-KTc0DsMc5xWkcgQ80XwWn3Btgdh7P2gsdWGLDo&google_tc=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
651
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 5CFB
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAUo4IVC7HdVEom1n0Zu5kI&google_cver=1&google_push=AQvitUJPBNlI6PcAgp10KrqNX9j6zGdnLlCQVogSCz1cf58n7c1iEATy0UbN6tVVZ3-87nOSuzs...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05UTFoxWkotMU4tNEdUMg==&google_push=AQvitUJPBNlI6PcAgp10KrqNX9j6zGdnLlCQVogSCz1cf58n7c1iEATy0UbN6tVVZ3-87nOSuzskc3mghWPTLeSnr4Ln2xLmrEjK
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05UTFoxWkotMU4tNEdUMg==&google_push=AQvitUJPBNlI6PcAgp10KrqNX9j6zGdnLlCQVogSCz1cf58n7c1iEATy0UbN6tVVZ3-87nOSuzskc3mghWPTLeSnr4Ln2xLmrEjK
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:42 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05UTFoxWkotMU4tNEdUMg==&google_push=AQvitUJPBNlI6PcAgp10KrqNX9j6zGdnLlCQVogSCz1cf58n7c1iEATy0UbN6tVVZ3-87nOSuzskc3mghWPTLeSnr4Ln2xLmrEjK
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
pixel
cm.g.doubleclick.net/ Frame 5CFB
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEP4MnDS1LbaZWsuVyliLARo&google_cver=1&googl...
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEP4MnDS1LbaZWsuVyliLARo&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIIcdjfdhTHhBEefMVrbGQAABFoAAAAB&google_gid=CAESEP4MnDS1LbaZWsuVyliLARo&google_cver=1&google_push=AQvitUIA6Ilo7RqDnq8j-Qs6hlMY9eEbheQFL...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIIcdjfdhTHhBEefMVrbGQAABFoAAAAB&google_gid=CAESEP4MnDS1LbaZWsuVyliLARo&google_cver=1&google_push=AQvitUIA6Ilo7RqDnq8j-Qs6hlMY9eEbheQFL...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIIcdjfdhTHhBEefMVrbGQAABFoAAAAB&google_gid=CAESEP4MnDS1LbaZWsuVyliLARo&google_cver=1&google_push=AQvitUIA6Ilo7RqDnq8j-Qs6hlMY9eEbheQFL3SLCLLju95vir_ekBylwuMFBBKYT7AIDSQg8fn_BZEXoZ44hjLC6lazw9SloQdd&google_tc=
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:42 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:42 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIIcdjfdhTHhBEefMVrbGQAABFoAAAAB&google_gid=CAESEP4MnDS1LbaZWsuVyliLARo&google_cver=1&google_push=AQvitUIA6Ilo7RqDnq8j-Qs6hlMY9eEbheQFL3SLCLLju95vir_ekBylwuMFBBKYT7AIDSQg8fn_BZEXoZ44hjLC6lazw9SloQdd&google_tc=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
488
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
trk
ag.innovid.com/ Frame 5CFB
43 B
295 B
Image
General
Full URL
https://ag.innovid.com/trk?tid=11711&google_gid=CAESEGF_LbrUJGfTci2wJQYUbZc&google_cver=1&google_push=AQvitULiZuZCJFFf12wT08-8peMFtqFqWp-MPuNwqg2KtrStTPNObTj-1nJrcgcagZChkSfm_GNhsfaNkU5DbG3cReeoz_t3AbM
Requested by
Host: 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
URL: https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d01c:1d8:8102:5642:8a73:6264:9a1f London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:42 GMT
cache-control
no-cache
content-type
image/gif
content-length
43
request-time
1
expires
-1
attr
cm.g.doubleclick.net/pixel/ Frame 5CFB
0
59 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J-SIiq3xjQ_EK3hMrHFXDh4hxxQeS2eudjHJMT-02Ej6gevwLJIRsvTo_Mr6L_T_r9zQzu
Requested by
Host: 91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
URL: https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:42 GMT
server
HTTP server (unknown)
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
Standard
s1.adform.net/stoat/622/s1.adform.net/load/v/0.0.204/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame 49C1
85 KB
36 KB
Script
General
Full URL
https://s1.adform.net/stoat/622/s1.adform.net/load/v/0.0.204/e/igSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/622/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
9bb78f632f67780c00b07e1164aec256155ae77de114a65df8dd39f8088cd83c

Request headers

Referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:42 GMT
content-encoding
gzip
last-modified
Fri, 09 Apr 2021 09:15:30 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Sat, 24 Apr 2021 04:39:43 GMT
/
track.adform.net/csimpr/ Frame 49C1
35 B
502 B
Ping
General
Full URL
https://track.adform.net/csimpr/?bn=45192071&csi=gXg3sGHnwpV5LVbQWkCVGfqXpRrBJ-0lUx7JVW9gBDXrygPkIxxfk3d_9NXGnmpwZyopE5xpFcCQ8v1jVicP4GQBbo50IEXs0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/622/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:42 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
44370711.jpg
s1.adform.net/Banners/44370711/ Frame 49C1
52 KB
52 KB
Image
General
Full URL
https://s1.adform.net/Banners/44370711/44370711.jpg?bv=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
1a0dd2c0270430bc55a8159c0799d65de8085f7206273ecb70c4ddacd21c5e8d
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 01:01:42 GMT
last-modified
Wed, 07 Apr 2021 06:15:16 GMT
server
nginx
etag
"606d4df4-cf67"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
53095
collect
www.google-analytics.com/
35 B
442 B
XHR
General
Full URL
https://www.google-analytics.com/collect
Requested by
Host: phoenix-widget.com
URL: https://phoenix-widget.com/static/js/jsonp_v3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:42 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://gordonua.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
607e86a2eb6cffb06b75e0b8.jpg
img.phoenix-widget.com/w/420x236,fit/b/
93 KB
93 KB
Image
General
Full URL
https://img.phoenix-widget.com/w/420x236,fit/b/607e86a2eb6cffb06b75e0b8.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
178.62.226.6 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
c032c4c5dab1da4e707c49fbf81f3aeb40e71be4935a1fb57ab64845f568fa6e

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:42 GMT
Etag
108329-91977e7231e26e9b16ea73f0a660d739e6c51c79
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000, public, no-transform
Connection
keep-alive
Content-Length
94970
Expires
Sun, 23 May 2021 01:01:42 GMT
6042bd0d6944cd6306c33c4f.jpg
img.phoenix-widget.com/w/420x236,fit/b/
37 KB
37 KB
Image
General
Full URL
https://img.phoenix-widget.com/w/420x236,fit/b/6042bd0d6944cd6306c33c4f.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
178.62.226.6 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
a6d09aca4cb71fdea427eb3f2804890dda58cbe851f6d9af6cda0575ac2067bb

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:42 GMT
Etag
48260-0a8efbff58388564f5934e441168337c09ece492
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000, public, no-transform
Connection
keep-alive
Content-Length
37945
Expires
Sun, 23 May 2021 01:01:42 GMT
6048b00d6944cd6306c33e44.jpg
img.phoenix-widget.com/w/420x236,fit/b/
26 KB
27 KB
Image
General
Full URL
https://img.phoenix-widget.com/w/420x236,fit/b/6048b00d6944cd6306c33e44.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
178.62.226.6 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
75360b2d8243f499d3d7c5c830d80927d702882e22fca2baf504b86b64a2e865

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:42 GMT
Etag
69218-9f717ccb76382a5f4ba3e22a2a1c4ef563d3a193
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000, public, no-transform
Connection
keep-alive
Content-Length
26874
Expires
Sun, 23 May 2021 01:01:42 GMT
watermark.png
phoenix-widget.com/static/img/
4 KB
5 KB
Image
General
Full URL
https://phoenix-widget.com/static/img/watermark.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
188.166.21.205 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
ba21f87c47c0527ddb766ca3357f6ec5dc839caf05de6065a159f55d7d9a65ff

Request headers

Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 01:01:42 GMT
Last-Modified
Sun, 20 Sep 2020 16:23:36 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"5f678208-118e"
Content-Type
image/png
Cache-Control
max-age=315360000, public, no-transform
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4494
Expires
Thu, 31 Dec 2037 23:55:55 GMT
mUdRVCMHGKUBOACHGTH1g-vvDin1pK8aKteLpeZ5c0A.woff
fonts.gstatic.com/s/roboto/v15/
19 KB
19 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v15/mUdRVCMHGKUBOACHGTH1g-vvDin1pK8aKteLpeZ5c0A.woff
Requested by
Host: gordonua.com
URL: https://gordonua.com/news/worldnews/stoltenberg-nam-pridetsya-imet-delo-s-eshche-bolshim-naporom-so-storony-rossii-860241.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1372ebaa0d371c6cbe8624b176d4ffbfc224abe9e3a2f3c6423910768a37d85c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://gordonua.com
Referer
https://gordonua.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 22 Apr 2021 11:06:15 GMT
x-content-type-options
nosniff
last-modified
Wed, 14 Jan 2015 22:48:53 GMT
server
sffe
age
50127
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19684
x-xss-protection
0
expires
Fri, 22 Apr 2022 11:06:15 GMT
/
track.adform.net/serving/unload/ Frame 49C1
35 B
502 B
Ping
General
Full URL
https://track.adform.net/serving/unload/?version=15&unload=2909338731381068421@@45192071,3855729245271816054,0|0|0|0|0|0|0|0|0||0|1|1|60821c7500078e9c08bbe283c7029d77_1|||1|0|0|CQAR4QdJSTBX7EYoWZQhUTpgpUq50p6YrFEPXuQvwLU2Cvexob7svckllzAqADQrA7z_uuw_WOM1|||11|
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/622/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 01:01:47 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1

Verdicts & Comments Add Verdict or Comment

220 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| googletag object| vmpbjs object| vpb string| ua object| dataLayer string| pp_gemius_identifier boolean| login_api object| coreolaBaseSettings object| coreolaBaseFunctions function| updateuserbar string| orl_l1 string| orl_l2 string| orl_l3 string| orl_l4 string| orl_l5 string| orl_l6 string| orl_l7 function| createCookie function| deleteCookie function| getCookie function| updateuserbar_bottom function| BM_Draw number| f string| x object| bmN object| bmD object| bs object| bm object| bmS string| r object| FB function| postscribe object| google_tag_manager_external object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| fbq function| _fbq object| gaplugins object| gaGlobal object| gaData object| ggeac object| google_js_reporting_queue function| vmpbjsChunk object| _pbjsGlobals object| gravitecWebpackJsonp object| BM_STAT object| coreolaPhrases object| swfobject function| corecomments object| coreola function| corevotes function| do_branding function| do_branding_other function| orph_error_on_page function| orph_send_error function| orph_get_selection object| Gravitec function| isVisible function| showVisible function| loginPage_show_error function| loginPage_hide_error function| setCookie function| alax_preload function| fixTopNewsHeight function| cookie_lang function| set_tablet function| full_mobile function| send_to_friend boolean| qday_switcher_int number| current_slide boolean| need_stop boolean| pause_slider function| activate_avatar function| init_qday_switcher function| do_msg_ready function| getRightHe function| compare_right_colums function| compare_main_colums function| set_cubes function| set_project function| set_infograph function| set_fun function| rand function| resize_galleries function| show_letters_blocks function| set_ticker function| set_ticker2 function| hero_letter function| hero_tab function| rowNormalization function| carouselNormalization function| writeFlash function| writeEmbed function| getParameterByName function| set_lightbox function| set_twitter function| change_fb_widget_width function| replace_youtube function| social_subs function| social_view function| change_images_for_retina function| $ function| jQuery object| jQuery18102774499955866352 object| __document_write_ajax_callbacks__ undefined| writeCapture object| __twttrll object| twttr object| __twttr boolean| mCustomScrollbar function| MobileDetect number| H_DEV object| holderPlaces function| holder function| gemius_pending function| gemius_hit function| gemius_event function| pp_gemius_hit function| pp_gemius_event function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing object| gemius_cmpclient object| gemius_hcconn number| pp_gemius_cnt boolean| coreolaStarted number| distance number| time function| sum function| x64Add function| x64Multiply function| x64Rotl function| x64LeftShift function| x64Xor function| x64Fmix function| KFC function| PhoenixWidget object| d object| regeneratorRuntime object| AdSlotCollection object| pbjs325474 boolean| __isGoogleAllowed function| pbjs325474Chunk function| JSEncrypt object| ADAGIO boolean| mgCanLoad727300 boolean| mgFallback727300 boolean| mgShortWidget727300 boolean| mgUseConvertedCode727300 string| mgRootId727300 object| div727300 string| rootDiv727300 string| mgPreloadId727300 object| _mgIntExchangeNews object| IdealmediaInfC727300 function| IdealmediaCContextBlock727300 function| IdealmediaCMainBlock727300 function| IdealmediaCInternalExchangeBlock727300 function| IdealmediaCColorBlock727300 function| IdealmediaCRejectBlock727300 function| IdealmediaCCriteoBlock727300 function| IdealmediaCAmpRenderBlock727300 function| IdealmediaCInternalExchangeLoggerBlock727300 function| IdealmediaCObserverBlock727300 function| IdealmediaCSendDimensionsBlock727300 function| IdealmediaCAntifraudBlock727300 function| IdealmediaCAntifraudStatisticsBlock727300 function| IdealmediaCRtbBlock727300 function| IdealmediaCExternalCountersBlock727300 function| IdealmediaCYandexTurboBlock727300 function| IdealmediaCContentPreviewBlock727300 function| IdealmediaCCountersBlock727300 function| IdealmediaCGradientBlock727300 function| IdealmediaCResponsiveBlock727300 object| onClickExcludes function| mgReject727300 function| mgLoadAds727300_04018 function| IdealmediaCReject727300 function| IdealmediaLoadGoods727300_04018 boolean| mg_loaded_465757_727300 object| googleToken object| googleIMState function| processGoogleToken number| __google_ad_urls_id number| google_unique_id string| _mgCanonicalUri boolean| _mgPageViewEndPoint465757 object| __google_ad_urls boolean| google_osd_loaded boolean| google_onload_fired object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| google_image_requests

10 Cookies

Domain/Path Name / Value
.ih.adscale.de/ Name: tu
Value: 4#3991280590#48~8845b388e7e99284f50cb25d0bc25a4a~449761~0~0#101~BBID-01-02938537005297030-16269048~449761~0~0
.zeotap.com/ Name: zc
Value: 9ed97ee2-06be-4f69-7c0a-5bf8aeb3e90a
.casalemedia.com/ Name: CMRUM3
Value: 9860821c7227605a53e5ea-fffd-439e-9b15-a329e187605f
.casalemedia.com/ Name: CMST
Value: YIIccmCCHHIA
.casalemedia.com/ Name: CMPS
Value: 1178
.casalemedia.com/ Name: CMPRO
Value: 1207
.casalemedia.com/ Name: CMID
Value: YIIccjfdhTHhBEefMVra7wAA
.adscale.de/ Name: cct
Value: 1619139697354
.adscale.de/ Name: uu
Value: 916863b03083444588d9c61ed278c8b0
.gordonua.com/ Name: facebookCounter
Value: 0

6 Console Messages

Source Level URL
Text
console-api warning URL: https://player.adtelligent.com/prebidlink/449761/hb_307359_6809.js(Line 3)
Message:
fun-hooks: referenced 'registerAdserver' but it was never created
console-api error URL: https://player.adtelligent.com/prebidlink/449761/wrapper_hb_307359_6809.js(Line 1)
Message:
localStorage unavailable
console-api log URL: https://a.audrte.com/ptag?p=M1353665098(Line 95)
Message:
200
console-api log URL: https://a.audrte.com/ptag?p=M1353665098(Line 95)
Message:
200
console-api log URL: https://a.audrte.com/ptag?p=M1353665098(Line 95)
Message:
200
console-api log URL: https://a.audrte.com/ptag?p=M1353665098(Line 127)
Message:
arResponse->{"pxcalls":"https://ps.eyeota.net/pixel?pid=kh51m51&t=ajs&uid=0hdjXXCmwLsQnuyRqifs-XbSQ&gdpr=0&gdpr_consent=|https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent=|https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=0hdjXXCmwLsQnuyRqifs-XbSQ&gdpr=0&gdpr_consent="}

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

91d1f585cae44e920249afc08a831389.safeframe.googlesyndication.com
a.audrte.com
aa.agkn.com
aax-eu.amazon-adsystem.com
ads.betweendigital.com
ads.pubmatic.com
ads.us.e-planning.net
adscale-emea.adnxs.com
adservice.google.com
adservice.google.pl
ag.innovid.com
ap.lijit.com
api.phoenix-widget.com
bbnaut.ibillboard.com
bcp.crwdcntrl.net
beacon.krxd.net
bn01.er.bemail.it
c.bigmir.net
c.idealmedia.io
c1.adform.net
cdn.admatic.com.tr
cdn.gravitec.net
cdn.jsdelivr.net
cm.adform.net
cm.adgrx.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
cms.quantserve.com
connect.facebook.net
counter.yadro.ru
creativecdn.com
cs.admanmedia.com
csync.loopme.me
d.agkn.com
dis.criteo.com
dmp.adform.net
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eus.rubiconproject.com
fonts.gstatic.com
gaua.hit.gemius.pl
get.optad360.io
ghb.adtelligent.com
gordonua.com
h.holder.com.ua
i.bigmir.net
i.holder.com.ua
ib.adnxs.com
ic.tynt.com
idsync.frontend.weborama.fr
ih.adscale.de
image6.pubmatic.com
img.phoenix-widget.com
js.adscale.de
js.cookieless-data.com
jsc.idealmedia.io
loadeu.exelator.com
match.adsrvr.org
match.deepintent.com
mwzeom.zeotap.com
nep.advangelists.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
odr.mookie1.com
onetag-sys.com
pagead2.googlesyndication.com
phoenix-widget.com
pixel.mathtag.com
pixel.rubiconproject.com
pixel.sitescout.com
pixel.tapad.com
platform.twitter.com
player.adtelligent.com
pr-bh.ybp.yahoo.com
prebid-match.dotomi.com
ps.eyeota.net
rtb.openx.net
s.adtelligent.com
s.amazon-adsystem.com
s.console.adtarget.com.tr
s.e-planning.net
s1.adform.net
scontent-frt3-1.xx.fbcdn.net
scontent-frx5-1.xx.fbcdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
spl.zeotap.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.xx.fbcdn.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.adtelligent.com
sync.console.adtarget.com.tr
sync.e-planning.net
sync.extend.tv
sync.go.sonobi.com
sync.mathtag.com
sync.quantumdex.io
sync.richaudience.com
sync.targeting.unrulymedia.com
sync.tidaltv.com
syndication.twitter.com
t.trafmag.com
tag.navdmp.com
tags.bluekai.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
tracking.m6r.eu
trc.taboola.com
u-ams02.e-planning.net
ups.analytics.yahoo.com
usermatch.krxd.net
web.facebook.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
104.111.230.142
104.111.237.88
104.16.199.73
104.244.42.136
116.202.172.174
13.224.95.123
151.1.205.165
151.101.114.49
151.101.13.44
154.57.158.51
168.119.149.178
169.197.150.7
172.217.16.130
173.231.180.197
178.128.142.14
178.162.133.149
178.250.2.151
178.62.226.6
18.132.239.61
18.158.173.146
18.200.233.208
18.210.140.68
185.184.8.30
185.29.135.234
185.33.221.11
185.64.190.78
188.166.21.205
188.42.191.196
193.200.65.5
193.239.68.97
193.239.71.100
2.18.233.180
2.18.233.201
2.18.234.21
208.100.17.190
212.82.100.182
213.174.135.1
213.19.147.45
216.58.212.162
23.45.110.176
23.79.143.124
2600:9000:206f:da00:11:a4de:2580:93a1
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700:10::ac43:db6
2606:4700:20::681a:34e
2606:4700::6810:df3
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1288:110:c305::8000
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2001
2a00:1450:4001:810::2008
2a00:1450:4001:810::200e
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:827::2003
2a00:1450:4001:827::200e
2a00:1450:400c:c0c::9b
2a00:f48:2000:1023::3
2a02:fa8:8806:12::1370
2a03:2880:f013:0:face:b00c:0:2
2a03:2880:f013:d:face:b00c:0:3
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f113:81:face:b00c:0:25de
2a04:4e42:1b::621
2a05:d018:24:b002:28a5:2c7e:9fea:57ab
2a05:d01c:1d8:8102:5642:8a73:6264:9a1f
2a0c:5c81:5095:0:225:90ff:fefa:245d
2a0c:5c81:5142::2
3.121.27.153
3.126.56.137
3.221.146.169
34.251.130.56
34.98.67.61
35.201.81.244
35.227.248.159
35.227.252.103
37.157.4.28
37.157.5.72
37.157.6.241
37.252.173.134
46.249.52.248
46.249.52.249
5.178.65.253
51.15.145.115
51.83.188.228
51.89.9.251
52.46.130.13
52.95.124.165
54.170.10.95
54.236.220.178
54.37.238.28
54.76.71.14
54.78.254.47
54.82.140.85
54.93.142.164
62.149.0.72
62.209.227.211
63.33.11.43
66.155.71.25
69.173.144.139
72.251.249.9
85.114.159.93
88.212.201.210
88.214.206.247
89.163.159.103
91.198.36.26
91.198.36.35
01be4a25baf193f4df75e91bc1f2d6352ea7dde1bd265bc7c0c04c0dda636bd8
0532f59575bd5c8d6b12c4aa772150adc01c62db958378b838023cf67f64b7e0
062993fc1958ac05da3d96971e0060b8f21bb85d9686cdacc921a2e8b04ee41c
064c2fbbda6a4badd6bb98c7adf5a182e85da377f2bc7b24dd580f00e9cc0243
0690cb6ef870a7e3a760a2060a1f518a64bbfb90b6666cb28da9b20480cf578b
06b0f91f690a5ddc096187307c63af0de19dc9d61cc95ef686e283c843895bb9
0ae5ed57dc48abbee125d5f915e37110c9f2bb6a95d1aa5ccf3c141f8fe10db3
0ae8f824a144e63b873e47b71b81e273d9342c81f769c12f66f7747954cc10cc
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0d7bb6b38b41fd8d8ca363004edb067c20c332d4d82b8b83d953b6b0011a89c3
0f834eeade60818b80774634d5bf54d69e0280d22c6c1fe449c6e0856c304b14
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12b8ecd4d3c194ac8f2d47620fd3802c1449fc07a39110bebd1e5485e8a91654
1372ebaa0d371c6cbe8624b176d4ffbfc224abe9e3a2f3c6423910768a37d85c
14870671fbcb712491fcd7de340929accc31944179471e3cac13b3093309308f
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
158e32459dc254a767a425b39fe0342c2a68cfa8a451a7e0da9ebe2d94f7332c
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84
18cbfcb608af5885f7916274b60578d32006c90e8fce3d98dbcc89a646707608
194cf1e329dab099f24557fbe278ead8ea378a42a06820c1e0a2d1e48d9ecf84
1a0dd2c0270430bc55a8159c0799d65de8085f7206273ecb70c4ddacd21c5e8d
1a160a8d99111cbd10da1f89bcf32446067fa3b5c25181131b6686165ffc5ef8
1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997
1ed6c1a411d54f52ccb4d9168d9d93f5a84e0c81d2a9b08db398c8ac3a88b396
1f831b1e98a8715a13b39b15b8ed65793238b5fb007b0e5e9708e05da29bb8a0
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223
2088527e36ed6201b7746007c4233095b3b183f0eb851ea410ee2bf3f2b68a6e
227ef254ff22f2c592ef5d3804ee00128a834198102968a5ac33bd51f7164cc1
23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e
23f63ed5d5537417eb7f8db8fbd9f9ac0e01142ae8dbbd84f8c8587516ce8e6d
276067b218a647197ae379e6a43e7d12dfd872d3d1b0c2b43c1cd2ff8a67cd50
2812c4e6fb5db18c9a70640654c4bdb973427c4df56b96ec78bc1da5c6c443cf
29253b8608d4bcaf419169a0e24af1040cbcdc6a2adbbf48c4b41dbc73cf8bc3
2a6f8d095690b29656db62c22c4803ea38fd4bdd332eb4984f06c96d42ee6df4
2a7a5a103d7d2d395f95fabbcbce1e975df8fee2226795a2a9880d99a3cf6cbe
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2af5bfcede521a97bd3de87ff10bbe38742c2f06ac2cde01ca27ce1e84d8b8ea
2c3b262013c9cdc7c7dde3a352334d6ff1061a84990fbad0085c638d64b5a491
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2edf8554db9efd4893b94a10d544946151835133e5367aa5e5ffc0a88cbf23d0
2f252e691e85fed4194e6a1962ada3a81fe82250dfc696499105c0e2dc03f0f6
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
311eff0ed111799efbe48a8317665211be87b60c1d6c09b18ef4b0915cc82f65
319387b97993111493eab2a615d51f204e12127968dccab6b0a67696b24feca0
32c06dcd4e30dd04a2e93b697ad0b67469396ee42d1cd9d6943974a1c6fdfbb0
33ca2658f422931a00b0c1a4d8099fb6eabaadc5e2ee4cef5c04c07b3ee13a56
3422c2a3f20dceba12daf02dee0e1b1df0afc6f58ef0f85a7b08ea40231624eb
3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
39cb1689e9f6759a3585f52e5141691dd875ea9cd6d0a5ced9d9fcf4347a38ad
3b98e9f6b930db3d431b76b27fa39f977e4073f5f03a0cdb0842b777beb6a24d
3e9018c6058c3bbff38679ce6474917dcd208f08afa810b9bcbdbb0288a5760b
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
44bcbddd4c0c2f24f043f19df837cd878ebca38feb04d682606f6cca37f9fef6
44f7e5bcef86ec935780aeb13252dad7d90d7dc55c5956539ab50e471f920a56
464590a4da9d186b32647d5a7d566e954debfc54633ba8efa1fe0751e8255618
46adbd22911cba0cf25a326f69c47026cf379672d58c48d1d1f707a2e1b7c8e6
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4956137c69656045c048a157aaa84859657bbc7744019d26cce6b5bded84cc49
49a0ffc965fd36633ec954826b02b7891fa4d9296f89ca526e95ae5a2a28b165
4be53eb02d94d6c8e44e1c0f764dcbdbf4fe3439f7034300d8139ea1a16e4a20
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f2e5e9d1d2739e14c42952b46afd01b9a39cdd2f0eba2eba2a9c1108411e111
58ed344732766704ee535508e3dcd8d4a8ec0c9c79d16adf02293adde110926c
5c323c95f15e0159c25abd654f142a8a718eb23703f4ada86f54cf3069f2fe58
62b58b017cf4d54dc404dbc48e49b0429cbbb46678a868a95bf17664cc6340fd
641e03dfeee60c05e0794bace5fc58d2fba409fee529a114459e44cee0d9d069
66efeaacbd90eba053bda6c0f17599873a6d2023a9408bd9ad2d414cf9813444
66f6ea721264102027d1fcf579877969615960a85b1800d6138e52f794efafc1
67700f5490adca14d6d29669cc771f52619f7c2123801d63091b9a361d7839bf
6771e820615d43383a1c1323fba4c15afa31caa740912bdfc00306fd1a38d3a1
67cf577c7b90d1e6317d0ecf74906df33ea30167ff007f1eb7a6a9ae5fef6be8
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6876c0c76085cc059275395d9e50b9c9e36a62f6b8960484dbe0eb8da7555bf6
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ea7985b0f1137adfb547252ce348a044937e3d833a8d4176cc354b41decf049
70d687a320109b724d86c33479db68700a86ae5b65898dcc2eb3826c4fd9862f
719311217bf7df41f1d81d55bd37863ccb971ef020d9b620b8a7ce2c79acade8
71c12656535e99119c2a952c10554cd6f47c6923d2d96155a7833276e68992af
7237f9cf9ebbb0d3d59948a1f6c9951f89b9e2cca391c1e1ead79579709ce826
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
732f2d6e7767e7978cf70554aec8f7b40d5d6da4b601e528f136473c1b965c93
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
748ba60b997ec42f4c0953d5cef783634b820581d717790e4e8f445ecbef95fc
75360b2d8243f499d3d7c5c830d80927d702882e22fca2baf504b86b64a2e865
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7
77b1239f60afc374166c593a8591105b705fe4fbe70d95fe2149160b84e7ff9e
78b400b9fd8dc4e2ddff76be1fd7fbd6da9ea6bbcc2e9f2267fc22484d655cd5
792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4
7e125d296c48520a302eb4e5909fefe2c25b7eaf2619403bb8723f348b3b24b6
7e65876481a124dc412ba0112f271f9879e456bddffd0c0a1dee0f53bd1c1cb6
7ecdd326888122c2cad6e885a69ff0e2e80c37dd1e77f8ae1f2d3daaacbbb4e7
8076f0faa827ee270d0726eb09ac6cb73e41661e76684f801b3e3e8079b9da86
82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564
82f26daa47437ac368131c92f96ca0f8fafa7218bbb5eb9b03d5992480f6ed8c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88d32cb380c8accd245e33fae7d1ede15212de9267688c84b0ff7a9c53e956d4
88f3eb06d19d178fcc56b6f239a67d38e0decdc030c0f24819086cf2c476a7d6
8a93db8c53045c079b447fe251c9474feaff9da40b7f46cb1546d122e31494e6
8b38a885932039a3a0c45142b0755bf590fc7785a5cc5fa52fd1f2e62d4b1e8b
8b5cbe512fbb056de7aa42963d3bac7e38adb05e32fbe6f502b4fad3cabf57fc
8be7fbec84ac9b3907541c3ff52b6b0f67e40cf42c8b33492d7a5f82c2b02bc1
8cb00e63cb966ea0388fda3357402ba93e460dbfe82019f9695d895f04d3d40b
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8fc4de112cb05f02f61d7856ee3b9ca6a8cd68ea5397520120c5183b99bffc17
908edfa9f7ec9fd5cb6b2159b5cb305d9c2c88601c8bf00a23bb0e96fcea1e21
90e255c879e169dd534cf2c682d517fcaf28f1a8da9ad250c7e89314b9e6bcc3
91b4eb09154d5ebef46352e922194ec6dbb9547b63f9776ae10133fe1ca66879
92162f728f8f20e9ae2d792dd05c53f391da1c61553714981304fa957a7d4449
95300eddaae507eba362f9b46d2992ed798ec2420c4d71473b9152f58a42e201
95d95840165ea5fc374a27f1cffe88a1b3d033562916ef1071393c9c8adbfe86
96383b51bcbda70efb0250efe0bc9f4b45b29bc7145a87d481ce70e763b2836b
980f545c558861910550fde1b8cea86d3b5f75bcf0394d579d140728609d1394
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9bb25fb7788587d4d6dc12d70e89e7aff8c24dfbda518e8bd8325803f415d21a
9bb78f632f67780c00b07e1164aec256155ae77de114a65df8dd39f8088cd83c
9e51e7c1f2f3bd86cc3e9dcd1ad5403db927f32533f0a8b29bc15f11b40c6376
9f22171d9f7bd894b73fbeaca1d64b9294c98a0ce42ea049cc030030dd141635
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a127af41d27c28c65f968b49a6523c642374f983741f50eb822989c6a78c3111
a1a77755f1456d12630d93a9016e43f6888d2885a7605d5647854e93aef3303c
a2a24025e36c6412ad80bd1b4921e6c4275617fe4e2a4e3fc169d47ffec85458
a2aca9aa200ad3e4dd9afcd27fd2bd5b272a5d297e9f85d708394857ca6a1ffe
a3228982ae921382943773ba11d5a0b0ad662a85f032a0513a54cd92dd461104
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5e71552eb7c6da006430d6c48da4f4e8b5232bed3a70d502a11eff62e17591a
a6d09aca4cb71fdea427eb3f2804890dda58cbe851f6d9af6cda0575ac2067bb
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a851d75df16abf37c2cd891bc58b859efb9e25645252956f68f0a769084a4714
a92acd511742d22210c4a8f8d1d861d9681a95b01380999dbff01dd638f66163
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa6df790f8548776d5936807c15d93aabb87b1c163f9f473822ef3f920c13aab
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abdc135c8cbe3a9f9befb0a4fb49edbd757c734f8b0824bc1024c76a3b6bd2a6
ac4c2d1083556ee3bab8bc188432351b2fc3501b5876791d49153ab08d8180b6
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad0531be570f68b8811738f4b50e4892a348f2739d934db5a6203d296aa42fb3
ae6b7745daadd0d07cbc29710c708c84f5aa72d207531a965b3d39ddfdcc699e
b11dfefef3b7fb7ee82d4c30c1538d24dff79885e2a4ac05ccd48a774721971b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1efea1ea1d5dacd4e53c4d220663ec89ebc5c91f6b99c4d7e8f3a670e901ff4
b59f41ab36784ecf6f5974b18b3f2bf359344c3cc7622563d2a6b35a98ce80b9
b85aaab05f50dec9de1b7e2c1842c59a9be4af4e140b39c958cb20281bf4aa1c
ba21f87c47c0527ddb766ca3357f6ec5dc839caf05de6065a159f55d7d9a65ff
bb3ef6ab003d79d3bf17e045b0af89ede0103b5ba05e4190fefae82dcd9d6799
bbb197f7f98cf972b5c4aebabd4f601853921383d95f53dd5301636c0833b2b4
bca49ab1759bbe305d5e0e01021bf08d4d5f88207d64ae035bb3e7dbd17a21d6
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
bec117b5be8f22e9305be68965e3734a5135357a3ac88cda5814b7069a1c62dc
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c032c4c5dab1da4e707c49fbf81f3aeb40e71be4935a1fb57ab64845f568fa6e
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c24a517cf3dc453e6046e54ec1f6944bd762da6fc68447fcfa84c374723bbb09
c2d8cd3532d6461d616201735330466e6236fbf7c135dc529e39d36314dcd551
c493c4b73a02e6f4f9721d2399cb7f7df85388b68df03ca870836008e6cffa6a
c4c483623e1913743041e04f84f5f3a9b21fa89e5bc224b264781460caf85b69
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c6c43654bfdd0b6c99611d1250bd957c7878941e091ad1eaaaeeab33af892cd4
c73ea58630cec9b67ecc7cd4990dbb2a536b482dbb9b3241fea5411151d9b70f
ca1b2c67389bc419689537ec0a503735171d3eb00a7ef84c80638bd1095c2735
cb5abd05cda617a5cec27543025abf4465e7d7d20bded866af72caafdde816fe
cd459f0c3fb4f48b09fd6c217157f1dfc837aea90733dc4fe1681068ead09df9
cf945ffc193bb3ede4a5471d87cd6072be2328ea13a0db275356dfb88f4189c0
d30778d5445a241a3850a85669468034cc771e17423bb80eb8104b1478d9af16
d99a5d620473b33e0b2948ae3f50f8a7301865375603c3f889035449eeea773a
dc015126841eaa9b1b79ee123e13d7d07ad7fe77f22366b05c480eff59a7a25e
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0a2d2ba1ca07e954274907246fdb700ca78d1c8cd64a109d1baf62ba90b4d57
e0c42d536505d198df6b50209bdf654c7053bfb1a7fb84bb2c54368f49577f2a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a994e500009cb933e447ce21ec78e2fc6a3fd5aec75e94fd8803812fa16c24
e7b935e51df441f3b2fe598580ef0670b0f0ba0324d91fc11712c0caecf932a9
e913d0c8195023fea768aa63161cfe870b077cd360806e3905002e74acc7423e
e95c5849289711d87c1364cd1aec4ecf5cfbb169236ce771b5e9bbfdc58dcc6c
ecde72bc5d9fd5bc5150218535ae8f75ad9161924b91e64b7995c495fc90c246
ed09b1c7b0be0e0fd168e89cf94ed84d9164046a48c2efcfb73ea8c1c33730f1
ed2d993c35cd51826ee304739d91e554bd9faa1b120602fc4b3baa15941a9e35
ed82ed7f1860eed8ad984923a6532f485f28fbf4dfef40661a9f721a0b560298
ee53ada617f2674cbd706e3b24fc6738c7f53f2f7a3a959e71f611aa850dc946
ee8dfb812cc7833bc8b244c704607548b2d8f33eb04eb262836f2071052f67b5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f53c1ad18dab652cc8012f96e7ff386c2fbc96e753932f69c08f7eaae75cfaf8
f5820244a2bb1a21fb966e2a417d1c12f43ad67d33c1275338d1b3d67caad567
f58fb168b5c39052b4aa63d1fcc6c0db683d26323a3b6c0fdf0cd8115a025012
f74c1538f17eb2a7954c9fdb15daaea7a4de98bbf001e185b75b98e47dc89176
f7e1cafb55b6a493c3e316e6b4ee076eee246f14c4887e7944ba5a009b9ef2fe
f8cacb171afeb1d90fb92a35f80f9110210a287be17eba6f3603d9d4a7e4527a
f9a1a0ac26eaf5b7f6cc7223b5dd4b5f545b5a48fb598c7442e5f76384f1be8c
fc025890b2544e23fc6ee0df711326e1b4a38b00849b9e5c914ad074902edec5
fcdef0b734182817831c5a65f1eef473813ce89c96c7123dccf6dcc1db73d3e6
fd0771c77dfdd2175ee8f25e61c6989610ca63bdf8791162dd92aa4e5e5165db