www.buhoblik.org.ua Open in urlscan Pro
2a06:6440:0:2d02::1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://buhoblik.org.ua/
Effective URL:
https://www.buhoblik.org.ua/
Submission: On December 08 via api (December 8th 2022, 2:05:38 am UTC) from GB — Scanned from GB

Summary HTTP 147 Redirects Behaviour Indicators

Summary

This website contacted 32 IPs in 9 countries across 26 domains to perform 147 HTTP transactions. The main IP is 2a06:6440:0:2d02::1, located in Ukraine and belongs to UKRAINE-AS, UA. The main domain is www.buhoblik.org.ua.
TLS certificate: Issued by R3 on December 2nd 2022. Valid for: 3 months.

This is the only time www.buhoblik.org.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 13	2a06:6440:0:2... 2a06:6440:0:2d02::1	200000 (UKRAINE-AS) (UKRAINE-AS)
1 1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
10	2a03:90c0:41:... 2a03:90c0:41:2801::62	199524 (GCORE) (GCORE)
2	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
2	95.216.186.40 95.216.186.40	24940 (HETZNER-AS) (HETZNER-AS)
1	2001:41d0:602... 2001:41d0:602:3b8e::	16276 (OVH) (OVH)
8	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
6	146.0.227.109 146.0.227.109	20773 (GODADDY) (GODADDY)
21	2001:67c:4e8:... 2001:67c:4e8:f004::9	62041 (TELEGRAM) (TELEGRAM)
10	34.111.35.152 34.111.35.152	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
12	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
17	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 3	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
3 3	198.47.127.18 198.47.127.18	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1 1	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1 1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	198.47.127.20 198.47.127.20	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	52.57.192.79 52.57.192.79	16509 (AMAZON-02) (AMAZON-02)
1 1	157.90.167.185 157.90.167.185	24940 (HETZNER-AS) (HETZNER-AS)
1	193.200.65.6 193.200.65.6	6681 (GIVEME-CLOUD) (GIVEME-CLOUD)
2	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4 6	35.181.77.138 35.181.77.138	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a02:2638:1::8 2a02:2638:1::8	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2a02:2638::21 2a02:2638::21	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638::24 2a02:2638::24	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
147	32

13 2a06:6440:0:2d02::1 (Ukraine) 2 redirects

ASN200000 (UKRAINE-AS, UA)

buhoblik.org.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.buhoblik.org.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a03:90c0:41:2801::62 (Frankfurt am Main, Germany)

ASN199524 (GCORE, LU)

cdn.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.216.186.40 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.40.186.216.95.clients.your-server.de

xn--r1a.website	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:41d0:602:3b8e:: (France)

ASN16276 (OVH, FR)

avto-oblik.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 146.0.227.109 (Ascension Island)

ASN20773 (GODADDY, DE)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2001:67c:4e8:f004::9 (Virgin Islands (British))

ASN62041 (TELEGRAM, VG)

telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.111.35.152 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 152.35.111.34.bc.googleusercontent.com

cdn4.telegram-cdn.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.184.8.90 (Amsterdam, Netherlands) 1 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.47.127.18 (United States) 3 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.66 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.20 (United States) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.211.116 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.57.192.79 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-192-79.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.90.167.185 (Wiehl, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.185.167.90.157.clients.your-server.de

bidswitch-eu.splicky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.200.65.6 (Amsterdam, Netherlands)

ASN6681 (GIVEME-CLOUD, PL)
PTR: adforce.team

m.trafmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.181.77.138 (Paris, France) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-181-77-138.eu-west-3.compute.amazonaws.com

cs.mytheresa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mix-phoenix.commander1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638:1::8 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638::21 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::24 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	criteo.net static.criteo.net — Cisco Umbrella Rank: 675 pix.eu.criteo.net — Cisco Umbrella Rank: 7434 csm.eu.criteo.net — Cisco Umbrella Rank: 7693	149 KB
21	telegram.org telegram.org — Cisco Umbrella Rank: 9790	268 KB
21	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 109 tpc.googlesyndication.com — Cisco Umbrella Rank: 144	330 KB
16	admixer.net cdn.admixer.net — Cisco Umbrella Rank: 44098 inv-nets.admixer.net — Cisco Umbrella Rank: 2903	201 KB
13	buhoblik.org.ua 2 redirects buhoblik.org.ua www.buhoblik.org.ua	311 KB
11	criteo.com 1 redirects rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 14766 ads.eu.criteo.com — Cisco Umbrella Rank: 7380 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 9621 bidder.criteo.com — Cisco Umbrella Rank: 763 gum.criteo.com — Cisco Umbrella Rank: 429 mug.criteo.com — Cisco Umbrella Rank: 2441	107 KB
10	telegram-cdn.org cdn4.telegram-cdn.org — Cisco Umbrella Rank: 35631	907 KB
9	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 39 cm.g.doubleclick.net — Cisco Umbrella Rank: 234	59 KB
5	pubmatic.com 5 redirects image8.pubmatic.com — Cisco Umbrella Rank: 661 image2.pubmatic.com — Cisco Umbrella Rank: 1051 image4.pubmatic.com — Cisco Umbrella Rank: 982	2 KB
4	mytheresa.com 2 redirects cs.mytheresa.com — Cisco Umbrella Rank: 43062	4 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 322	1 KB
3	creativecdn.com 1 redirects prebid-eu.creativecdn.com — Cisco Umbrella Rank: 6154 creativecdn.com — Cisco Umbrella Rank: 598	861 B
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 190	141 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 242	10 KB
2	commander1.com 2 redirects mix-phoenix.commander1.com — Cisco Umbrella Rank: 111959	2 KB
2	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 238	2 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 87 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	xn--r1a.website xn--r1a.website — Cisco Umbrella Rank: 903345	14 KB
2	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 307	17 KB
2	gstatic.com www.gstatic.com	20 KB
1	trafmag.com m.trafmag.com — Cisco Umbrella Rank: 91401	351 B
1	splicky.com 1 redirects bidswitch-eu.splicky.com — Cisco Umbrella Rank: 27707	221 B
1	google.co.uk adservice.google.co.uk — Cisco Umbrella Rank: 4931	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 942	699 B
1	avto-oblik.com.ua avto-oblik.com.ua	72 KB
1	google.com.ua 1 redirects www.google.com.ua — Cisco Umbrella Rank: 18142	320 B
147	26

	Domain	Requested by
21	telegram.org	xn--r1a.website telegram.org
17	static.criteo.net	cdn.admixer.net ads.eu.criteo.com
12	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
11	www.buhoblik.org.ua	www.buhoblik.org.ua
10	cdn4.telegram-cdn.org	xn--r1a.website
10	cdn.admixer.net	www.buhoblik.org.ua cdn.admixer.net
9	pagead2.googlesyndication.com	www.buhoblik.org.ua pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
8	pix.eu.criteo.net	ads.eu.criteo.com
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
6	inv-nets.admixer.net	cdn.admixer.net www.buhoblik.org.ua
4	cs.mytheresa.com	2 redirects ads.eu.criteo.com
3	csm.eu.criteo.net	ads.eu.criteo.com
3	x.bidswitch.net	3 redirects
3	image8.pubmatic.com	3 redirects
3	www.googletagservices.com	googleads.g.doubleclick.net
2	gum.criteo.com	1 redirects static.criteo.net
2	bidder.criteo.com	static.criteo.net
2	cdnjs.cloudflare.com	ads.eu.criteo.com
2	mix-phoenix.commander1.com	2 redirects
2	cat.nl.eu.criteo.com	ads.eu.criteo.com
2	creativecdn.com	1 redirects www.buhoblik.org.ua
2	ib.adnxs.com	1 redirects www.buhoblik.org.ua
2	ads.eu.criteo.com	googleads.g.doubleclick.net
2	rtb.fr.eu.criteo.com	googleads.g.doubleclick.net
2	xn--r1a.website	www.buhoblik.org.ua telegram.org
2	ssl.google-analytics.com	www.buhoblik.org.ua
2	www.gstatic.com	www.buhoblik.org.ua googleads.g.doubleclick.net
2	buhoblik.org.ua	2 redirects
1	www.google.com	tpc.googlesyndication.com
1	mug.criteo.com
1	m.trafmag.com	www.buhoblik.org.ua
1	bidswitch-eu.splicky.com	1 redirects
1	image4.pubmatic.com	1 redirects
1	image2.pubmatic.com	1 redirects
1	cm.g.doubleclick.net	1 redirects
1	prebid-eu.creativecdn.com	cdn.admixer.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.co.uk	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	avto-oblik.com.ua	www.buhoblik.org.ua
1	www.google.com.ua	1 redirects
147	41

This site contains no links.

Subject Issuer	Validity	Valid
www.buhoblik.org.ua R3	`2022-12-02` - `2023-03-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.admixer.net Sectigo RSA Domain Validation Secure Server CA	`2022-06-08` - `2023-06-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
xn--r1a.website R3	`2022-10-23` - `2023-01-21`	3 months	crt.sh
www.avto-oblik.com.ua R3	`2022-12-06` - `2023-03-06`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.co.uk GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.telegram.org Go Daddy Secure Certificate Authority - G2	`2022-08-10` - `2023-09-11`	a year	crt.sh
cdn4.telegram-cdn.org GTS CA 1D4	`2022-10-18` - `2023-01-16`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-07` - `2023-03-12`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-14` - `2023-01-13`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-08` - `2023-02-04`	3 months	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
*.trafmag.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-14` - `2023-06-14`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-10` - `2023-01-10`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-01` - `2023-02-04`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-31` - `2023-01-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh

This page contains 15 frames:

Primary Page: https://www.buhoblik.org.ua/
Frame ID: 62AEFB41A1E01ED03423B3F6F746FAB4
Requests: 45 HTTP requests in this frame

Frame: https://xn--r1a.website/s/buhoblik_org_ua
Frame ID: 956F853BF39AEFC6F4D0EEFD4146FA1D
Requests: 34 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221130/r20190131/zrt_lookup.html
Frame ID: FA17FB0622BFA7BF26876F0C7ED260BD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&adk=1812271804&adf=3025194257&lmt=1670465131&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132349&bpp=3&bdt=914&idt=152&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1909117908703&frm=20&pv=2&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=168
Frame ID: 4DA205DD5C754A2BD393FFF27CD54976
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=2861554722&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1670465131&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132352&bpp=3&bdt=917&idt=170&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=523&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=VUVG3VM7E4&p=https%3A//www.buhoblik.org.ua&dtd=175
Frame ID: B034B70D58110372BC73456EB2126D11
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=22194997&pi=t.ma~as.9722638899&w=336&lmt=1670465131&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132355&bpp=1&bdt=921&idt=188&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=2545&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=lRCc0gwZf3&p=https%3A//www.buhoblik.org.ua&dtd=191
Frame ID: DBF9F3107849E49119E959B6339F6871
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=907449002&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1670465131&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132356&bpp=2&bdt=921&idt=198&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=4384&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=kThHvqddpZ&p=https%3A//www.buhoblik.org.ua&dtd=200
Frame ID: 0C1AB6302403736E30CA508CD99D1CC0
Requests: 7 HTTP requests in this frame

Frame: https://cdn.admixer.net/scripts3/51428/c.html?b=51428
Frame ID: 915EDC5BED96B207B72CB190F635A70E
Requests: 1 HTTP requests in this frame

Frame: https://cdn.admixer.net/scripts3/51428/c.html?b=51428
Frame ID: C1B4406CCAE5A11459DE7AC73BB4460B
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y5FGbAAJ2l8K4B8CAAod75rXGBbq5t7jEzfKxQ&u=%7CLv%2BQuYqN6D%2F2uKOY1DU9YAjIumcvso4unzscXrdO4lg%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wcJhpi7n2jKPB1hyEACoAjE-8f2HR4mVFxrMk6shk5U2KjUpEOpWu5vTzq7jXwfmCmo5OoW3WxIBvmuHFfjn16dXOYTcuxXlPbBruoPl5qVCUpPHJpmOfPne7NdX2rFuZCA-MMFQ2xT71BdHxDMnlY8HU88LPoIJ6SPgjaPakKKxHv6xYEb4ZMfaAcKs-SvzdaXXUXCiYQRLduIY5El_6LRktxYh1Slscg96MkEyuZT56ga7QOVZQLscNJaQt6zZfoplH4D5pYFX2A8Ubp8xcpCoHP_gxW2fOe1Zo1fzpi19J-ob7AE1gSTgB611tvWW72PgD-792TxqyaXrH2KDkEl54psaLsT-wiZkIlQMUJG7D-S3tuAvpWdC264PeGhtt9cMgdaT1nsrZH-ygGchP6dk5hEG_R7im0n2F4cYPYDaFDnV6Qek_71rK1CRqRNMARTjISaodl6UtiEEd1uwDzzFcwqvKj5unoViKy-CoGAgsXQGGnrlPkTyDhvNctjpmL16AoLgfFoyfN_knPS0J0qYVmmVqY9i230oQuGdPgHTI5XaM3n-QLz6P3ux6P-3bibcLe3gm_0qQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLyhMbEaRY9-0J4K-gAfvu6jYDeSP0rFcj4roiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAs8fwxXXe7Q-qAMBqgTpAU_Q5iZMG0nUitEwX6AezakGEZKVU0zQTjyoSf_llnQPF-43MQt6ScEKI9WGgMjQ8W598hTo8qq7CyISbtrVbZsHHjI8Ajc01w4d1ZFSxuHoyykkTAYWmyeUWPj9bmBHMGaaylButmtCtmwn5cQAB6AgnX591FyzcNLuHFOQa2rGQ_a8gJt9ABusBNX5hY0jgfCXYD5uyPd3qEzoQROlsgSG2LQMXleRxmtefdWGGLpzKdOTZIFyje-NXDA96aiMZIPHxrn7Ik7d2RibmH6VgcYkOOPUD-5jtEptsNOeR7jiqUnJIulU0TIdgAbE4ZmlxOC6xhugBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2a3drh4eC4Sl3FOyupwmLdywQbfg%26client%3Dca-pub-5630956766216465%26adurl%3D
Frame ID: 8C04CDA60D0675A4AD7F0387C9871CE2
Requests: 17 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y5FGbAAJ5-YK3qJBAAZxB1hJIdTHcKxMVpH35w&u=%7CLv%2BQuYqN6D%2BdsW7wbd1znp3GLOchbwwsGracGQtL%2BfI%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wcJhpi7n2jKPB1hyEACoAjE-8f2HR4mVFxrMk6shk5U2CbRoUuH0lsEK1yC4GROW7ZtAV-kkvIa-UMc1mOyLSvFoyn_QgmlEi0fxY6lFioi94wRwjg_5s8P5uDSK8w7SgO-R6SgvLmdfHzbaw5CS6U6qrZkukgV98RLNvX5o9OOVHHxoFBDpuK8IIVFCIkgpEW_5Ktm8DjePHnXl5R5vxg680DzKkajCVwhpw03ywL09zfd5nv44ZjJq9m9d5VZRAlPLGsEOJVAokai94clQhn1Ma2weQSoUGloADPEnvf9VhxfzZu3b3rwsB9dkgbGYaN4kB5m6mW8LeI-gOZ82EG_ZUbL0rzMr2-4h5HCULI1TivbPowgk2OaMMlEWGgPqjQRDsogIqsnRKNGJCEZPIUOwceejBkElHfm6J26txndBZazs1WF65RjEPPzACsjRvfDsoGnxodkiheYVM2mTtS4N2qBaMg8zhapS6Hv0ls-pAA7ZIFg-xiP7LQTc76Cid0iNd14THGw0-0HH54BD8bEzDy6npYBezPJ9CcAq29UdibRrjdX_PqdR0A5qMuVEcL7qnbMBo6poA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyyJHbEaRY-bPJ8HE-gaH4pnIBOSP0rFc_9DZkYgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAvl_n_D1eLQ-qAMBqgTjAU_Qy_t6z5k_resPJ96NIamsL77FP9QnU34gT2SonGBKiL2yntdJaQfVCTX5RtT1TOOUjImiDA-7DiDMtQlDKAexSn3tSJauAYJAqPca2Y1y6R9ijEE4X77b03WSDWnLdVzqqyuRUXIU824dW-SIHYlYwCNxFlGDekZDFvRTmDiuq0Gho5q0CTIKouiIn0Wo1e9lga_Bwk9jbkE66t0BC4GVW7_Ry5Wv8HbWCkPZXhPspqa_HoobvweQdWu7Hsn9t3XDOmmqTnpI7EFuww4rBDATE0EsxgZvj81fnwvTGUJ9CsdOgAbE4ZmlxOC6xhugBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_02BicXKKfrmHDAyLlR_DV5IoAnpw%26client%3Dca-pub-5630956766216465%26adurl%3D
Frame ID: FBDD22E25AD902167CEE4720E9B2093C
Requests: 18 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js
Frame ID: C58F9025998759809CFE8984930B2D35
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.buhoblik.org.ua
Frame ID: 1A3DD6D5EA760A7C969C444D7C215ED2
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0DC09B271993C08E473254610E6BC135
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 02686EDFFA99FBF2C0B428D11A02C509
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Бухучет в Украине : Бухгалтерский и налоговый учет

Page URL History Show full URLs

http://buhoblik.org.ua/ HTTP 301
https://buhoblik.org.ua/ HTTP 301
https://www.buhoblik.org.ua/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

147
Requests

95 %
HTTPS

61 %
IPv6

26
Domains

41
Subdomains

32
IPs

9
Countries

2610 kB
Transfer

5147 kB
Size

35
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://buhoblik.org.ua/ HTTP 301
https://buhoblik.org.ua/ HTTP 301
https://www.buhoblik.org.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://www.google.com.ua/cse/brand?form=cse-search-box%E2%8C%A9=ru HTTP 301
https://www.gstatic.com/prose/brandjs.js

Request Chain 56

https://image8.pubmatic.com/AdServer/ImgSync?p=160846&gdpr={gdpr}&gdpr_consent={consent}&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D160846%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Finv-nets.admixer.net%252Fadxcm.aspx%253Fssp%253D8B7CB874-411E-4307-9BD3-661F1CB0A0E6%2526id%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=160846&gdpr={gdpr}&gdpr_consent={consent}&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D160846%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Finv-nets.admixer.net%252Fadxcm.aspx%253Fssp%253D8B7CB874-411E-4307-9BD3-661F1CB0A0E6%2526id%253D%2523PMUID&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjEwODQzOTItQUIzQy00RDlCLTg0MTktQTAzQ0RBNzk0ODMw&gdpr=0&gdpr_consent={consent} HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent={consent} HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent={consent} HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=160846&pmc=1&pr=https%3A%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3D8B7CB874-411E-4307-9BD3-661F1CB0A0E6%26id%3DB1084392-AB3C-4D9B-8419-A03CDA794830 HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=8B7CB874-411E-4307-9BD3-661F1CB0A0E6&id=B1084392-AB3C-4D9B-8419-A03CDA794830

Request Chain 57

https://ib.adnxs.com/setuid?entity=533&code=b3a9bf0a131e4c9aa854215b98819b82 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D533%26code%3Db3a9bf0a131e4c9aa854215b98819b82

Request Chain 58

https://x.bidswitch.net/sync?ssp=admixer&user_id=b3a9bf0a131e4c9aa854215b98819b82&gdpr=&gdpr_consent=&us_privacy=[usPrivacy] HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=admixer&user_id=b3a9bf0a131e4c9aa854215b98819b82&gdpr=&gdpr_consent=&us_privacy=[usPrivacy] HTTP 302
https://bidswitch-eu.splicky.com/cm?bidswitch_ssp_id=admixer&bsw_custom_parameter=f4f87abd-1a9d-4304-a9f2-84fa9b055e00 HTTP 302
https://x.bidswitch.net/sync?dsp_id=311&user_id=&user_group=2&ssp=admixer&expires=10&bsw_param=f4f87abd-1a9d-4304-a9f2-84fa9b055e00 HTTP 302
https://inv-nets.admixer.net/bs/cm.aspx?id=f4f87abd-1a9d-4304-a9f2-84fa9b055e00&gdpr=&consent=&gdpr_pd=

Request Chain 60

https://creativecdn.com/cm-notify?pi=admixer HTTP 302
https://creativecdn.com/cm-notify?pi=admixer&tc=1

Request Chain 80

https://cs.mytheresa.com/mix/v3/?tcs=3504&rand=6391466c2d8f47199cb1869db110b4b3&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1& HTTP 307
https://mix-phoenix.commander1.com/mix/v3/?TC_CHECK_COOKIES_SUPPORT=1&tc_first=cs.mytheresa.com&tcs=3504&rand=6391466c2d8f47199cb1869db110b4b3&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1& HTTP 307
https://cs.mytheresa.com/mix/v3/?tc_id=202212080305339589337465&tcs=3504&rand=6391466c2d8f47199cb1869db110b4b3&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1&

Request Chain 86

https://cs.mytheresa.com/mix/v3/?tcs=3504&rand=6391466cad762a189a2b84c14375f2fa&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1& HTTP 307
https://mix-phoenix.commander1.com/mix/v3/?TC_CHECK_COOKIES_SUPPORT=1&tc_first=cs.mytheresa.com&tcs=3504&rand=6391466cad762a189a2b84c14375f2fa&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1& HTTP 307
https://cs.mytheresa.com/mix/v3/?tc_id=202212080305335379793106&tcs=3504&rand=6391466cad762a189a2b84c14375f2fa&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1&

Request Chain 139

https://gum.criteo.com/sid/json?origin=publishertag&domain=buhoblik.org.ua&sn=ChromeSyncframe&so=0&topUrl=www.buhoblik.org.ua&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=cQlXLHxiNnZoem5DNTlSZVFIa2VXZ0VMeUU3VDNtQ0FRUlJxUUhDQ3NuVVFkNE9nMm1WbG8yM2h0VU9hYmhGR3BNMVg3aWZwbnA4N3J5Y3ZFc3pGQ2VCNFh6WEV3N3F3NnIwNTh0R0NuMkhickV1ZlllOXlDUXVrQzZJZ210R1RzYW43WEpUNjZTWnZ3dmhlVmVSTWVHSUsyaHRFeUhQYzRNbWt4U0RsNnNtdVZRVTBWcUsvUmdTR3BkdXJxemZlSjNxUURkZ0JLK1FLMTBPSDJXWUNMYUtaOTdqeXNtdFg5VU0yYXZKNXhjOGtPYXFlWTA5RmlleC91dXNaSk1WdFVObmZkSHpOR3VRZGZCREo2RjlsL3FPdnpHUT09fA&cppv=2

147 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.buhoblik.org.ua/
Redirect Chain

http://buhoblik.org.ua/
https://buhoblik.org.ua/
https://www.buhoblik.org.ua/

100 KB
18 KB

278ms
260ms

Document
text/html

2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 6a1ea392e1f9bd794a33456a68a687eae2f67ab8a6723e619aeac86a2e6cea1b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 public
content-encoding: gzip
content-length: 18015
content-type: text/html; charset=utf-8
date: Thu, 08 Dec 2022 02:05:31 GMT
expires: Wed, 17 Aug 2005 00:00:00 GMT
last-modified: Thu, 08 Dec 2022 02:05:31 GMT
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-ray: p953:0.181/wn25401:0.180/wa25401:D=182970

Redirect headers

cache-control: max-age=0
content-length: 236
content-type: text/html; charset=iso-8859-1
date: Thu, 08 Dec 2022 02:05:31 GMT
expires: Thu, 08 Dec 2022 02:05:31 GMT
location: https://www.buhoblik.org.ua/
server: nginx
x-ray: p953:0.000/wn25401:0.010/wa25401:D=3355

GET
H2 200 937d2c2ee43bca358b9b71d8167863c767f6a3e64cf2ba0703a7f07c0a987df3.css
www.buhoblik.org.ua/media/com_jchoptimize/cache/css/ 161 KB
23 KB 224ms
223ms Stylesheet
text/css 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buhoblik.org.ua/media/com_jchoptimize/cache/css/937d2c2ee43bca358b9b71d8167863c767f6a3e64cf2ba0703a7f07c0a987df3.css
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 88467b23c1044f571783e76997720036df1c0a9925eee5f428c7ff150fa7da56

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:31 GMT
x-ray: p953:0.001/wn25401:0.000/
content-encoding: br
last-modified: Sat, 15 Oct 2022 17:58:43 GMT
server: nginx
etag: W/"634af4d3-28387"
content-type: text/css
cache-control: max-age=2592000
expires: Sat, 07 Jan 2023 02:05:31 GMT

GET
H2 200 937d2c2ee43bca358b9b71d8167863c7fe11058a8effe382178f5c9b88baefc8.js Show response
www.buhoblik.org.ua/media/com_jchoptimize/cache/js/ 137 KB
44 KB 376ms
376ms Script
application/javascript 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buhoblik.org.ua/media/com_jchoptimize/cache/js/937d2c2ee43bca358b9b71d8167863c7fe11058a8effe382178f5c9b88baefc8.js
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 377d27d86822418762eb956a7d4eec9823d6a9d3fd6f6d3ca0d63fdf374a0b69

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:31 GMT
x-ray: p953:0.001/wn25401:0.000/
content-encoding: br
last-modified: Sat, 15 Oct 2022 17:58:43 GMT
server: nginx
etag: W/"634af4d3-223b2"
content-type: application/javascript
cache-control: max-age=2592000
expires: Sat, 07 Jan 2023 02:05:31 GMT

GET
H2 200 banner-black-christmas-2023.png
www.buhoblik.org.ua/images/ 35 KB
35 KB 154ms
153ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/banner-black-christmas-2023.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 6d971b8686258f229e7f4437952b28345bbcbabb5d23045c7bf1e53d00ad3602

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
x-ray: p953:0.000/wn25401:0.000/
last-modified: Sat, 03 Dec 2022 20:01:34 GMT
server: nginx
etag: "638bab1e-8c22"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 35874
expires: Sat, 07 Jan 2023 02:05:32 GMT

GET
H2

200

brandjs.js Show response
www.gstatic.com/prose/
Redirect Chain

https://www.google.com.ua/cse/brand?form=cse-search-box%E2%8C%A9=ru
https://www.gstatic.com/prose/brandjs.js

14 KB
6 KB

143ms
45ms

Script
text/javascript

2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/prose/brandjs.js

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:02:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5807
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 15:14:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Fri, 09 Dec 2022 02:02:27 GMT

Redirect headers

date: Thu, 08 Dec 2022 02:05:32 GMT
x-content-type-options: nosniff
server: sffe
content-type: text/html; charset=UTF-8
location: https://www.gstatic.com/prose/brandjs.js
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
expires: Thu, 08 Dec 2022 02:35:32 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
49 KB 188ms
88ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9bd4f4b633a637883bc18be883d69ab6b3bd3329b81bd8b42f4cedfd9a4a6d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49412
x-xss-protection: 0
server: cafe
etag: 8871139184767370364
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 02:05:32 GMT

GET
H2 200 slide01.png
www.buhoblik.org.ua/images/slides/min-2023/ 43 KB
43 KB 182ms
180ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/slides/min-2023/slide01.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: f9dad740bc26e73ac710da1f590f3d451e88b0ed4a5056207b23f7c1194e03cb

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
x-ray: p953:0.000/wn25401:0.000/
last-modified: Sun, 27 Nov 2022 16:46:36 GMT
server: nginx
etag: "6383946c-ab6a"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 43882
expires: Sat, 07 Jan 2023 02:05:32 GMT

GET
H2 200 list_black.png
www.buhoblik.org.ua/images/ 417 B
634 B 183ms
181ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/list_black.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 002a93857ca724d4828a347c2b419a56eabfd275f206a5febc48246ccfe5830d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
x-ray: p953:0.000/wn25401:0.000/
last-modified: Thu, 27 Aug 2015 18:43:06 GMT
server: nginx
etag: "55df5a3a-1a1"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 417
expires: Sat, 07 Jan 2023 02:05:32 GMT

GET
H2 200 youtube-32.png
www.buhoblik.org.ua/images/ 918 B
1 KB 183ms
181ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/youtube-32.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: c6d254ee6b05a14666952b2b7629dedc518103bfed8a8d6ee0c1cbe28f76c6fd

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
x-ray: p953:0.000/wn25401:0.000/
last-modified: Sat, 21 Mar 2020 22:41:20 GMT
server: nginx
etag: "5e769810-396"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 918
expires: Sat, 07 Jan 2023 02:05:32 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
49 KB 169ms
71ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5630956766216465

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bbf6db7bd845ce4fc37ec8f8cccc488c4b98b8f52ae1086bbd04cf1a4a08a8df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Origin: https://www.buhoblik.org.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49371
x-xss-protection: 0
server: cafe
etag: 4908929972349909551
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 02:05:32 GMT

GET
H2 200 loader2.js Show response
cdn.admixer.net/scripts3/ 176 KB
55 KB 365ms
125ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/loader2.js
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 7728946db189aa5afd0b17d585fd24521909793a688ec2ef72c019a8bf92dc97

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc37
date: Thu, 08 Dec 2022 02:05:32 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:22:42 GMT
server: nginx
etag: W/"6375fd62-2c101"
x-cached-since: 2022-12-08T01:58:51+00:00
content-type: application/javascript
cache-control: max-age=600
cache: HIT
expires: Wed, 23 Nov 2022 10:15:07 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 142ms
44ms Script
text/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 01:12:14 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 3198
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Thu, 08 Dec 2022 03:12:14 GMT

GET
H2 200 module-main3.png
www.buhoblik.org.ua/images/ 70 KB
70 KB 180ms
179ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/module-main3.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 8dfbfa16c85400143f85eb24eef8df723fd19c190f841c2c5ff22b8d0a5eeb09

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
x-ray: p953:0.000/wn25401:0.000/
last-modified: Sun, 13 Feb 2022 17:15:45 GMT
server: nginx
etag: "62093cc1-11743"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 71491
expires: Sat, 07 Jan 2023 02:05:32 GMT

GET
H/1.1 200
OK buhoblik_org_ua Show response
xn--r1a.website/s/ Frame 956F 99 KB
13 KB 538ms
340ms Document
text/html 95.216.186.40
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://xn--r1a.website/s/buhoblik_org_ua

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.186.40 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.40.186.216.95.clients.your-server.de

Software

nginx /

Resource Hash

bb83687b87da3f2b2688c6c32acf28854d343949077e7b73db9581c186653479

Security Headers

Name	Value
Strict-Transport-Security	max-age=35768000

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-control: no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Thu, 08 Dec 2022 02:05:32 GMT
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=35768000
Transfer-Encoding: chunked

GET
H2 200 num_star.png
www.buhoblik.org.ua/images/ 2 KB
2 KB 257ms
256ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/num_star.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: a4d35007c83b3689910808811412e63293a2ae2abf1180a2dbaf4b3f7bb91ce9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
x-ray: p953:0.000/wn25401:0.000/
last-modified: Tue, 03 Jan 2017 22:58:31 GMT
server: nginx
etag: "586c2c97-652"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1618
expires: Sat, 07 Jan 2023 02:05:32 GMT

GET
H2 200 pdf-sborniki-vnizu-115-2022.png
avto-oblik.com.ua/images/ 72 KB
72 KB 215ms
61ms Image
image/png 2001:41d0:602:3b8e::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avto-oblik.com.ua/images/pdf-sborniki-vnizu-115-2022.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:41d0:602:3b8e:: , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 89c114dc23d61c6b428f26c214e96d1fd49b43c8f777c8fcbb9ffdee7a84d81f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
x-ray: wn37539:0.000/
last-modified: Mon, 27 Dec 2021 15:47:26 GMT
server: nginx
etag: "61c9e00e-1201c"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 73756
expires: Sat, 07 Jan 2023 02:05:32 GMT

GET
H2 200 dovidnik-buhgaltera-238.png
www.buhoblik.org.ua/normativka/spravochniki/spravochnik-buhgaltera/ 16 KB
16 KB 246ms
245ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/normativka/spravochniki/spravochnik-buhgaltera/dovidnik-buhgaltera-238.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 052155039c13b233f324882bd10dc38150b5bd74fb44f27c0ead4d518fbc901b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
x-ray: p953:0.001/wn25401:0.000/
last-modified: Wed, 26 Jul 2017 08:14:12 GMT
server: nginx
etag: "59784f54-3eb3"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 16051
expires: Sat, 07 Jan 2023 02:05:32 GMT

GET
H2 200 sidebar-uchet-2021.png
www.buhoblik.org.ua/images/ 58 KB
58 KB 246ms
245ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/sidebar-uchet-2021.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 6a82502c1baab28ba6f410aa012fff53bd4f01d8de430e54589e583a0dc3ce80

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
x-ray: p953:0.001/wn25401:0.000/
last-modified: Wed, 06 Apr 2022 09:28:41 GMT
server: nginx
etag: "624d5d49-e758"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 59224
expires: Sat, 07 Jan 2023 02:05:32 GMT

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
197 B 52ms
52ms Image
image/gif 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1498000228&utmhn=www.buhoblik.org.ua&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%91%D1%83%D1%85%D1%83%D1%87%D0%B5%D1%82%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5%20%3A%20%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%81%D0%BA%D0%B8%D0%B9%20%D0%B8%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D0%B9%20%D1%83%D1%87%D0%B5%D1%82&utmhid=283020213&utmr=-&utmp=%2F&utmht=1670465132278&utmac=UA-23922474-1&utmcc=__utma%3D21695912.992438325.1670465132.1670465132.1670465132.1%3B%2B__utmz%3D21695912.1670465132.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=2074910393&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 02:05:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/ 356 KB
117 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5630956766216465&plah=www.buhoblik.org.ua&bust=31071219

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5630956766216465

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c700c5e7b951d50a027635d10c24b00467be5503a66da47c9a70ffc4e9ba45fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119970
x-xss-protection: 0
server: cafe
etag: 12350285428327463697
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 02:05:32 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221130/r20190131/ Frame FA17 10 KB
5 KB 142ms
44ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221130/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5630956766216465

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 49976
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 12:12:36 GMT
etag: 10353107486223812946
expires: Wed, 21 Dec 2022 12:12:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 397 B
699 B 149ms
53ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.buhoblik.org.ua&callback=_gfp_s_&client=ca-pub-5630956766216465&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5630956766216465&plah=www.buhoblik.org.ua&bust=31071219

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

197842ab0690f44d9147718721598549a78b1eba15377b36dafa63d7b1d22885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 254
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
792 B 152ms
53ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=www.buhoblik.org.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 153ms
54ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.buhoblik.org.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4DA2 0
19 B 224ms
132ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&adk=1812271804&adf=3025194257&lmt=1670465131&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132349&bpp=3&bdt=914&idt=152&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1909117908703&frm=20&pv=2&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=168

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:05:32 GMT
expires: Thu, 08 Dec 2022 02:05:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B034 23 KB
10 KB 353ms
271ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=2861554722&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1670465131&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132352&bpp=3&bdt=917&idt=170&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=523&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=VUVG3VM7E4&p=https%3A//www.buhoblik.org.ua&dtd=175

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa25209f272c0103dba319231dbf780c705b60fa76d39a48dfd05bf34791b5e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 9880
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:05:32 GMT
expires: Thu, 08 Dec 2022 02:05:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DBF9 97 KB
34 KB 449ms
387ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=22194997&pi=t.ma~as.9722638899&w=336&lmt=1670465131&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132355&bpp=1&bdt=921&idt=188&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=2545&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=lRCc0gwZf3&p=https%3A//www.buhoblik.org.ua&dtd=191

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d450f882e787c237d4d1655ce8e655245b839c0baabfd2741831c90c1cc59828

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 35222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:05:32 GMT
expires: Thu, 08 Dec 2022 02:05:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0C1A 23 KB
10 KB 278ms
225ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=907449002&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1670465131&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132356&bpp=2&bdt=921&idt=198&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=4384&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=kThHvqddpZ&p=https%3A//www.buhoblik.org.ua&dtd=200

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ffc06b427937db597d898aa234e14f2735ef69882fee1b97c6c2a44cd2b4c7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 9896
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:05:32 GMT
expires: Thu, 08 Dec 2022 02:05:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 c.html Show response
cdn.admixer.net/scripts3/51428/ Frame 915E 738 B
494 B 137ms
136ms Document
text/html 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/c.html?b=51428
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache: HIT
cache-control: max-age=31622400
content-encoding: gzip
content-type: text/html
date: Thu, 08 Dec 2022 02:05:32 GMT
etag: W/"6375fd72-2e2"
expires: Wed, 29 Nov 2023 16:49:41 GMT
last-modified: Thu, 17 Nov 2022 09:22:58 GMT
server: nginx
vary: Accept-Encoding
x-cached-since: 2022-11-28T16:49:41+00:00
x-id: fr5-up-gc37

GET
H2 200 a21031c0f6a0994b3314.b.js Show response
cdn.admixer.net/scripts3/51428/ 23 KB
9 KB 120ms
120ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/a21031c0f6a0994b3314.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 680f6e9a0e9f9d8c145e11d6937f688ff4299215d44bf0a54368ffc6acdbfc51

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc37
date: Thu, 08 Dec 2022 02:05:32 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:22:56 GMT
server: nginx
etag: W/"6375fd70-5d41"
vary: Accept-Encoding
x-cached-since: 2022-11-28T16:49:39+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Wed, 29 Nov 2023 16:49:39 GMT

GET
H2 200 0a75d04ce9f53a1a35b6.b.js Show response
cdn.admixer.net/scripts3/51428/ 75 KB
20 KB 131ms
130ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/0a75d04ce9f53a1a35b6.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: ecd2e45fcd6ed0f17eaefccd72cdb8253be8673636adcbf3f8902aeeed654fe2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc37
date: Thu, 08 Dec 2022 02:05:32 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:22:47 GMT
server: nginx
etag: W/"6375fd67-12c39"
vary: Accept-Encoding
x-cached-since: 2022-11-28T16:49:44+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Wed, 29 Nov 2023 16:49:44 GMT

GET
H2 200 c.html Show response
cdn.admixer.net/scripts3/51428/ Frame C1B4 738 B
405 B 131ms
131ms Document
text/html 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/c.html?b=51428
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache: HIT
cache-control: max-age=31622400
content-encoding: gzip
content-type: text/html
date: Thu, 08 Dec 2022 02:05:32 GMT
etag: W/"6375fd72-2e2"
expires: Wed, 29 Nov 2023 16:49:41 GMT
last-modified: Thu, 17 Nov 2022 09:22:58 GMT
server: nginx
vary: Accept-Encoding
x-cached-since: 2022-11-28T16:49:41+00:00
x-id: fr5-up-gc37

GET
H/1.1 200
OK dsp.aspx Show response
inv-nets.admixer.net/ 4 KB
2 KB 179ms
80ms Script
application/javascript 146.0.227.109
GODADDY

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/dsp.aspx?sender=admixer&rct=4&v=2.0&rnd=4279213957451890.5&cpv=d74e9eaf-1c21-7d4d-3116-47f4c65c51d6&responseType=default&uids=%7B%7D&fpd=%7B%7D&kvTargeting=%7B%7D&data=%7B%22id%22%3A%22d4d072a7-d2b1-513f-272a-a042bae2c29e%22%2C%22site%22%3A%7B%22page%22%3A%22https%253A%252F%252Fwww.buhoblik.org.ua%252F%22%2C%22ref%22%3A%22%22%2C%22sf%22%3A0%7D%2C%22device%22%3A%7B%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F99.0.4844.51%20Safari%2F537.36%22%2C%22sr%22%3A%221600x1200%22%7D%2C%22labels%22%3A%7B%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%229a94780e-cebb-5bdd-5777-fa06ed061ae9%22%2C%22tagid%22%3A%22dab6be62-b1e7-4d05-a12c-0a70b3291504%22%2C%22ext%22%3A%7B%22ph%22%3A%22admixer_dab6be62b1e74d05a12c0a70b3291504_zone_1393_sect_956_site_943%22%2C%22pos%22%3A1%2C%22inView%22%3A1%7D%2C%22i%22%3A%22inv-nets%22%2C%22sender%22%3A%22admixer%22%7D%5D%2C%22allimps%22%3A1%7D&am-uid=null&3rdEnabled=true&3rd=true

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

0ee54816dfd32cf06ebd4bf55696746574a131a03db4ad29564d81a4ed9895ac

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 02:05:32 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=25
Content-Length: 1626
X-Xss-Protection: 0

GET
H2 200 font-roboto.css
telegram.org/css/ Frame 956F 6 KB
894 B 153ms
47ms Stylesheet
text/css 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/css/font-roboto.css?1

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
server: nginx/1.18.0
etag: W/"63512b7d-1816"
content-type: text/css
cache-control: max-age=345600
expires: Mon, 12 Dec 2022 02:05:32 GMT

GET
H2 200 widget-frame.css
telegram.org/css/ Frame 956F 81 KB
21 KB 200ms
95ms Stylesheet
text/css 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/css/widget-frame.css?64

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

33a2f32349a6984f77f2cd427708c9ae0002bfc90594182bbc809b71ee0cdfde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 21 Nov 2022 12:06:59 GMT
server: nginx/1.18.0
etag: W/"637b69e3-14544"
content-type: text/css
cache-control: max-age=345600
expires: Mon, 12 Dec 2022 02:05:32 GMT

GET
H2 200 telegram-web.css
telegram.org/css/ Frame 956F 27 KB
6 KB 203ms
98ms Stylesheet
text/css 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/css/telegram-web.css?36

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

94ee379c2fd3a709a328f067157f8845510400db1fd4825ad1e491efb4d47f69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 21 Nov 2022 12:06:59 GMT
server: nginx/1.18.0
etag: W/"637b69e3-6b2d"
content-type: text/css
cache-control: max-age=345600
expires: Mon, 12 Dec 2022 02:05:32 GMT

GET
H2 200 g2wMiymnme6Kv5kOOLlp-LP-nox9OsaB8IOFCA0IfU51cfUb0IXMlQpgq8hH19QYgJBpXyDfwsTF68o4Y9cuTHrgwcJ4Tp9AwSQ8ZLKMN60C6qgp4oEK_xdk8SHUeDtP-libywdTU-HT-NSNxg_I_ZliBWf7mobcM7StTVMhAuba4kQPukxnqaNFZFrdtVlHSCMBJ...
cdn4.telegram-cdn.org/file/ Frame 956F 5 KB
5 KB 168ms
57ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/g2wMiymnme6Kv5kOOLlp-LP-nox9OsaB8IOFCA0IfU51cfUb0IXMlQpgq8hH19QYgJBpXyDfwsTF68o4Y9cuTHrgwcJ4Tp9AwSQ8ZLKMN60C6qgp4oEK_xdk8SHUeDtP-libywdTU-HT-NSNxg_I_ZliBWf7mobcM7StTVMhAuba4kQPukxnqaNFZFrdtVlHSCMBJXyZW8TPqYr4mszqP7roMMh4oheOIQuEjmGkiuHxJAHt9tRpMAaH5DDu78uYTearn8lCHO3UHHn2Zica23i15-aV47dc3DCYeag6FSJTynjNX_wVR91-ZInn7adZnMSNJ_JZm3T6VsUvO1iC8w.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

1da67e20c0a4ac1486f38f01e01cdb805992a3f857ef49dccd9529e6b7571d0c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4611
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "c306c2f92fde71f3d8b7f957309116d3efaf27c1"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 jquery.min.js Show response
telegram.org/js/ Frame 956F 94 KB
38 KB 51ms
50ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/jquery.min.js

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-1762a"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H2 200 jquery-ui.min.js Show response
telegram.org/js/ Frame 956F 96 KB
32 KB 98ms
98ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/jquery-ui.min.js

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

eb46d82ef6f86859f18e379660e0f45b85c6f69fa97111905f0c125a08506376

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-181a9"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H2 200 tgwallpaper.min.js Show response
telegram.org/js/ Frame 956F 3 KB
2 KB 89ms
87ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/tgwallpaper.min.js?3

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 03 Mar 2022 19:57:25 GMT
server: nginx/1.18.0
etag: W/"62211da5-ba3"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H2 200 tgsticker.js Show response
telegram.org/js/ Frame 956F 24 KB
7 KB 90ms
89ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/tgsticker.js?29

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

dd6e691a27d07125e04993917cfb3f75ac9d8926f6b66d7c2e45368aa130e660

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 29 Jun 2022 21:52:44 GMT
server: nginx/1.18.0
etag: W/"62bcc9ac-5faf"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H2 200 widget-frame.js Show response
telegram.org/js/ Frame 956F 91 KB
25 KB 101ms
100ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/widget-frame.js?60

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

b4dc7118464c434f7caac42fd0535dac1102dfcace0feb4c35e3bb29594b14c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Sat, 08 Oct 2022 23:46:30 GMT
server: nginx/1.18.0
etag: W/"63420bd6-16c85"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H2 200 telegram-web.js Show response
telegram.org/js/ Frame 956F 12 KB
4 KB 102ms
102ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/telegram-web.js?14

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

e4b7033bdd850b9dd9847fb31e63627e352e38a3cb5cf5a483ca3d2cc1093c58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 18 Mar 2022 10:32:52 GMT
server: nginx/1.18.0
etag: W/"62345fd4-2e63"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/ Frame 0C1A 3 KB
1 KB 178ms
54ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=907449002&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1670465131&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132356&bpp=2&bdt=921&idt=198&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=4384&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=kThHvqddpZ&p=https%3A//www.buhoblik.org.ua&dtd=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 18:28:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 18:28:34 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/ Frame 0C1A 18 KB
8 KB 165ms
42ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f066f881ead135cd4ee88cf0c80ddb796f8841fc536a7950d4f7102e0502be2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 18:38:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26834
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7443
x-xss-protection: 0
server: cafe
etag: 629801499763588852
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 18:38:19 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0C1A 153 KB
47 KB 179ms
57ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 02:05:33 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0C1A 0
0 98ms
97ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CKbhLbEaRY9-0J4K-gAfvu6jYDeSP0rFcj4roiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAs8fwxXXe7Q-qAMBqgTmAU_Q5iZMG0nUitEwX6AezakGEZKVU0zQTjyoSf_llnQPF-43MQt6ScEKI9WGgMjQ8W598hTo8qq7CyISbtrVbZsHHjI8Ajc01w4d1ZFSxuHoyykkTAYWmyeUWPj9bmBHMGaaylButmtCtmwn5cQAB6AgnX591FyzcNLuHFOQa2rGQ_a8gJt9ABusBNX5hY0jgfCXYD5uyPd3qEzoQROlsgSG2LQMXleRxmtefdWGGLpzKdOTZIFyje-NXDA96aiMZMHF5ysogLzYSuqUAP3xHW0nLOloBcB7b8T21E8_-KbOsZhOyOzHgAbE4ZmlxOC6xhugBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTU2MzA5NTY3NjYyMTY0NjUYAA&sigh=gjf_g1ZurO4&uach_m=[UACH]&cid=CAQSGwDq26N9ZHUwg32Yh6ecJ86mvZZql-z6kFJyqxgBIBM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=907449002&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1670465131&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132356&bpp=2&bdt=921&idt=198&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=4384&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=kThHvqddpZ&p=https%3A//www.buhoblik.org.ua&dtd=200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 08 Dec 2022 02:05:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 08 Dec 2022 02:05:32 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 0C1A 0
0 147ms
38ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kqa1CL_6RNoFmAKH-lcYAgAAAO5igEQ3rr8m2nHJuhBsRpFjAbzgOVCwDV7xsYYAEgAA&wp=Y5FGbAAJ2l8K4B8CAAod75rXGBbq5t7jEzfKxQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 286288
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 8C04 147 KB
49 KB 215ms
107ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Y5FGbAAJ2l8K4B8CAAod75rXGBbq5t7jEzfKxQ&u=%7CLv%2BQuYqN6D%2F2uKOY1DU9YAjIumcvso4unzscXrdO4lg%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wcJhpi7n2jKPB1hyEACoAjE-8f2HR4mVFxrMk6shk5U2KjUpEOpWu5vTzq7jXwfmCmo5OoW3WxIBvmuHFfjn16dXOYTcuxXlPbBruoPl5qVCUpPHJpmOfPne7NdX2rFuZCA-MMFQ2xT71BdHxDMnlY8HU88LPoIJ6SPgjaPakKKxHv6xYEb4ZMfaAcKs-SvzdaXXUXCiYQRLduIY5El_6LRktxYh1Slscg96MkEyuZT56ga7QOVZQLscNJaQt6zZfoplH4D5pYFX2A8Ubp8xcpCoHP_gxW2fOe1Zo1fzpi19J-ob7AE1gSTgB611tvWW72PgD-792TxqyaXrH2KDkEl54psaLsT-wiZkIlQMUJG7D-S3tuAvpWdC264PeGhtt9cMgdaT1nsrZH-ygGchP6dk5hEG_R7im0n2F4cYPYDaFDnV6Qek_71rK1CRqRNMARTjISaodl6UtiEEd1uwDzzFcwqvKj5unoViKy-CoGAgsXQGGnrlPkTyDhvNctjpmL16AoLgfFoyfN_knPS0J0qYVmmVqY9i230oQuGdPgHTI5XaM3n-QLz6P3ux6P-3bibcLe3gm_0qQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLyhMbEaRY9-0J4K-gAfvu6jYDeSP0rFcj4roiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAs8fwxXXe7Q-qAMBqgTpAU_Q5iZMG0nUitEwX6AezakGEZKVU0zQTjyoSf_llnQPF-43MQt6ScEKI9WGgMjQ8W598hTo8qq7CyISbtrVbZsHHjI8Ajc01w4d1ZFSxuHoyykkTAYWmyeUWPj9bmBHMGaaylButmtCtmwn5cQAB6AgnX591FyzcNLuHFOQa2rGQ_a8gJt9ABusBNX5hY0jgfCXYD5uyPd3qEzoQROlsgSG2LQMXleRxmtefdWGGLpzKdOTZIFyje-NXDA96aiMZIPHxrn7Ik7d2RibmH6VgcYkOOPUD-5jtEptsNOeR7jiqUnJIulU0TIdgAbE4ZmlxOC6xhugBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2a3drh4eC4Sl3FOyupwmLdywQbfg%26client%3Dca-pub-5630956766216465%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

efaba744bbd7e1347c4b855e9bbb86f1aaf8c980dcdf85b1f61e3de251226727

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:05:32 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=QSxpa3DpK9cQNCKFM4ivfruqYAFZNDitQeTbklCFVmOHM1KxutIxyXOF5dQ6qpcqsnFSQfC2R4pSj16VWyRfh2DY3W4sYIshoh4smSD0JgxhPXn74letlIR4Y_0LtmAm2Hv1Eif361teH9BRrH3VXOvfbShcActFfYJvkOKng9ldrPcZC7b2eGD3JLhtQxWBCnybMNAOoFhOAgMBBCa4wly0sPS-Ay1qkjNWmVH7mOP0pCn6kfnCkRPcfzwCp_GZzNAErg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 69646130
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/ Frame B034 3 KB
1 KB 150ms
52ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=2861554722&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1670465131&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132352&bpp=3&bdt=917&idt=170&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=523&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=VUVG3VM7E4&p=https%3A//www.buhoblik.org.ua&dtd=175

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 18:28:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 18:28:34 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/ Frame B034 18 KB
7 KB 143ms
46ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f066f881ead135cd4ee88cf0c80ddb796f8841fc536a7950d4f7102e0502be2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 18:38:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26834
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7443
x-xss-protection: 0
server: cafe
etag: 629801499763588852
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 18:38:19 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B034 153 KB
47 KB 220ms
123ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 02:05:33 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B034 0
0 92ms
91ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CGVYobEaRY-bPJ8HE-gaH4pnIBOSP0rFc_9DZkYgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAvl_n_D1eLQ-qAMBqgTgAU_Qy_t6z5k_resPJ96NIamsL77FP9QnU34gT2SonGBKiL2yntdJaQfVCTX5RtT1TOOUjImiDA-7DiDMtQlDKAexSn3tSJauAYJAqPca2Y1y6R9ijEE4X77b03WSDWnLdVzqqyuRUXIU824dW-SIHYlYwCNxFlGDekZDFvRTmDiuq0Gho5q0CTIKouiIn0Wo1e9lga_Bwk9jbkE66t0BC4GVW7_Ry5Wv8HbWCkPZXhPspqa_HoobvweQdSm5P1suFYfGqZul1vkscOpt1wSXDh4LyM-3oprOMNNzh9pU80fugAbE4ZmlxOC6xhugBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTU2MzA5NTY3NjYyMTY0NjUYAA&sigh=w7SmiKiDQ_0&uach_m=[UACH]&cid=CAQSGwDq26N9WENp1Z1ItZUngtOf59ahTKDzkpg43RgBIBM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=2861554722&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1670465131&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132352&bpp=3&bdt=917&idt=170&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=523&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=VUVG3VM7E4&p=https%3A//www.buhoblik.org.ua&dtd=175
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 08 Dec 2022 02:05:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 08 Dec 2022 02:05:32 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame B034 0
0 128ms
38ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kqa1CL_6RNoFmAKH-lcYAgAAAL3dF7qT-P8r2nHJuhBrRpFj26dNOVtbLnhz5eEAEgAA&wp=Y5FGbAAJ5-YK3qJBAAZxB1hJIdTHcKxMVpH35w

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 251030
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame FBDD 148 KB
49 KB 277ms
186ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Y5FGbAAJ5-YK3qJBAAZxB1hJIdTHcKxMVpH35w&u=%7CLv%2BQuYqN6D%2BdsW7wbd1znp3GLOchbwwsGracGQtL%2BfI%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wcJhpi7n2jKPB1hyEACoAjE-8f2HR4mVFxrMk6shk5U2CbRoUuH0lsEK1yC4GROW7ZtAV-kkvIa-UMc1mOyLSvFoyn_QgmlEi0fxY6lFioi94wRwjg_5s8P5uDSK8w7SgO-R6SgvLmdfHzbaw5CS6U6qrZkukgV98RLNvX5o9OOVHHxoFBDpuK8IIVFCIkgpEW_5Ktm8DjePHnXl5R5vxg680DzKkajCVwhpw03ywL09zfd5nv44ZjJq9m9d5VZRAlPLGsEOJVAokai94clQhn1Ma2weQSoUGloADPEnvf9VhxfzZu3b3rwsB9dkgbGYaN4kB5m6mW8LeI-gOZ82EG_ZUbL0rzMr2-4h5HCULI1TivbPowgk2OaMMlEWGgPqjQRDsogIqsnRKNGJCEZPIUOwceejBkElHfm6J26txndBZazs1WF65RjEPPzACsjRvfDsoGnxodkiheYVM2mTtS4N2qBaMg8zhapS6Hv0ls-pAA7ZIFg-xiP7LQTc76Cid0iNd14THGw0-0HH54BD8bEzDy6npYBezPJ9CcAq29UdibRrjdX_PqdR0A5qMuVEcL7qnbMBo6poA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyyJHbEaRY-bPJ8HE-gaH4pnIBOSP0rFc_9DZkYgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAvl_n_D1eLQ-qAMBqgTjAU_Qy_t6z5k_resPJ96NIamsL77FP9QnU34gT2SonGBKiL2yntdJaQfVCTX5RtT1TOOUjImiDA-7DiDMtQlDKAexSn3tSJauAYJAqPca2Y1y6R9ijEE4X77b03WSDWnLdVzqqyuRUXIU824dW-SIHYlYwCNxFlGDekZDFvRTmDiuq0Gho5q0CTIKouiIn0Wo1e9lga_Bwk9jbkE66t0BC4GVW7_Ry5Wv8HbWCkPZXhPspqa_HoobvweQdWu7Hsn9t3XDOmmqTnpI7EFuww4rBDATE0EsxgZvj81fnwvTGUJ9CsdOgAbE4ZmlxOC6xhugBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_02BicXKKfrmHDAyLlR_DV5IoAnpw%26client%3Dca-pub-5630956766216465%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ae86fbf63a1c570b0f33ecb93d5a79f6e1cb718187d92332724ce7bc8dfdc831

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:05:32 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=q40fl3DpK9cQNCKFdnDomXPIF3r-og11PxGasvLcsxe3NVCOBzmLLe-h00POGSRyQEk1NGMUq7pOsyzUHPvAQQUGo9vOO8hqfE8JSQvHhnK3vyACXCf9XygTFW582DiAJ5coGnKoNKpvbRGSiwigpslllh-V57d7zgRFIeY2TNazJdpL3Xgwce_QoxkH-Q1FXLqlljCIaLyoO3ICEbcOP12LV-da-s6fj5PQjVvSnRNziqqUMm4bV9f5bBgQTd0W7j96VT6oAOjFHRkl"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 70128336
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ 121 KB
40 KB 133ms
49ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

87f31cded62015a1d11cce6be7a32b77405de2fb36f4b8a7c2c5a4ccabd6a403

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-1e444"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 09 Dec 2022 02:05:33 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
182 B 131ms
42ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/51428/a21031c0f6a0994b3314.b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.buhoblik.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.buhoblik.org.ua
date: Thu, 08 Dec 2022 02:05:33 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

GET
H/1.1

200
OK

adxcm.aspx
inv-nets.admixer.net/
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=160846&gdpr={gdpr}&gdpr_consent={consent}&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D160846%26pmc%3DPM_PMC%26pr%3Dhttps%253A...
https://image8.pubmatic.com/AdServer/ImgSync?p=160846&gdpr={gdpr}&gdpr_consent={consent}&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D160846%26pmc%3DPM_PMC%26pr%3Dhttps%253A...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjEwODQzOTItQUIzQy00RDlCLTg0MTktQTAzQ0RBNzk0ODMw&gdpr=0&gdpr_consent={consent}
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent={consent}
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent={consent}
https://image4.pubmatic.com/AdServer/SPug?partnerID=160846&pmc=1&pr=https%3A%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3D8B7CB874-411E-4307-9BD3-661F1CB0A0E6%26id%3DB1084392-AB3C-4D9B-8419-A03CD...
https://inv-nets.admixer.net/adxcm.aspx?ssp=8B7CB874-411E-4307-9BD3-661F1CB0A0E6&id=B1084392-AB3C-4D9B-8419-A03CDA794830

43 B
463 B

45ms
45ms

Image
image/gif

146.0.227.109
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/adxcm.aspx?ssp=8B7CB874-411E-4307-9BD3-661F1CB0A0E6&id=B1084392-AB3C-4D9B-8419-A03CDA794830

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Server

146.0.227.109 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 02:05:33 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

location: https://inv-nets.admixer.net/adxcm.aspx?ssp=8B7CB874-411E-4307-9BD3-661F1CB0A0E6&id=B1084392-AB3C-4D9B-8419-A03CDA794830
date: Thu, 08 Dec 2022 02:05:32 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://ib.adnxs.com/setuid?entity=533&code=b3a9bf0a131e4c9aa854215b98819b82
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D533%26code%3Db3a9bf0a131e4c9aa854215b98819b82

43 B
847 B

39ms
39ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D533%26code%3Db3a9bf0a131e4c9aa854215b98819b82

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 02:05:33 GMT
AN-X-Request-Uuid: 41768aec-1da4-486b-913d-48063da88310
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.138.196.102; 217.138.196.102; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 02:05:33 GMT
AN-X-Request-Uuid: dbb6c6d6-be6f-44b0-a90a-175b3f142733
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D533%26code%3Db3a9bf0a131e4c9aa854215b98819b82
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.138.196.102; 217.138.196.102; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

cm.aspx
inv-nets.admixer.net/bs/
Redirect Chain

https://x.bidswitch.net/sync?ssp=admixer&user_id=b3a9bf0a131e4c9aa854215b98819b82&gdpr=&gdpr_consent=&us_privacy=[usPrivacy]
https://x.bidswitch.net/ul_cb/sync?ssp=admixer&user_id=b3a9bf0a131e4c9aa854215b98819b82&gdpr=&gdpr_consent=&us_privacy=[usPrivacy]
https://bidswitch-eu.splicky.com/cm?bidswitch_ssp_id=admixer&bsw_custom_parameter=f4f87abd-1a9d-4304-a9f2-84fa9b055e00
https://x.bidswitch.net/sync?dsp_id=311&user_id=&user_group=2&ssp=admixer&expires=10&bsw_param=f4f87abd-1a9d-4304-a9f2-84fa9b055e00
https://inv-nets.admixer.net/bs/cm.aspx?id=f4f87abd-1a9d-4304-a9f2-84fa9b055e00&gdpr=&consent=&gdpr_pd=

43 B
463 B

45ms
45ms

Image
image/gif

146.0.227.109
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/bs/cm.aspx?id=f4f87abd-1a9d-4304-a9f2-84fa9b055e00&gdpr=&consent=&gdpr_pd=

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Server

146.0.227.109 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 02:05:33 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

location: //inv-nets.admixer.net/bs/cm.aspx?id=f4f87abd-1a9d-4304-a9f2-84fa9b055e00&gdpr=&consent=&gdpr_pd=
date: Thu, 08 Dec 2022 02:05:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1 200
OK 1px-matching-admixer.gif
m.trafmag.com/images/ 35 B
351 B 285ms
69ms Image
image/gif 193.200.65.6
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.trafmag.com/images/1px-matching-admixer.gif?id=b3a9bf0a131e4c9aa854215b98819b82
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 193.200.65.6 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: adforce.team
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif
Date: Thu, 08 Dec 2022 02:05:33 GMT
Server: nginx
Connection: keep-alive
Content-Length: 35
P3P: CP="NON DSP COR CURa TIA"

GET
H2

200

cm-notify
creativecdn.com/
Redirect Chain

https://creativecdn.com/cm-notify?pi=admixer
https://creativecdn.com/cm-notify?pi=admixer&tc=1

42 B
243 B

44ms
44ms

Image
image/gif

185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativecdn.com/cm-notify?pi=admixer&tc=1
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 08 Dec 2022 02:05:33 GMT, Thu, 08 Dec 2022 02:05:33 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 42
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://creativecdn.com/cm-notify?pi=admixer&tc=1
date: Thu, 08 Dec 2022 02:05:33 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
telegram.org/fonts/Roboto/ Frame 956F 11 KB
11 KB 162ms
54ms Font
application/octet-stream 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL: https://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by: Host: telegram.org
URL: https://telegram.org/css/font-roboto.css?1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

Request headers

Referer: https://telegram.org/css/font-roboto.css?1
Origin: https://xn--r1a.website
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
server: nginx/1.18.0
etag: "63512b7d-2b14"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 11028
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
telegram.org/fonts/Roboto/ Frame 956F 11 KB
11 KB 208ms
101ms Font
application/octet-stream 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL: https://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by: Host: telegram.org
URL: https://telegram.org/css/font-roboto.css?1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: bce2f309470952b7affa62ff4d91b454334c68cefa541429b502904d20696875

Request headers

Referer: https://telegram.org/css/font-roboto.css?1
Origin: https://xn--r1a.website
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
server: nginx/1.18.0
etag: "63512b7d-2b40"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 11072
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fABc4AMP6lbBP.woff2
telegram.org/fonts/Roboto/ Frame 956F 6 KB
7 KB 206ms
102ms Font
application/octet-stream 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL: https://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fABc4AMP6lbBP.woff2
Requested by: Host: telegram.org
URL: https://telegram.org/css/font-roboto.css?1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 3e70e149a35f394bb78ef7842de11a06359fed7828f30331594a28d196c54012

Request headers

Referer: https://telegram.org/css/font-roboto.css?1
Origin: https://xn--r1a.website
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
server: nginx/1.18.0
etag: "63512b7d-19e8"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 6632
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/ Frame DBF9 2 KB
765 B 165ms
60ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=22194997&pi=t.ma~as.9722638899&w=336&lmt=1670465131&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132355&bpp=1&bdt=921&idt=188&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=2545&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=lRCc0gwZf3&p=https%3A//www.buhoblik.org.ua&dtd=191

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 19:48:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22636
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 19:48:17 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame DBF9 0
0 101ms
101ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cm013bEaRY9jKJ7uGx_APsMSpiA_6lcbkbaDi4-mKEeDVkqO6AhABIOfk8hZgu4aAgNAKoAHggfD4KMgBAakCYsSajl2isT6oAwHIA8sEqgTwAU_Q2byY7E4G4BatZywfxRXbKHEHCLGmdx1QSBuTJE2U_593blgf4IWxdM9q3D2_vLFSBgn1ddcpKgPv8Jbh7I8-b8cu2L1EO67odL1k-C4zzLPlAi3tjreKVKaygUXaybg14M_tweUSUqlqVqZoYNj5B4l3eTY8Fkgzdi3cJKUhXIYQ-X78xzSmYH9AZCsj_zrPAlpb0G-kYW01DQuQcLrdKY7_LPwc3Z-n6i0lnctXAicxpeCZylqgmJgGvSEqjfVeAMgNEA2cKbbdE_hqXVLDiZEei5GrsXHiZKc-bXKc7kv4eu2EUu9EshMryG8Az8AE86uYrpkEkgUECAQYAZIFBAgFGASgBgKAB-C5wNgDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQk7gE0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItNTYzMDk1Njc2NjIxNjQ2NRgA&sigh=jES6X3-FVoI&uach_m=[UACH]&cid=CAQSGwDq26N9cDvXRW5Wufn_DAfCq42PugfUD5f48RgBIBM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=22194997&pi=t.ma~as.9722638899&w=336&lmt=1670465131&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132355&bpp=1&bdt=921&idt=188&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=2545&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=lRCc0gwZf3&p=https%3A//www.buhoblik.org.ua&dtd=191

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=22194997&pi=t.ma~as.9722638899&w=336&lmt=1670465131&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132355&bpp=1&bdt=921&idt=188&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=2545&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=lRCc0gwZf3&p=https%3A//www.buhoblik.org.ua&dtd=191
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 08 Dec 2022 02:05:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221130/r20110914/ Frame DBF9 23 KB
9 KB 147ms
44ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221130/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=22194997&pi=t.ma~as.9722638899&w=336&lmt=1670465131&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132355&bpp=1&bdt=921&idt=188&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=2545&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=lRCc0gwZf3&p=https%3A//www.buhoblik.org.ua&dtd=191

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e965485436a460b6ffc44695b148993598bd4e6cdb8447a547fb5609e3ca152

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 18:38:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26834
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9421
x-xss-protection: 0
server: cafe
etag: 8437175705735068947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 18:38:19 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/ Frame DBF9 3 KB
1 KB 163ms
60ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=22194997&pi=t.ma~as.9722638899&w=336&lmt=1670465131&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132355&bpp=1&bdt=921&idt=188&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=2545&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=lRCc0gwZf3&p=https%3A//www.buhoblik.org.ua&dtd=191

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 18:28:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 18:28:34 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/ Frame DBF9 18 KB
7 KB 149ms
46ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221130/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=22194997&pi=t.ma~as.9722638899&w=336&lmt=1670465131&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132355&bpp=1&bdt=921&idt=188&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=2545&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=lRCc0gwZf3&p=https%3A//www.buhoblik.org.ua&dtd=191

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f066f881ead135cd4ee88cf0c80ddb796f8841fc536a7950d4f7102e0502be2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 18:38:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26834
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7443
x-xss-protection: 0
server: cafe
etag: 629801499763588852
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 18:38:19 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DBF9 153 KB
47 KB 108ms
107ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=22194997&pi=t.ma~as.9722638899&w=336&lmt=1670465131&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132355&bpp=1&bdt=921&idt=188&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=2545&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=lRCc0gwZf3&p=https%3A//www.buhoblik.org.ua&dtd=191

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 02:05:33 GMT

GET
H3 200 83de75e735dabeddf4e705de6f0a2f41.js Show response
www.gstatic.com/mysidia/ Frame DBF9 34 KB
14 KB 148ms
46ms Script
text/javascript 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/83de75e735dabeddf4e705de6f0a2f41.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=22194997&pi=t.ma~as.9722638899&w=336&lmt=1670465131&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132355&bpp=1&bdt=921&idt=188&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=2545&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=lRCc0gwZf3&p=https%3A//www.buhoblik.org.ua&dtd=191

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9c1e1da0c197ca101c6fd5ae899d10951dd43316c4ed6b3c9bd38877e79023a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 14:56:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 385764
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14157
x-xss-protection: 0
last-modified: Wed, 30 Nov 2022 21:37:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 03 Mar 2023 14:56:09 GMT

GET
H3 200 5036852710994619845
tpc.googlesyndication.com/daca_images/simgad/ Frame DBF9 26 KB
26 KB 420ms
321ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/5036852710994619845?w=600&h=500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=22194997&pi=t.ma~as.9722638899&w=336&lmt=1670465131&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132355&bpp=1&bdt=921&idt=188&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=2545&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=lRCc0gwZf3&p=https%3A//www.buhoblik.org.ua&dtd=191

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8e3712c59449f3327913b216764929c02e1b0ac24b7e373a6ef65b4a8fb4587

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26140
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 23:41:17 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Dec 2022 02:05:33 GMT

GET
DATA 200
OK truncated
/ Frame B034 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 300f0e5cd7e6a55318ef4b6d6a8653cb359cf1fe6dec6876bbe78804b898eb72

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0C1A 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 723619cee11ee97c391375fef6a9671de7bf34137d8e62916fcdbd0275ec791b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 204
No Content ev_prebid.aspx
inv-nets.admixer.net/ 0
220 B 44ms
44ms Image
text/plain 146.0.227.109
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/ev_prebid.aspx?cc=GB%2FENG%2FMAN%2F2643123&am-uid=b3a9bf0a131e4c9aa854215b98819b82&zone=DAB6BE62-B1E7-4D05-A12C-0A70B3291504&device=28&rule=A115463E-E95D-4D45-91E3-2BE636EF4375&requestId=a30b860b-17e6-41e0-93da-882e3667d749&hp=-967666016&page=www.buhoblik.org.ua%2F&segments=2%2C4%2C494&ts=638060619329148527&ap=MA%3D%3D&asign=1377317567&sync=3%2C88&bt=3&carr=M247+Europe+SRL&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=1A4D80BD-B81F-427C-A6F6-12DD363AA495&inst=ADS-EU-6&pxl=0&pvid=ab0639c3-c52d-481f-a343-c691d1d6bce2&ip=217.138.196.102&item=2C5EF17D-B996-4A90-AEDF-0FF46DF1CE39&crid=2C5EF17D-B996-4A90-AEDF-0FF46DF1CE39&size=350x240&profile=A0E4EF3E-1F40-4319-A1CF-B36A82B3ABD5&isopt=0&adv=N%2FA&dsp=Admixer+Display&dstUrl=&cet=18&sw=[e=screen.width]&sh=[e=screen.height]

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 08 Dec 2022 02:05:33 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 8C04 2 KB
1 KB 41ms
40ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y5FGbAAJ2l8K4B8CAAod75rXGBbq5t7jEzfKxQ&u=%7CLv%2BQuYqN6D%2F2uKOY1DU9YAjIumcvso4unzscXrdO4lg%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wcJhpi7n2jKPB1hyEACoAjE-8f2HR4mVFxrMk6shk5U2KjUpEOpWu5vTzq7jXwfmCmo5OoW3WxIBvmuHFfjn16dXOYTcuxXlPbBruoPl5qVCUpPHJpmOfPne7NdX2rFuZCA-MMFQ2xT71BdHxDMnlY8HU88LPoIJ6SPgjaPakKKxHv6xYEb4ZMfaAcKs-SvzdaXXUXCiYQRLduIY5El_6LRktxYh1Slscg96MkEyuZT56ga7QOVZQLscNJaQt6zZfoplH4D5pYFX2A8Ubp8xcpCoHP_gxW2fOe1Zo1fzpi19J-ob7AE1gSTgB611tvWW72PgD-792TxqyaXrH2KDkEl54psaLsT-wiZkIlQMUJG7D-S3tuAvpWdC264PeGhtt9cMgdaT1nsrZH-ygGchP6dk5hEG_R7im0n2F4cYPYDaFDnV6Qek_71rK1CRqRNMARTjISaodl6UtiEEd1uwDzzFcwqvKj5unoViKy-CoGAgsXQGGnrlPkTyDhvNctjpmL16AoLgfFoyfN_knPS0J0qYVmmVqY9i230oQuGdPgHTI5XaM3n-QLz6P3ux6P-3bibcLe3gm_0qQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLyhMbEaRY9-0J4K-gAfvu6jYDeSP0rFcj4roiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAs8fwxXXe7Q-qAMBqgTpAU_Q5iZMG0nUitEwX6AezakGEZKVU0zQTjyoSf_llnQPF-43MQt6ScEKI9WGgMjQ8W598hTo8qq7CyISbtrVbZsHHjI8Ajc01w4d1ZFSxuHoyykkTAYWmyeUWPj9bmBHMGaaylButmtCtmwn5cQAB6AgnX591FyzcNLuHFOQa2rGQ_a8gJt9ABusBNX5hY0jgfCXYD5uyPd3qEzoQROlsgSG2LQMXleRxmtefdWGGLpzKdOTZIFyje-NXDA96aiMZIPHxrn7Ik7d2RibmH6VgcYkOOPUD-5jtEptsNOeR7jiqUnJIulU0TIdgAbE4ZmlxOC6xhugBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2a3drh4eC4Sl3FOyupwmLdywQbfg%26client%3Dca-pub-5630956766216465%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame 8C04 2 KB
1 KB 41ms
41ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 8C04 308 B
636 B 45ms
44ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 8C04 293 B
621 B 41ms
40ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 8C04 43 B
348 B 142ms
42ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=BbIO3-lauwXZjdw7TG1Qb2l4OrtkGQAObKR5ipgwSr3x6qZ6qLADbw1C27TYTsTyzLZ8zW74Bn0h1nLmVJ4XOgbpVqbW5-1L4EeLCFMbxb-gTpHWWq1gUgAz5jLRO5mp5FfBN233J1wm0ePJeGLBNn4c5cc2imwEBR_mG52QAMHhBFGLuTOB12o8Ql53bH60dlwGfoQj5EoOQn1dA43WrsGjYIaPzK5OcVkH0a8cCS1u7TzIDx70F1hIbDq-Dl3LnzJmAm5mn70-yuAOcJA638LD9GCtETznEr5ElRqxVryQiUuVyd8J7RC7wAqDApAqybXmznvvPVk6h8D8FJUyzZ_dRreMfLm28_B9_GarUts0azkYQenLvj1YRhyYe440kY7x_h5INRBpTfI8GaBkYMfXUxwUz8cMD8oNBq-2ZJqN2pCrHxi9yk_dw7snVkBb295IkA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 02:05:32 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3439074
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

/
cs.mytheresa.com/mix/v3/ Frame 8C04
Redirect Chain

https://cs.mytheresa.com/mix/v3/?tcs=3504&rand=6391466c2d8f47199cb1869db110b4b3&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1&
https://mix-phoenix.commander1.com/mix/v3/?TC_CHECK_COOKIES_SUPPORT=1&tc_first=cs.mytheresa.com&tcs=3504&rand=6391466c2d8f47199cb1869db110b4b3&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp...
https://cs.mytheresa.com/mix/v3/?tc_id=202212080305339589337465&tcs=3504&rand=6391466c2d8f47199cb1869db110b4b3&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1&

43 B
990 B

44ms
44ms

Image
image/gif

35.181.77.138
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.mytheresa.com/mix/v3/?tc_id=202212080305339589337465&tcs=3504&rand=6391466c2d8f47199cb1869db110b4b3&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1&
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y5FGbAAJ2l8K4B8CAAod75rXGBbq5t7jEzfKxQ&u=%7CLv%2BQuYqN6D%2F2uKOY1DU9YAjIumcvso4unzscXrdO4lg%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wcJhpi7n2jKPB1hyEACoAjE-8f2HR4mVFxrMk6shk5U2KjUpEOpWu5vTzq7jXwfmCmo5OoW3WxIBvmuHFfjn16dXOYTcuxXlPbBruoPl5qVCUpPHJpmOfPne7NdX2rFuZCA-MMFQ2xT71BdHxDMnlY8HU88LPoIJ6SPgjaPakKKxHv6xYEb4ZMfaAcKs-SvzdaXXUXCiYQRLduIY5El_6LRktxYh1Slscg96MkEyuZT56ga7QOVZQLscNJaQt6zZfoplH4D5pYFX2A8Ubp8xcpCoHP_gxW2fOe1Zo1fzpi19J-ob7AE1gSTgB611tvWW72PgD-792TxqyaXrH2KDkEl54psaLsT-wiZkIlQMUJG7D-S3tuAvpWdC264PeGhtt9cMgdaT1nsrZH-ygGchP6dk5hEG_R7im0n2F4cYPYDaFDnV6Qek_71rK1CRqRNMARTjISaodl6UtiEEd1uwDzzFcwqvKj5unoViKy-CoGAgsXQGGnrlPkTyDhvNctjpmL16AoLgfFoyfN_knPS0J0qYVmmVqY9i230oQuGdPgHTI5XaM3n-QLz6P3ux6P-3bibcLe3gm_0qQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLyhMbEaRY9-0J4K-gAfvu6jYDeSP0rFcj4roiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAs8fwxXXe7Q-qAMBqgTpAU_Q5iZMG0nUitEwX6AezakGEZKVU0zQTjyoSf_llnQPF-43MQt6ScEKI9WGgMjQ8W598hTo8qq7CyISbtrVbZsHHjI8Ajc01w4d1ZFSxuHoyykkTAYWmyeUWPj9bmBHMGaaylButmtCtmwn5cQAB6AgnX591FyzcNLuHFOQa2rGQ_a8gJt9ABusBNX5hY0jgfCXYD5uyPd3qEzoQROlsgSG2LQMXleRxmtefdWGGLpzKdOTZIFyje-NXDA96aiMZIPHxrn7Ik7d2RibmH6VgcYkOOPUD-5jtEptsNOeR7jiqUnJIulU0TIdgAbE4ZmlxOC6xhugBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2a3drh4eC4Sl3FOyupwmLdywQbfg%26client%3Dca-pub-5630956766216465%26adurl%3D
Protocol: HTTP/1.1
Server: 35.181.77.138 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-181-77-138.eu-west-3.compute.amazonaws.com
Software: web /
Resource Hash: 546c5cf136073615afda5cab173feff341171a26a848cf7ce09bb8bd8b07ce89

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: private
Date: Thu, 08 Dec 2022 02:05:33 GMT
Content-Encoding: gzip
Server: web
Transfer-Encoding: chunked
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=486000, pre-check=486000
Expires: Wed, 08 Mar 23 03:05:33 +0100

Redirect headers

Pragma: private
Date: Thu, 08 Dec 2022 02:05:33 GMT
Server: web
Transfer-Encoding: chunked
Content-Type: text/html
location: https://cs.mytheresa.com/mix/v3/?tc_id=202212080305339589337465&tcs=3504&rand=6391466c2d8f47199cb1869db110b4b3&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1&
Access-Control-Allow-Origin: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Cache-Control: private, max-age=486000, pre-check=486000
Expires: Wed, 08 Mar 23 03:05:33 +0100

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame FBDD 2 KB
1 KB 39ms
39ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y5FGbAAJ5-YK3qJBAAZxB1hJIdTHcKxMVpH35w&u=%7CLv%2BQuYqN6D%2BdsW7wbd1znp3GLOchbwwsGracGQtL%2BfI%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wcJhpi7n2jKPB1hyEACoAjE-8f2HR4mVFxrMk6shk5U2CbRoUuH0lsEK1yC4GROW7ZtAV-kkvIa-UMc1mOyLSvFoyn_QgmlEi0fxY6lFioi94wRwjg_5s8P5uDSK8w7SgO-R6SgvLmdfHzbaw5CS6U6qrZkukgV98RLNvX5o9OOVHHxoFBDpuK8IIVFCIkgpEW_5Ktm8DjePHnXl5R5vxg680DzKkajCVwhpw03ywL09zfd5nv44ZjJq9m9d5VZRAlPLGsEOJVAokai94clQhn1Ma2weQSoUGloADPEnvf9VhxfzZu3b3rwsB9dkgbGYaN4kB5m6mW8LeI-gOZ82EG_ZUbL0rzMr2-4h5HCULI1TivbPowgk2OaMMlEWGgPqjQRDsogIqsnRKNGJCEZPIUOwceejBkElHfm6J26txndBZazs1WF65RjEPPzACsjRvfDsoGnxodkiheYVM2mTtS4N2qBaMg8zhapS6Hv0ls-pAA7ZIFg-xiP7LQTc76Cid0iNd14THGw0-0HH54BD8bEzDy6npYBezPJ9CcAq29UdibRrjdX_PqdR0A5qMuVEcL7qnbMBo6poA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyyJHbEaRY-bPJ8HE-gaH4pnIBOSP0rFc_9DZkYgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAvl_n_D1eLQ-qAMBqgTjAU_Qy_t6z5k_resPJ96NIamsL77FP9QnU34gT2SonGBKiL2yntdJaQfVCTX5RtT1TOOUjImiDA-7DiDMtQlDKAexSn3tSJauAYJAqPca2Y1y6R9ijEE4X77b03WSDWnLdVzqqyuRUXIU824dW-SIHYlYwCNxFlGDekZDFvRTmDiuq0Gho5q0CTIKouiIn0Wo1e9lga_Bwk9jbkE66t0BC4GVW7_Ry5Wv8HbWCkPZXhPspqa_HoobvweQdWu7Hsn9t3XDOmmqTnpI7EFuww4rBDATE0EsxgZvj81fnwvTGUJ9CsdOgAbE4ZmlxOC6xhugBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_02BicXKKfrmHDAyLlR_DV5IoAnpw%26client%3Dca-pub-5630956766216465%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame FBDD 2 KB
1 KB 43ms
41ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame FBDD 308 B
636 B 40ms
39ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame FBDD 293 B
621 B 40ms
40ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame FBDD 43 B
347 B 67ms
43ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=Fk9nuOlauwXZjdw7TG1Qb2l4Oru_1OK0Dg7QdIUROJNRq2kWUOu3BnztEriBTNGCc7OdZA-Xvx7Vr0nau7yjCy-ggw-K3uvEGNbHR4Te6Ak-e0msee5iShid-wKVIegg0kiNB4eyL0kx1jLWiKd_FdqwyNo2AVg2VSCHaZAhfdnfQbuUpbtlPw0UrVYdGvBC-czoJVgRD3_kqc_NX3L93-5fywoRR8WvQWiXc5JJGFbEVDk_WhczI8Hy-VK_qRgrlitfWiyFmP-n6L9zQpPl21eFty5o1jxxHFtxkvc8luZSyXs2MwRUk17BKOLAvJ8-BZFgX4YPRRiy2gsnsLKBGn9hG6GnuxnxRhgHP52R7EHRiJpVpO5ZnCw7r_o8id4ajqaExQA0i0zOkVrHzyCR-WYG6pVo5y_29oTS_V8A1MkP3tTRyHnLMwb-Ihu6vVMCkVoYwg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3948490
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

/
cs.mytheresa.com/mix/v3/ Frame FBDD
Redirect Chain

https://cs.mytheresa.com/mix/v3/?tcs=3504&rand=6391466cad762a189a2b84c14375f2fa&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1&
https://mix-phoenix.commander1.com/mix/v3/?TC_CHECK_COOKIES_SUPPORT=1&tc_first=cs.mytheresa.com&tcs=3504&rand=6391466cad762a189a2b84c14375f2fa&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp...
https://cs.mytheresa.com/mix/v3/?tc_id=202212080305335379793106&tcs=3504&rand=6391466cad762a189a2b84c14375f2fa&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1&

43 B
990 B

45ms
45ms

Image
image/gif

35.181.77.138
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.mytheresa.com/mix/v3/?tc_id=202212080305335379793106&tcs=3504&rand=6391466cad762a189a2b84c14375f2fa&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1&
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y5FGbAAJ5-YK3qJBAAZxB1hJIdTHcKxMVpH35w&u=%7CLv%2BQuYqN6D%2BdsW7wbd1znp3GLOchbwwsGracGQtL%2BfI%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wcJhpi7n2jKPB1hyEACoAjE-8f2HR4mVFxrMk6shk5U2CbRoUuH0lsEK1yC4GROW7ZtAV-kkvIa-UMc1mOyLSvFoyn_QgmlEi0fxY6lFioi94wRwjg_5s8P5uDSK8w7SgO-R6SgvLmdfHzbaw5CS6U6qrZkukgV98RLNvX5o9OOVHHxoFBDpuK8IIVFCIkgpEW_5Ktm8DjePHnXl5R5vxg680DzKkajCVwhpw03ywL09zfd5nv44ZjJq9m9d5VZRAlPLGsEOJVAokai94clQhn1Ma2weQSoUGloADPEnvf9VhxfzZu3b3rwsB9dkgbGYaN4kB5m6mW8LeI-gOZ82EG_ZUbL0rzMr2-4h5HCULI1TivbPowgk2OaMMlEWGgPqjQRDsogIqsnRKNGJCEZPIUOwceejBkElHfm6J26txndBZazs1WF65RjEPPzACsjRvfDsoGnxodkiheYVM2mTtS4N2qBaMg8zhapS6Hv0ls-pAA7ZIFg-xiP7LQTc76Cid0iNd14THGw0-0HH54BD8bEzDy6npYBezPJ9CcAq29UdibRrjdX_PqdR0A5qMuVEcL7qnbMBo6poA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyyJHbEaRY-bPJ8HE-gaH4pnIBOSP0rFc_9DZkYgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTU2MzA5NTY3NjYyMTY0NjXIAQmpAvl_n_D1eLQ-qAMBqgTjAU_Qy_t6z5k_resPJ96NIamsL77FP9QnU34gT2SonGBKiL2yntdJaQfVCTX5RtT1TOOUjImiDA-7DiDMtQlDKAexSn3tSJauAYJAqPca2Y1y6R9ijEE4X77b03WSDWnLdVzqqyuRUXIU824dW-SIHYlYwCNxFlGDekZDFvRTmDiuq0Gho5q0CTIKouiIn0Wo1e9lga_Bwk9jbkE66t0BC4GVW7_Ry5Wv8HbWCkPZXhPspqa_HoobvweQdWu7Hsn9t3XDOmmqTnpI7EFuww4rBDATE0EsxgZvj81fnwvTGUJ9CsdOgAbE4ZmlxOC6xhugBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_02BicXKKfrmHDAyLlR_DV5IoAnpw%26client%3Dca-pub-5630956766216465%26adurl%3D
Protocol: HTTP/1.1
Server: 35.181.77.138 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-181-77-138.eu-west-3.compute.amazonaws.com
Software: web /
Resource Hash: 546c5cf136073615afda5cab173feff341171a26a848cf7ce09bb8bd8b07ce89

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: private
Date: Thu, 08 Dec 2022 02:05:33 GMT
Content-Encoding: gzip
Server: web
Transfer-Encoding: chunked
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=486000, pre-check=486000
Expires: Wed, 08 Mar 23 03:05:33 +0100

Redirect headers

Pragma: private
Date: Thu, 08 Dec 2022 02:05:33 GMT
Server: web
Transfer-Encoding: chunked
Content-Type: text/html
location: https://cs.mytheresa.com/mix/v3/?tc_id=202212080305335379793106&tcs=3504&rand=6391466cad762a189a2b84c14375f2fa&chn=display_pro&src=criteo&cmp=criteo_gb&tarea=gb&ptyp=dynamic&gdpr=1&
Access-Control-Allow-Origin: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Cache-Control: private, max-age=486000, pre-check=486000
Expires: Wed, 08 Mar 23 03:05:33 +0100

GET
H2 200 E280BC.png
telegram.org/img/emoji/40/ Frame 956F 1 KB
1 KB 48ms
48ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E280BC.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 4a003dc58f3e95a18e44712b9161181319e6a40613242cbcac158f6dc8d7339d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-4a6"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1190
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
DATA 200
OK truncated
/ Frame 956F 683 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9f40990683165a6c0b9eabab4ffbb1b6a2fb9617b2fe3101ee64299245dfe743

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 E29C85.png
telegram.org/img/emoji/40/ Frame 956F 2 KB
2 KB 48ms
47ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E29C85.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: d097bda59092b06b5bb3051bbef1791e8a7fc533a5aa62e40e898b3ec9308249

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-666"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1638
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H2 200 F09F92BB.png
telegram.org/img/emoji/40/ Frame 956F 2 KB
2 KB 48ms
48ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F92BB.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 26345a9625172670562d7ab2395db6bd15311e0f6cf5e66f2b4478bd994a7f6d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-71b"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1819
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H3 200 mhygDI9324WjZp2xIh1LF2eZh9LlxUselYbCjCmRJZJz0RCTne_p9ju-sKnzvx78WCh7lduLQa0F08F2yGrpeDg1FOSmliN0SuCnA59bHSVSr2wdgyP80BbQUL4x-uJXbK-aJlj93LpA_TOg7fWyOJkAlLQaGD5Xee0iUfujT5U3dOUyggtkX8UPTQ_9ceTg8WquI...
cdn4.telegram-cdn.org/file/ Frame 956F 111 KB
111 KB 136ms
69ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/mhygDI9324WjZp2xIh1LF2eZh9LlxUselYbCjCmRJZJz0RCTne_p9ju-sKnzvx78WCh7lduLQa0F08F2yGrpeDg1FOSmliN0SuCnA59bHSVSr2wdgyP80BbQUL4x-uJXbK-aJlj93LpA_TOg7fWyOJkAlLQaGD5Xee0iUfujT5U3dOUyggtkX8UPTQ_9ceTg8WquIzbPBcBdNsXnlaKwVRzjDabyA4wI2734hUXSkCa8TlBazijBqJIH1EAJc4MNFChF0P6THlFUYKoJkeMqIVx99rs2jQk5A5YRCGUIUQe-MrDrLhmiIspj51tRSfEbvnU05a6yZNLQ0e37bEWD8A.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

3ab6bdc45b9e7ecded30d4f1c7b2215e990f446f331d3b646dffd6bb2c081c1c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 114107
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "776bbe9870fa58d9602df6d056a2227030b36098"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 E28FB0.png
telegram.org/img/emoji/40/ Frame 956F 4 KB
4 KB 48ms
47ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E28FB0.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 32ae77196cf412d763b87b2aa85b038f536201a0df7164ed74581402b4733511

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-10e4"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 4324
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H3 200 pMWp1UDil23P19uH0awEzXTp3fQq1tKzmdtCKXNWo7IfYUdFZ4k-nS7dXJ2Yvll6q8nyPhnLqGfYGfJa4DCRHqPYOSnFGdvlBjaU5CFWPMokRcE8BytrNp6v_wGPnBPK_GF86kmrXDlYWGFc4VyHG281XynyllPu-utWMkVIvQ09NDKffYTNshPUeMPkW0GqMh564...
cdn4.telegram-cdn.org/file/ Frame 956F 74 KB
74 KB 192ms
126ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/pMWp1UDil23P19uH0awEzXTp3fQq1tKzmdtCKXNWo7IfYUdFZ4k-nS7dXJ2Yvll6q8nyPhnLqGfYGfJa4DCRHqPYOSnFGdvlBjaU5CFWPMokRcE8BytrNp6v_wGPnBPK_GF86kmrXDlYWGFc4VyHG281XynyllPu-utWMkVIvQ09NDKffYTNshPUeMPkW0GqMh564ywGMl2DeELnMS52a0A5NDCoZKelVqCT8nUnvXV9k2bZlvJ4Xq005nOKsd9t22tQxvwUwYgK150fnenVhpTrV-aVt4SewCjoTwPul6a85v4NMS5-Ay0VnZfEgpT9GIZQQfEQzTVtMhajHotNRA.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

1d08840a75c155fca6642bcc3d7ecc34497f6e0d19d030b1f2e0e249c753cfa3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75518
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "b6ef20de73f0107d5f6e8727b2951a9fcf7b3174"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H3 200 TQlW2kefVcovx2y7VpQU9hU3UGSMrDCMYDOFkgjj8rs4PPaWfOTvp3azE2199ZqWVJhKocRFRCHW90HdqvfevsvTEJssDIcy5setxnKbirvSBmtmWrtDiXq8rbSL2R3x95nhf_syjaRi9UVGx6F9ZQObnn2rgwIj9XT_rq1xTZ78R87Id_6PSemUd2MqaWgX1ppMY...
cdn4.telegram-cdn.org/file/ Frame 956F 59 KB
59 KB 198ms
132ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/TQlW2kefVcovx2y7VpQU9hU3UGSMrDCMYDOFkgjj8rs4PPaWfOTvp3azE2199ZqWVJhKocRFRCHW90HdqvfevsvTEJssDIcy5setxnKbirvSBmtmWrtDiXq8rbSL2R3x95nhf_syjaRi9UVGx6F9ZQObnn2rgwIj9XT_rq1xTZ78R87Id_6PSemUd2MqaWgX1ppMYSPyqfOoR9gn_0iKIdqFrgcCLdquLPaz1tEwkwMwsPnLOvSBPPG2YRW6eqQ1Yn2Uyv5WEB6J5cHzHBUPlaW4iVQ_QFCkt075_P5OeFDBcfJG_kOtcGT-aK2FMvnVOQKbY18V-bhKwQoUPZ2upw.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

536dab3f6cefa51f81e172ead35c79e2de704da110f4ee6e8286c3fa782467f2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60176
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "d8a30d193d651c7f503ab8ed688505e5c21a7241"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 E296B6.png
telegram.org/img/emoji/40/ Frame 956F 2 KB
2 KB 48ms
48ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E296B6.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: cf834601aa3e59f6a61453790dc88447b3d3910cc297be5f7891c41cc0ca21e9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-67a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1658
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H3 200 S5_Atixu04Q_Jg9Rcq7K-_T0ZiN4EMy-q0X73twYb5e5IHXnAf_DoCGUbIbGebjKPZ9KJXVariQ9-CbfgHPTZT6Y4sSRrnCFYsBxVn2pmHy9OP5N-Su7OP8HUrLxC6950107kRkiSAop845acp9m8gSCYM1Fwf90zmFa_luMCz9rmZnCsUGU53MJWA-UVtB_UfKtL...
cdn4.telegram-cdn.org/file/ Frame 956F 139 KB
139 KB 201ms
136ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/S5_Atixu04Q_Jg9Rcq7K-_T0ZiN4EMy-q0X73twYb5e5IHXnAf_DoCGUbIbGebjKPZ9KJXVariQ9-CbfgHPTZT6Y4sSRrnCFYsBxVn2pmHy9OP5N-Su7OP8HUrLxC6950107kRkiSAop845acp9m8gSCYM1Fwf90zmFa_luMCz9rmZnCsUGU53MJWA-UVtB_UfKtLEwJdt4mTzV1AJeI_F9vfv0dHvoyw5as4s_lqDzS46g3rjWnIq6AoV2Cp2bGw1G3Hk4-2OGuEJTvk81CQYTXE1W1ZdW_KdBtwHT_ICn70M30Zd6N6358X-tJCQ2VJeVusQvJZWeAoxtPcGl5sQ.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

8f134d02dbaaa69fde869549843924df75159df9a772686e86d6621235df5f61

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 142102
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "f105f66d4250bb4dc1e574dc506c118227fa18ae"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H3 200 hMH_LOAJKxuv650w_oNIRq_cX9xQbmRZcbJ-QpiuoQKRymHmIFJOqMYtlVwdeHB37lNrGKsyQx3x20dZqYmWf9wOLWkrbc1pw-xBesIWVAQ02mqiPJncA-w8GCsoAGiuseAYP2hXXGJrMx_Y8NViuFXe3BMmja6qsQTkSLw9jecAtxq9fL6EY1wfz8HgJxwjEGxqA...
cdn4.telegram-cdn.org/file/ Frame 956F 127 KB
127 KB 146ms
82ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/hMH_LOAJKxuv650w_oNIRq_cX9xQbmRZcbJ-QpiuoQKRymHmIFJOqMYtlVwdeHB37lNrGKsyQx3x20dZqYmWf9wOLWkrbc1pw-xBesIWVAQ02mqiPJncA-w8GCsoAGiuseAYP2hXXGJrMx_Y8NViuFXe3BMmja6qsQTkSLw9jecAtxq9fL6EY1wfz8HgJxwjEGxqAreo_4YFwGmyU7I2ooGiPZ4KQWQOnu1LZn-I2azwouTFqB6nmOSc57ergW1xn1GpTSKltbbaEKzdTk-I9zMHvwwMlN3BzDu433K8mqATt2LNywjZNcOkCEMbuUK-aEge13yUJHozk0OENDB2HQ.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

270da210042927d64ae9d90ac346efb9251673a97dca3bce20cb86bac11fe8de

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 130295
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "eb966f90854da668ec7d873dbcfebae49abbc00a"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H3 200 uJfUk9Kd0uM_7pKJWnvdzQfjagDkE8pcqwIS9IoJCfSB0xme1lmHHpXtXZUW6IrhTD28wCgpfRHuXF7PasSBBjL4ljxgEx9SMZssQcyadW-0gHxTamENKW_BXaAzMfyf2qDGA-w9UVbBz6mDISn0HdyR5w8FGydHhRJKsZX6dAcC_MWz6MSSsyMYwMuoOLBZLD0sX...
cdn4.telegram-cdn.org/file/ Frame 956F 117 KB
117 KB 186ms
122ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/uJfUk9Kd0uM_7pKJWnvdzQfjagDkE8pcqwIS9IoJCfSB0xme1lmHHpXtXZUW6IrhTD28wCgpfRHuXF7PasSBBjL4ljxgEx9SMZssQcyadW-0gHxTamENKW_BXaAzMfyf2qDGA-w9UVbBz6mDISn0HdyR5w8FGydHhRJKsZX6dAcC_MWz6MSSsyMYwMuoOLBZLD0sX9zxjssxYTpG1Kf5r2xKSpqP2sJ045rA38fP_SlFzH8MQxw50JNaQXdr6eBaUxI5Fh-GDv-Ektmn8nA2sVjpeOJr77-mLQ-F2Q9j-kRCRV5Tr5qYT2THKvPk0_rFVmqJWcAMBLdNmtl1y9Xkng.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

fea9410090e77370f2d0d4d67902794536bada2b9db8bb8b5fa859c65d2c4e2c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119403
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "b2c5e2ed09060f068c53e8e78bdc33b5372bfcea"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H3 200 XGLS3D--0Nh5Rf-tJNksrQTWRa7LwOzqg7qSD5RI4FR_iJ8u9Vzrr2Wug9RCLjp6pAjnUXZWGidXpFS3cEpWAStnXruJBXjhCASFJOffbIWYDqXyisf8KE-EkB8EDsL6gsKi-lYdG6RILu-yolq5EK4y7-cyX-uLZB-_VahFAaaxj_rNKJuNb062JmMlncks0K6Fn...
cdn4.telegram-cdn.org/file/ Frame 956F 70 KB
70 KB 170ms
106ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/XGLS3D--0Nh5Rf-tJNksrQTWRa7LwOzqg7qSD5RI4FR_iJ8u9Vzrr2Wug9RCLjp6pAjnUXZWGidXpFS3cEpWAStnXruJBXjhCASFJOffbIWYDqXyisf8KE-EkB8EDsL6gsKi-lYdG6RILu-yolq5EK4y7-cyX-uLZB-_VahFAaaxj_rNKJuNb062JmMlncks0K6Fnf96UcNavRJWYhTDSj6UuJ58lgOM-XpprbzD9re2JAzuNI8t5F-UoQqe7aMknuBl9qeM7ANcldOxLHgf2WezOYAUpHL4hwfIMwjRhVsGbo5BmbvpLIj5DerUt60L2ZUi-vKxK8PdD3xL3f_ggw.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

2c9a2879929c9fdef7095f7a7e50abcce73f7479a9739e30be86f9cc5bb5de64

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71509
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "b9d3b03c9231bff915b4666eaf0f54c17253fbfd"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 F09F96A5.png
telegram.org/img/emoji/40/ Frame 956F 1 KB
2 KB 47ms
47ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F96A5.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 25acfe84806b66b7cd6fa3c4f94183e78a32025415c2bd01d3dfb16340ab2e47

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-595"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1429
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H2 200 F09F968C.png
telegram.org/img/emoji/40/ Frame 956F 2 KB
2 KB 48ms
48ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F968C.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: b87673d5f4085602ca52a2a9f1e923a436cfd682dce3050cf78fb11630e8f682

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-82a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 2090
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H3 200 Erzz3n6RwnSJg3_4w8Evyp91DQV68o-jbcdfGlYbkJ6oRXEQZUf08eqUkOQYPXHX-XPRW6su05ra97RrcrTOixAPdHx2TlySILOLbXa51MLZsoP4VYIHPp74ziJE5rC6xrqh07iwxkje-HpiQU90fYlnNNEoPsbzZMv9MV9mF17E8dUMSSClVD_Q6j3uItJkE_8jO...
cdn4.telegram-cdn.org/file/ Frame 956F 87 KB
87 KB 120ms
58ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/Erzz3n6RwnSJg3_4w8Evyp91DQV68o-jbcdfGlYbkJ6oRXEQZUf08eqUkOQYPXHX-XPRW6su05ra97RrcrTOixAPdHx2TlySILOLbXa51MLZsoP4VYIHPp74ziJE5rC6xrqh07iwxkje-HpiQU90fYlnNNEoPsbzZMv9MV9mF17E8dUMSSClVD_Q6j3uItJkE_8jOVMY5hCyCzL-bXZcRKr7b_TLSu7XWPLmzND-tZ75wbDA2wPs9-mLGFxUQVZncpD9oiRDCUq7OzGAXxxMP9gACOHyxPpF6TQuwcVhfCd8APGyNlA5k6hD561fqC-BkhqInXGEsp5CnWzF1kMOHw.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

e59d8c09b277f6914f2ff5b4f28a68e60f162530bb5eb6025763955f132fb93b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 88601
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "249c1ae250527f7a6a09d1f245d846d9b7992832"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H3 200 C0Hn5QXkhmtIzCsuQN_gTFmx7XKDFMpPd0Y8PnEDsXQHrfQQ1jgZt4thsOjhEPnqL7XCSACtJkdx01yowZe2sUke-p8Q0m-tUkrx8vIEjO7R3ONV15GJrAEgv6Adg3J_IOOQoGrzJUaIDwHQlHW_3vZ3koGOhlmcLGkzhMCaHIldNUEz73F2AOw7hwOqhNtIswHXj...
cdn4.telegram-cdn.org/file/ Frame 956F 119 KB
119 KB 155ms
93ms Image
image/jpeg 34.111.35.152
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/C0Hn5QXkhmtIzCsuQN_gTFmx7XKDFMpPd0Y8PnEDsXQHrfQQ1jgZt4thsOjhEPnqL7XCSACtJkdx01yowZe2sUke-p8Q0m-tUkrx8vIEjO7R3ONV15GJrAEgv6Adg3J_IOOQoGrzJUaIDwHQlHW_3vZ3koGOhlmcLGkzhMCaHIldNUEz73F2AOw7hwOqhNtIswHXj-jW-TcVWtpMFum7htbzutx0D8pNjRKT_A6cpLzctn23CGqRwAbAMb6AHzXk8obX8NA0Xs6fEL4RJtC2iSOfBSpqZ8Dsmxoh8idyU175eEgIoY0wPCzq-4PnauFZY0d5owhxd5VZsLRkAfuL1g.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

358441f0368d05be0aa1f32c6a77c5cbb461b95a63052186bc9afe6d5efdfea5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-security-policy: default-src 'none'; sandbox
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121889
x-xss-protection: 1; mode=block
server: nginx/1.18.0
etag: "37d14c3441df3ec1d3ff4a2982f3f4e3ec7a045c"
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2
telegram.org/fonts/Roboto/ Frame 956F 6 KB
7 KB 48ms
47ms Font
application/octet-stream 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL: https://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2
Requested by: Host: telegram.org
URL: https://telegram.org/css/font-roboto.css?1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 41b5c3b25f4258190937deb900fa57a6db6d450ce7dd2af2259af760119a1c41

Request headers

Referer: https://telegram.org/css/font-roboto.css?1
Origin: https://xn--r1a.website
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
server: nginx/1.18.0
etag: "63512b7d-193c"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 6460
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H2 200 pattern.svg
telegram.org/img/tgme/ Frame 956F 225 KB
81 KB 50ms
49ms Image
image/svg+xml 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/tgme/pattern.svg
Requested by: Host: telegram.org
URL: https://telegram.org/css/telegram-web.css?36
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: daa086b24cbd2610eb3261446100ff513a4526c5b2bce41e758629f5cd8a6a20

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://telegram.org/css/telegram-web.css?36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
last-modified: Thu, 03 Mar 2022 09:45:08 GMT
server: nginx/1.18.0
etag: W/"62208e24-385d7"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=345600
expires: Mon, 12 Dec 2022 02:05:33 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 8C04 12 KB
5 KB 109ms
39ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 478397
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0c1C7%2FjbVQIrlmlf2S%2B31O4bTCXGD%2BjUUnwLmdT%2BzexVJphuex9BOBL4BwBi41fSs8Aazf8oQb%2B8Fny%2BmgGiuAjh4798418h%2FuOxEZtMFhPjpCBgiutRzAY%2FTKM5k6Moipag2MrjxE%2BzNtnDfJ5%2BSamc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7761efcb9be0dc93-LHR
expires: Tue, 28 Nov 2023 02:05:33 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 8C04 12 KB
6 KB 42ms
42ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 a13f5a089b9f4fa68a01887fffacd2e9_futurastdbook.woff
static.criteo.net/design/dt/ Frame 8C04 16 KB
16 KB 150ms
74ms Font
application/octet-stream 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/a13f5a089b9f4fa68a01887fffacd2e9_futurastdbook.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f9854564eea51b88c56b7da87ae2606311a8bc5b5f4fe6c07536ffc6d59873ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Jun 2018 14:45:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5b34f4a7-3fb8"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8C04 2 KB
2 KB 157ms
80ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=556&m=0&partner=14984&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F35146%2F190426%2F40f3df68d2e84269b53096a8b46958ea_logo_n_vertical.jpg&v=3&w=372&s=K8sz23CtCNFCL6j-LmORBELS

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

014a8eb9938fdc70da9e485eaf779cac811d4bc9fcd8f9c4d22da6a03334c1fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30170667
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2214
expires: Wed, 22 Nov 2023 06:50:00 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8C04 12 KB
12 KB 115ms
38ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?cq=256&h=800&m=0&partner=14984&q=80&r=0&u=https%3A%2F%2Fimg.mytheresa.com%2F1000%2F1000%2F95%2Fjpeg%2Fcatalog%2Fproduct%2F06%2FP00700369.jpg&v=3&w=800&s=JPv5PoQeAZ6VH3p5S9o5WDSo&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

d47d792552faa29ee01e2d0cc457c60bf4ad6a1ff71182e2f654614a2681904a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=18613
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 12482
expires: Thu, 08 Dec 2022 07:15:46 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8C04 6 KB
7 KB 151ms
74ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?cq=256&h=800&m=0&partner=14984&q=80&r=0&u=https%3A%2F%2Fimg.mytheresa.com%2F1000%2F1000%2F95%2Fjpeg%2Fcatalog%2Fproduct%2F39%2FP00579155.jpg&v=3&w=800&s=TXHZkIUigF4VeAL-3_Iyl7_x&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e814c46ff36574b3b3c7e459c09bad38ab55cdfa381d7fca466d08be0d59110e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=18147
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6582
expires: Thu, 08 Dec 2022 07:08:00 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8C04 6 KB
7 KB 162ms
85ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?cq=256&h=800&m=0&partner=14984&q=80&r=0&u=https%3A%2F%2Fimg.mytheresa.com%2F1000%2F1000%2F95%2Fjpeg%2Fcatalog%2Fproduct%2F9f%2FP00529748.jpg&v=3&w=800&s=0yQI19quNsF2uW95imvOck12&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

7166059e0c16a40568a025180f96f88f85ebe8ea12aa17eb9339eb3d84ed65da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=7096
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6654
expires: Thu, 08 Dec 2022 04:03:50 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 8C04 0
127 B 124ms
40ms Ping
text/plain 2a02:2638::21
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=QSxpa3DpK9cQNCKFM4ivfruqYAFZNDitQeTbklCFVmOHM1KxutIxyXOF5dQ6qpcqsnFSQfC2R4pSj16VWyRfh2DY3W4sYIshoh4smSD0JgxhPXn74letlIR4Y_0LtmAm2Hv1Eif361teH9BRrH3VXOvfbShcActFfYJvkOKng9ldrPcZC7b2eGD3JLhtQxWBCnybMNAOoFhOAgMBBCa4wly0sPS-Ay1qkjNWmVH7mOP0pCn6kfnCkRPcfzwCp_GZzNAErg&sds=2&rev=83862&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::21 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 08 Dec 2022 02:05:32 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 8C04 2 KB
1 KB 41ms
41ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 8C04 2 KB
1 KB 39ms
39ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:05:33 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ 227 B
471 B 341ms
254ms XHR
application/json 2a02:2638::24
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=132&profileId=184&cb=26609932835

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::24 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

118c115c0e53a0b3e47eeffb2ad2d6f968a974595f0ae206ada6469714139781

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.buhoblik.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 08 Dec 2022 02:05:32 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.buhoblik.org.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 197

POST
H/1.1 200
OK / Show response
xn--r1a.website/v/ Frame 956F 4 B
349 B 183ms
183ms XHR
application/json 95.216.186.40
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://xn--r1a.website/v/

Requested by

Host: telegram.org
URL: https://telegram.org/js/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.186.40 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.40.186.216.95.clients.your-server.de

Software

nginx /

Resource Hash

b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Security Headers

Name	Value
Strict-Transport-Security	max-age=35768000

Request headers

Accept: */*
Referer: https://xn--r1a.website/s/buhoblik_org_ua
X-Requested-With: XMLHttpRequest
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 02:05:33 GMT
Strict-Transport-Security: max-age=35768000
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-control: no-store
Connection: keep-alive

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame FBDD 12 KB
5 KB 42ms
41ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 478397
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2EVpuaIRpc34zvqzCKHTDqsBaWKjCVTl9dzqlbdwj5Wkhm8%2FvmYZqzj1xGPBGPuZ4D7SrT%2F%2BdqguS2amhD2uHaYz8ck5ElJZWHCp%2BAat5jA%2F1AxFzpiF57UbohP8crA5qB%2F%2BxKKzhew5wDyiOepR9u%2Fh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7761efcbabe2dc93-LHR
expires: Tue, 28 Nov 2023 02:05:33 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame FBDD 12 KB
6 KB 43ms
43ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 a13f5a089b9f4fa68a01887fffacd2e9_futurastdbook.woff
static.criteo.net/design/dt/ Frame FBDD 16 KB
16 KB 77ms
74ms Font
application/octet-stream 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/a13f5a089b9f4fa68a01887fffacd2e9_futurastdbook.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f9854564eea51b88c56b7da87ae2606311a8bc5b5f4fe6c07536ffc6d59873ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Jun 2018 14:45:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5b34f4a7-3fb8"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame FBDD 2 KB
2 KB 81ms
73ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

014a8eb9938fdc70da9e485eaf779cac811d4bc9fcd8f9c4d22da6a03334c1fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30170667
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2214
expires: Wed, 22 Nov 2023 06:50:00 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame FBDD 6 KB
7 KB 90ms
82ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?cq=256&h=800&m=0&partner=14984&q=80&r=0&u=https%3A%2F%2Fimg.mytheresa.com%2F1000%2F1000%2F95%2Fjpeg%2Fcatalog%2Fproduct%2F9f%2FP00529748.jpg&v=3&w=800&s=0yQI19quNsF2uW95imvOck12&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

7166059e0c16a40568a025180f96f88f85ebe8ea12aa17eb9339eb3d84ed65da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=7096
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6654
expires: Thu, 08 Dec 2022 04:03:50 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame FBDD 6 KB
7 KB 82ms
75ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?cq=256&h=800&m=0&partner=14984&q=80&r=0&u=https%3A%2F%2Fimg.mytheresa.com%2F1000%2F1000%2F95%2Fjpeg%2Fcatalog%2Fproduct%2F39%2FP00579155.jpg&v=3&w=800&s=TXHZkIUigF4VeAL-3_Iyl7_x&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e814c46ff36574b3b3c7e459c09bad38ab55cdfa381d7fca466d08be0d59110e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=18147
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6582
expires: Thu, 08 Dec 2022 07:08:00 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame FBDD 7 KB
7 KB 116ms
110ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?cq=256&h=800&m=0&partner=14984&q=80&r=0&u=https%3A%2F%2Fimg.mytheresa.com%2F1000%2F1000%2F95%2Fjpeg%2Fcatalog%2Fproduct%2F6b%2FP00587735.jpg&v=3&w=800&s=H0fl8OGEcvM1x4br-SZ2NNCp&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

a237bf8efb1594f3e6f6a13cd9c4ff14f004896c2d0cf7a1d705967d88e650c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=8546
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7194
expires: Thu, 08 Dec 2022 04:27:59 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame FBDD 0
128 B 54ms
40ms Ping
text/plain 2a02:2638::21
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=q40fl3DpK9cQNCKFdnDomXPIF3r-og11PxGasvLcsxe3NVCOBzmLLe-h00POGSRyQEk1NGMUq7pOsyzUHPvAQQUGo9vOO8hqfE8JSQvHhnK3vyACXCf9XygTFW582DiAJ5coGnKoNKpvbRGSiwigpslllh-V57d7zgRFIeY2TNazJdpL3Xgwce_QoxkH-Q1FXLqlljCIaLyoO3ICEbcOP12LV-da-s6fj5PQjVvSnRNziqqUMm4bV9f5bBgQTd0W7j96VT6oAOjFHRkl&sds=2&rev=83862&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::21 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 08 Dec 2022 02:05:32 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame FBDD 2 KB
1 KB 39ms
39ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame FBDD 2 KB
1 KB 40ms
39ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:05:33 GMT

GET
DATA 200
OK truncated
/ Frame DBF9 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 700a45e1a3568818b4e7e5c127132750bacef51af8e72b57fee73819b5907179

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js Show response
pagead2.googlesyndication.com/bg/ Frame C58F 36 KB
16 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=22194997&pi=t.ma~as.9722638899&w=336&lmt=1670465131&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132355&bpp=1&bdt=921&idt=188&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=2545&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=lRCc0gwZf3&p=https%3A//www.buhoblik.org.ua&dtd=191

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f70535a3f92a9738eb6c3f7eaf649d5eb288ce6e95bc8af666fef88169da25a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:48:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29847
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 17:48:06 GMT

GET
H2 200 e1eee23f36481a69453f.b.js Show response
cdn.admixer.net/scripts3/51428/ 28 KB
11 KB 134ms
133ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/e1eee23f36481a69453f.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 734b1760dd6b1371613bc5f380dc18f0d17ef81c0edf4622d5a1400c7ad9518a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc37
date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:23:01 GMT
server: nginx
etag: W/"6375fd75-702f"
vary: Accept-Encoding
x-cached-since: 2022-11-28T15:19:42+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Wed, 29 Nov 2023 15:19:42 GMT

GET
H2 200 fdabe098f34289659a17.b.js Show response
cdn.admixer.net/scripts3/51428/ 42 KB
18 KB 125ms
124ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/fdabe098f34289659a17.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: f6247007e2b6a2b034c5ac6bb537e9451f7b5ed1dd8a23979068cd4e9160e72b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc37
date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:23:02 GMT
server: nginx
etag: W/"6375fd76-a793"
vary: Accept-Encoding
x-cached-since: 2022-11-25T08:22:03+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sun, 26 Nov 2023 08:22:03 GMT

GET
H2 200 84011c43c3075e543c6d.b.js Show response
cdn.admixer.net/scripts3/51428/ 13 KB
5 KB 141ms
140ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/84011c43c3075e543c6d.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 1083eef8b7598af7e021ae80d04890c3d02220b616f472acc64656ab024ba484

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc37
date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:22:54 GMT
server: nginx
etag: W/"6375fd6e-326c"
vary: Accept-Encoding
x-cached-since: 2022-11-23T10:05:07+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Fri, 24 Nov 2023 10:05:07 GMT

GET
H2 200 7103cce7fa6705169441.b.js Show response
cdn.admixer.net/scripts3/51428/ 11 KB
4 KB 137ms
136ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/7103cce7fa6705169441.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: da5a6aaf22887d6be1d6aaf85b1bf31db6372817faeef47bd9f21b89fcb78109

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc37
date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:22:53 GMT
server: nginx
etag: W/"6375fd6d-2a79"
vary: Accept-Encoding
x-cached-since: 2022-11-25T08:22:04+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sun, 26 Nov 2023 08:22:04 GMT

GET
H2 200 f744d5275c14e0b3b41a.b.js Show response
cdn.admixer.net/scripts3/51428/ 216 KB
75 KB 151ms
151ms Script
application/javascript 2a03:90c0:41:2801::62
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/51428/f744d5275c14e0b3b41a.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 7dc2f5e7cae7a1e20249f7624c440a190bdc76f3a11ac17e6676cc5acd8eedb4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc37
date: Thu, 08 Dec 2022 02:05:33 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:23:02 GMT
server: nginx
etag: W/"6375fd76-360b6"
vary: Accept-Encoding
x-cached-since: 2022-11-28T16:49:41+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Wed, 29 Nov 2023 16:49:41 GMT

POST
H2 204 events
bidder.criteo.com/csm/ 0
220 B 40ms
39ms Ping
text/plain 2a02:2638::24
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::24 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.buhoblik.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://www.buhoblik.org.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H/1.1 204
No Content ev_prebid.aspx
inv-nets.admixer.net/ 0
220 B 45ms
44ms Image
text/plain 146.0.227.109
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/ev_prebid.aspx?cc=GB%2FENG%2FMAN%2F2643123&am-uid=b3a9bf0a131e4c9aa854215b98819b82&zone=DAB6BE62-B1E7-4D05-A12C-0A70B3291504&device=28&rule=A115463E-E95D-4D45-91E3-2BE636EF4375&requestId=a30b860b-17e6-41e0-93da-882e3667d749&hp=-967666016&page=www.buhoblik.org.ua%2F&segments=2%2C4%2C494&ts=638060619329148527&ap=MA%3D%3D&asign=1377317567&sync=3%2C88&bt=3&carr=M247+Europe+SRL&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=1A4D80BD-B81F-427C-A6F6-12DD363AA495&inst=ADS-EU-6&pxl=0&pvid=ab0639c3-c52d-481f-a343-c691d1d6bce2&ip=217.138.196.102&item=B980198E-7D27-4345-9615-F31943C77F0C&crid=B980198E-7D27-4345-9615-F31943C77F0C&size=240x400&profile=346392F6-218B-4A4F-8151-E8B46F15EB2A&isopt=0&adv=Criteo+RU&dsp=Criteo+DE&dstUrl=http%3A%2F%2F&cet=18&sw=[e=screen.width]&sh=[e=screen.height]

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 08 Dec 2022 02:05:33 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 151ms
60ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221130&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4eb6980ea354bab411357b2b35d805ba3d885a3259a569a4c4fa13fcdc750bf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11284
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 1A3D 15 KB
6 KB 117ms
39ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.buhoblik.org.ua

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

d0f07190791630edc058ad6e5a33a3cda6a8f85c470e593ce0bbed46ffec148b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:05:33 GMT
server: Kestrel
server-processing-duration-in-ticks: 731466
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame 1A3D
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=buhoblik.org.ua&sn=ChromeSyncframe&so=0&topUrl=www.buhoblik.org.ua&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=cQlXLHxiNnZoem5DNTlSZVFIa2VXZ0VMeUU3VDNtQ0FRUlJxUUhDQ3NuVVFkNE9nMm1WbG8yM2h0VU9hYmhGR3BNMVg3aWZwbnA4N3J5Y3ZFc3pGQ2VCNFh6WEV3N3F3NnIwNTh0R0NuMkhickV1ZlllOXlDUXVrQzZJZ2...

419 B
646 B

142ms
41ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=cQlXLHxiNnZoem5DNTlSZVFIa2VXZ0VMeUU3VDNtQ0FRUlJxUUhDQ3NuVVFkNE9nMm1WbG8yM2h0VU9hYmhGR3BNMVg3aWZwbnA4N3J5Y3ZFc3pGQ2VCNFh6WEV3N3F3NnIwNTh0R0NuMkhickV1ZlllOXlDUXVrQzZJZ210R1RzYW43WEpUNjZTWnZ3dmhlVmVSTWVHSUsyaHRFeUhQYzRNbWt4U0RsNnNtdVZRVTBWcUsvUmdTR3BkdXJxemZlSjNxUURkZ0JLK1FLMTBPSDJXWUNMYUtaOTdqeXNtdFg5VU0yYXZKNXhjOGtPYXFlWTA5RmlleC91dXNaSk1WdFVObmZkSHpOR3VRZGZCREo2RjlsL3FPdnpHUT09fA&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

76e80e10f58133092fe5bb6257d2fc6e178670e4bdbb1838789de24eecfe0a25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 02:05:34 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2317183
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=cQlXLHxiNnZoem5DNTlSZVFIa2VXZ0VMeUU3VDNtQ0FRUlJxUUhDQ3NuVVFkNE9nMm1WbG8yM2h0VU9hYmhGR3BNMVg3aWZwbnA4N3J5Y3ZFc3pGQ2VCNFh6WEV3N3F3NnIwNTh0R0NuMkhickV1ZlllOXlDUXVrQzZJZ210R1RzYW43WEpUNjZTWnZ3dmhlVmVSTWVHSUsyaHRFeUhQYzRNbWt4U0RsNnNtdVZRVTBWcUsvUmdTR3BkdXJxemZlSjNxUURkZ0JLK1FLMTBPSDJXWUNMYUtaOTdqeXNtdFg5VU0yYXZKNXhjOGtPYXFlWTA5RmlleC91dXNaSk1WdFVObmZkSHpOR3VRZGZCREo2RjlsL3FPdnpHUT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 537524
content-length: 0
expires: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 72ms
72ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 02:05:34 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0DC0 13 KB
5 KB 45ms
44ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 4855
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 00:44:39 GMT
expires: Fri, 08 Dec 2023 00:44:39 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0268 783 B
1 KB 156ms
58ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cd0208d2e3f050ced902d2f7da87c0a8baa34350c048cac9b86e6207bd8e9be9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ScJrqSS3jV1oP9ACFfbEyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-ScJrqSS3jV1oP9ACFfbEyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:05:34 GMT
expires: Thu, 08 Dec 2022 02:05:34 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js Show response
pagead2.googlesyndication.com/bg/ Frame 0DC0 36 KB
16 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f70535a3f92a9738eb6c3f7eaf649d5eb288ce6e95bc8af666fef88169da25a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:48:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29848
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 17:48:06 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B034 42 B
64 B 80ms
79ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvGCRHnMeuXeWnNipEbqucSVy5YPR8FcSFe-tDftMexyuqmSPMP4cvsjWWTfueJRsl8J6e5abZFCHN3_CwC88sx68LJ&sig=Cg0ArKJSzFrhExdy5RC7EAE&id=lidar2&mcvt=1015&p=0,0,280,730&mtos=1015,1015,1015,1015,1015&tos=1015,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3078983205&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670465132528&rpt=694&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 02:05:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0268 0
0 78ms
78ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221130&jk=1812532577528466&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0DC0 0
10 B 44ms
44ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?JLXTmw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:05:34 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame FBDD 0
127 B 40ms
40ms Ping
text/plain 2a02:2638::21
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::21 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 08 Dec 2022 02:05:33 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 81ms
81ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221130&jk=1812532577528466&bg=!qqmlqe3NAAa7eOFIm3g7ACkAdvg8WrRBwL2_q_9365iYGO5hCDRpHx3qhZf5T042uIN2XFEqJFY4xgIAAABeUgAAAANoAQcKABUIe_Rv09w-Eg2Jx-PjNwM8-KHqPlWZAqG2wyXKXNi7wsjgQQ0A-nViaepq8YaEHjByXSslJNcsYCADMBg4wgv2Fv4yJBjbl93khiJOijE7jG4Im08NSQNRrVZ-72xkUHSHVTKQ0hKc9qo3bG2KaSiocIbzsgwlvp9s3RYJJfphbaXtPCOHeX5Swy8HrqWEojQQaInxg58d7ivmjQDGHjADN7pBEOl_pgfRZ62GCoPJo0BthFupS5-UXAlMYsNisvi4n6Yl-bfMSUFJo1jFTpkL1RrUc5AAjs3-nLC6ndVG5TO947789jm2JrW80q37E0oZ4N5OQE0Xk6LY77NlIbJd-hJuIGG4RtGxH9Vww6LgGeolu0b2Hv5CtustT95tpUAWYXJtuKYtv9EUQnBFiEny9ItuEXqP5qyRDIMM2cLXXqWhdiHAh-sEaDAhPGX92R6nwD22865YHPeBTq-fXVjRYRFkqJTfXzhf7Q0aqr9VHnPiTblMWMEuIy9tT0YN5J9hi7V_6CpjC3VQBjA8McmuHCJzbS6qAJRQO2BC71PS_EzdE61Zzl9kwJ2gdwPXLOmsSyHr-eedCBQFo3ojZRiKWIH_rcGdUS-UNFvmxwIGKnQE3BOSf5OYuk80tP1LDckOFuFZ6y4Dh5xsDrzbNA00pr6bShbDidOfqiOvMpgXK0-WKuKLPKndnNUdt5rNOwhS8OdXW2snC6uFrpNQ8rCEp0MCrRuMhVjEbh0KNIoQzTJAYUwdgNRtyr_oIiu1HPxo-dlxL4goK26ASHWsIP_rvf3R_joJxyKtpJwYXGWbwT8gCk66RhSMJVYZ7Qivhhe0pfKCKNO7ZtyItDBSwla6YBMmCwubcjPxQRmM6MC8dE6XkYGOH26G-dJqzAKlGU4MpfVi7jrE7d5luu325GilhFovwI2Yk1Ih
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H/1.1 204
No Content logcz.aspx
inv-nets.admixer.net/ 0
220 B 45ms
44ms Image
text/plain 146.0.227.109
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/logcz.aspx?zone=dab6be62-b1e7-4d05-a12c-0a70b3291504

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 08 Dec 2022 02:05:35 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

Verdicts & Comments Add Verdict or Comment

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.admixer.net/bs	1970-01-20 10:10:41	Name: am-uid Value: b3a9bf0a131e4c9aa854215b98819b82
www.buhoblik.org.ua/	1969-12-31 23:59:59	Name: 54328dacc8285ec61fa19f90fac03db6 Value: e0e133da5c24869448f48f813a9f795b
.buhoblik.org.ua/	1970-01-20 17:37:05	Name: __utma Value: 21695912.992438325.1670465132.1670465132.1670465132.1
.buhoblik.org.ua/	1969-12-31 23:59:59	Name: __utmc Value: 21695912
.buhoblik.org.ua/	1970-01-20 12:23:53	Name: __utmz Value: 21695912.1670465132.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.buhoblik.org.ua/	1970-01-20 08:01:05	Name: __utmt Value: 1
.buhoblik.org.ua/	1970-01-20 08:01:06	Name: __utmb Value: 21695912.1.10.1670465132
www.buhoblik.org.ua/	1969-12-31 23:59:59	Name: Value: store.test
.buhoblik.org.ua/	1970-01-20 17:22:41	Name: __gads Value: ID=0e21d9edfdbca963-22ed0104ccd90076:T=1670465132:RT=1670465132:S=ALNI_MbgpI7hWG__DPXFePGchs5MJ1ftzw
.buhoblik.org.ua/	1970-01-20 17:22:41	Name: __gpi Value: UID=00000b8f6af17b6d:T=1670465132:RT=1670465132:S=ALNI_MZfQIkQ5Yy747eLkyrRg7Ch_BCDFQ
xn--r1a.website/	1970-01-20 08:02:31	Name: stel_ssid Value: bac48f436ed7b6e936_5101141601960381834
.admixer.net/	1970-01-20 10:10:41	Name: am-uid Value: b3a9bf0a131e4c9aa854215b98819b82
www.buhoblik.org.ua/	1970-01-20 08:11:09	Name: am-uid Value: b3a9bf0a131e4c9aa854215b98819b82
.doubleclick.net/	1970-01-20 17:22:41	Name: IDE Value: AHWqTUmoqRdEQ5PtBUhhG-rKb4Y99BZ9UxQ6Cu5RG72w8Y3E9wcFEUdsWHloDhxWVUE
.doubleclick.net/	1970-01-20 08:01:06	Name: test_cookie Value: CheckForPermission
.pubmatic.com/	1970-01-20 08:02:31	Name: KTPCACOOKIE Value: YES
.adnxs.com/	1970-01-20 10:10:41	Name: uuid2 Value: 651678640682378109
.creativecdn.com/	1970-01-20 16:46:41	Name: u Value: eZXhDUtcF4zTaHBmB0IB
.creativecdn.com/	1970-01-20 16:46:41	Name: ts Value: 1670465133
.pubmatic.com/	1970-01-20 10:10:41	Name: SyncRTB3 Value: 1671667200%3A220
.pubmatic.com/	1970-01-20 16:46:41	Name: KADUSERCOOKIE Value: B1084392-AB3C-4D9B-8419-A03CDA794830
.bidswitch.net/	1970-01-20 16:46:41	Name: tuuid Value: f4f87abd-1a9d-4304-a9f2-84fa9b055e00
.bidswitch.net/	1970-01-20 16:46:41	Name: c Value: 1670465133
.bidswitch.net/	1970-01-20 16:46:41	Name: tuuid_lu Value: 1670465133
.mytheresa.com/	1970-01-20 16:46:41	Name: tc_cj_v2 Value: ~%24.%2B%27%7B4y%2B-%2AZZZ%7D-%24%2F%20%2AZZZKPQJNPOKMMJJJZZZpc_q
.mytheresa.com/	1970-01-20 16:46:41	Name: tc_cj_v2_cmp Value: %7D-%24%2F%20%2Ay%22%7C
.mytheresa.com/	1969-12-31 23:59:59	Name: TC_CHECK_COOKIES_SUPPORT Value: 1
.mix-phoenix.commander1.com/	1970-01-20 16:46:41	Name: tc_cj_v2 Value: ~%24.%2B%27%7B4y%2B-%2AZZZ%7D-%24%2F%20%2AZZZKPQJNPOKMMJJJZZZpc_q
.mix-phoenix.commander1.com/	1970-01-20 16:46:41	Name: tc_cj_v2_cmp Value: %7D-%24%2F%20%2Ay%22%7C
.pubmatic.com/	1970-01-20 08:02:31	Name: pi Value: 160846:3
.pubmatic.com/	1970-01-20 10:10:41	Name: chkChromeAb67Sec Value: 2
.commander1.com/	1970-01-20 16:46:41	Name: TCID Value: 202212080305335379793106
.mytheresa.com/	1970-01-20 16:46:41	Name: CAID Value: 202212080305335379793106
.criteo.com/	1970-01-20 17:22:41	Name: uid Value: a62a48a3-a723-44e7-a24d-643896f5059c
.buhoblik.org.ua/	1970-01-20 17:22:41	Name: cto_bundle Value: a8Qpgl90ZmpEQ2xHRWdXNHpxaVU0RzRuaGQzY2phUlBFREpVOVUlMkJESjVGdjBEa0VYeGdERzNJVnZoazhrcko5QXcxeTBPRHU4MnhGYkdWUTc1M3ZRbmYzN1Z5UHkxTTNBSklPOUkyd1BUVFNTSDlsSnV5NFpOMFdiS0xOcEhWS0FuUiUyRm9oYVNOdVR3U3hYUHZuNU53TW9DYWpRJTNEJTNE

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=907449002&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1670465131&rafmt=1&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670465132356&bpp=2&bdt=921&idt=198&shv=r20221130&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=1909117908703&frm=20&pv=1&ga_vid=992438325.1670465132&ga_sid=1670465132&ga_hid=283020213&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=4384&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777508%2C31071219&oid=2&pvsid=1812532577528466&tmod=1957902399&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=kThHvqddpZ&p=https%3A//www.buhoblik.org.ua&dtd=200 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.co.uk
adservice.google.com
avto-oblik.com.ua
bidder.criteo.com
bidswitch-eu.splicky.com
buhoblik.org.ua
cat.nl.eu.criteo.com
cdn.admixer.net
cdn4.telegram-cdn.org
cdnjs.cloudflare.com
cm.g.doubleclick.net
creativecdn.com
cs.mytheresa.com
csm.eu.criteo.net
googleads.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
inv-nets.admixer.net
m.trafmag.com
mix-phoenix.commander1.com
mug.criteo.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
prebid-eu.creativecdn.com
rtb.fr.eu.criteo.com
ssl.google-analytics.com
static.criteo.net
telegram.org
tpc.googlesyndication.com
www.buhoblik.org.ua
www.google.com
www.google.com.ua
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
xn--r1a.website
142.250.186.66
146.0.227.109
157.90.167.185
178.250.0.157
178.250.2.148
185.184.8.90
185.64.189.110
185.89.211.116
193.200.65.6
198.47.127.18
198.47.127.20
2001:41d0:602:3b8e::
2001:67c:4e8:f004::9
2606:4700::6811:190e
2a00:1450:4001:801::2002
2a00:1450:4001:806::2002
2a00:1450:4001:806::2003
2a00:1450:4001:812::2003
2a00:1450:4001:813::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::2008
2a00:1450:4001:829::2004
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a02:2638:1::13
2a02:2638:1::3
2a02:2638:1::4
2a02:2638:1::8
2a02:2638::2
2a02:2638::21
2a02:2638::24
2a03:90c0:41:2801::62
2a06:6440:0:2d02::1
34.111.35.152
35.181.77.138
52.57.192.79
95.216.186.40
002a93857ca724d4828a347c2b419a56eabfd275f206a5febc48246ccfe5830d
014a8eb9938fdc70da9e485eaf779cac811d4bc9fcd8f9c4d22da6a03334c1fa
052155039c13b233f324882bd10dc38150b5bd74fb44f27c0ead4d518fbc901b
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0ee54816dfd32cf06ebd4bf55696746574a131a03db4ad29564d81a4ed9895ac
1083eef8b7598af7e021ae80d04890c3d02220b616f472acc64656ab024ba484
118c115c0e53a0b3e47eeffb2ad2d6f968a974595f0ae206ada6469714139781
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
197842ab0690f44d9147718721598549a78b1eba15377b36dafa63d7b1d22885
1d08840a75c155fca6642bcc3d7ecc34497f6e0d19d030b1f2e0e249c753cfa3
1da67e20c0a4ac1486f38f01e01cdb805992a3f857ef49dccd9529e6b7571d0c
1e965485436a460b6ffc44695b148993598bd4e6cdb8447a547fb5609e3ca152
2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6
25acfe84806b66b7cd6fa3c4f94183e78a32025415c2bd01d3dfb16340ab2e47
26345a9625172670562d7ab2395db6bd15311e0f6cf5e66f2b4478bd994a7f6d
270da210042927d64ae9d90ac346efb9251673a97dca3bce20cb86bac11fe8de
281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340
2c9a2879929c9fdef7095f7a7e50abcce73f7479a9739e30be86f9cc5bb5de64
300f0e5cd7e6a55318ef4b6d6a8653cb359cf1fe6dec6876bbe78804b898eb72
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32ae77196cf412d763b87b2aa85b038f536201a0df7164ed74581402b4733511
33a2f32349a6984f77f2cd427708c9ae0002bfc90594182bbc809b71ee0cdfde
358441f0368d05be0aa1f32c6a77c5cbb461b95a63052186bc9afe6d5efdfea5
377d27d86822418762eb956a7d4eec9823d6a9d3fd6f6d3ca0d63fdf374a0b69
3ab6bdc45b9e7ecded30d4f1c7b2215e990f446f331d3b646dffd6bb2c081c1c
3e70e149a35f394bb78ef7842de11a06359fed7828f30331594a28d196c54012
41b5c3b25f4258190937deb900fa57a6db6d450ce7dd2af2259af760119a1c41
4a003dc58f3e95a18e44712b9161181319e6a40613242cbcac158f6dc8d7339d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eb6980ea354bab411357b2b35d805ba3d885a3259a569a4c4fa13fcdc750bf9
4f70535a3f92a9738eb6c3f7eaf649d5eb288ce6e95bc8af666fef88169da25a
536dab3f6cefa51f81e172ead35c79e2de704da110f4ee6e8286c3fa782467f2
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
546c5cf136073615afda5cab173feff341171a26a848cf7ce09bb8bd8b07ce89
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69
680f6e9a0e9f9d8c145e11d6937f688ff4299215d44bf0a54368ffc6acdbfc51
6a1ea392e1f9bd794a33456a68a687eae2f67ab8a6723e619aeac86a2e6cea1b
6a82502c1baab28ba6f410aa012fff53bd4f01d8de430e54589e583a0dc3ce80
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d971b8686258f229e7f4437952b28345bbcbabb5d23045c7bf1e53d00ad3602
700a45e1a3568818b4e7e5c127132750bacef51af8e72b57fee73819b5907179
7166059e0c16a40568a025180f96f88f85ebe8ea12aa17eb9339eb3d84ed65da
723619cee11ee97c391375fef6a9671de7bf34137d8e62916fcdbd0275ec791b
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
734b1760dd6b1371613bc5f380dc18f0d17ef81c0edf4622d5a1400c7ad9518a
76e80e10f58133092fe5bb6257d2fc6e178670e4bdbb1838789de24eecfe0a25
7728946db189aa5afd0b17d585fd24521909793a688ec2ef72c019a8bf92dc97
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
7dc2f5e7cae7a1e20249f7624c440a190bdc76f3a11ac17e6676cc5acd8eedb4
7ffc06b427937db597d898aa234e14f2735ef69882fee1b97c6c2a44cd2b4c7f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974
87f31cded62015a1d11cce6be7a32b77405de2fb36f4b8a7c2c5a4ccabd6a403
88467b23c1044f571783e76997720036df1c0a9925eee5f428c7ff150fa7da56
89c114dc23d61c6b428f26c214e96d1fd49b43c8f777c8fcbb9ffdee7a84d81f
8dfbfa16c85400143f85eb24eef8df723fd19c190f841c2c5ff22b8d0a5eeb09
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f134d02dbaaa69fde869549843924df75159df9a772686e86d6621235df5f61
94ee379c2fd3a709a328f067157f8845510400db1fd4825ad1e491efb4d47f69
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9f40990683165a6c0b9eabab4ffbb1b6a2fb9617b2fe3101ee64299245dfe743
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a237bf8efb1594f3e6f6a13cd9c4ff14f004896c2d0cf7a1d705967d88e650c8
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4d35007c83b3689910808811412e63293a2ae2abf1180a2dbaf4b3f7bb91ce9
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
ae86fbf63a1c570b0f33ecb93d5a79f6e1cb718187d92332724ce7bc8dfdc831
b4dc7118464c434f7caac42fd0535dac1102dfcace0feb4c35e3bb29594b14c3
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b87673d5f4085602ca52a2a9f1e923a436cfd682dce3050cf78fb11630e8f682
bb83687b87da3f2b2688c6c32acf28854d343949077e7b73db9581c186653479
bbf6db7bd845ce4fc37ec8f8cccc488c4b98b8f52ae1086bbd04cf1a4a08a8df
bce2f309470952b7affa62ff4d91b454334c68cefa541429b502904d20696875
c6d254ee6b05a14666952b2b7629dedc518103bfed8a8d6ee0c1cbe28f76c6fd
c700c5e7b951d50a027635d10c24b00467be5503a66da47c9a70ffc4e9ba45fa
cd0208d2e3f050ced902d2f7da87c0a8baa34350c048cac9b86e6207bd8e9be9
cf834601aa3e59f6a61453790dc88447b3d3910cc297be5f7891c41cc0ca21e9
d097bda59092b06b5bb3051bbef1791e8a7fc533a5aa62e40e898b3ec9308249
d0f07190791630edc058ad6e5a33a3cda6a8f85c470e593ce0bbed46ffec148b
d450f882e787c237d4d1655ce8e655245b839c0baabfd2741831c90c1cc59828
d47d792552faa29ee01e2d0cc457c60bf4ad6a1ff71182e2f654614a2681904a
da5a6aaf22887d6be1d6aaf85b1bf31db6372817faeef47bd9f21b89fcb78109
daa086b24cbd2610eb3261446100ff513a4526c5b2bce41e758629f5cd8a6a20
dd6e691a27d07125e04993917cfb3f75ac9d8926f6b66d7c2e45368aa130e660
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b7033bdd850b9dd9847fb31e63627e352e38a3cb5cf5a483ca3d2cc1093c58
e59d8c09b277f6914f2ff5b4f28a68e60f162530bb5eb6025763955f132fb93b
e814c46ff36574b3b3c7e459c09bad38ab55cdfa381d7fca466d08be0d59110e
e8e3712c59449f3327913b216764929c02e1b0ac24b7e373a6ef65b4a8fb4587
eb46d82ef6f86859f18e379660e0f45b85c6f69fa97111905f0c125a08506376
ecd2e45fcd6ed0f17eaefccd72cdb8253be8673636adcbf3f8902aeeed654fe2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efaba744bbd7e1347c4b855e9bbb86f1aaf8c980dcdf85b1f61e3de251226727
f066f881ead135cd4ee88cf0c80ddb796f8841fc536a7950d4f7102e0502be2f
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f6247007e2b6a2b034c5ac6bb537e9451f7b5ed1dd8a23979068cd4e9160e72b
f9854564eea51b88c56b7da87ae2606311a8bc5b5f4fe6c07536ffc6d59873ea
f9bd4f4b633a637883bc18be883d69ab6b3bd3329b81bd8b42f4cedfd9a4a6d0
f9c1e1da0c197ca101c6fd5ae899d10951dd43316c4ed6b3c9bd38877e79023a
f9dad740bc26e73ac710da1f590f3d451e88b0ed4a5056207b23f7c1194e03cb
fa25209f272c0103dba319231dbf780c705b60fa76d39a48dfd05bf34791b5e6
fea9410090e77370f2d0d4d67902794536bada2b9db8bb8b5fa859c65d2c4e2c

www.buhoblik.org.ua Open in urlscan Pro 2a06:6440:0:2d02::1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

147 Requests

95 %HTTPS

61 %IPv6

26 Domains

41 Subdomains

32 IPs

9 Countries

2610 kBTransfer

5147 kBSize

35 Cookies

0 Outgoing links

Page URL History

Redirected requests

147 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.buhoblik.org.ua Open in urlscan Pro
2a06:6440:0:2d02::1 Public Scan

Screenshot
Live screenshot

Full Image

147
Requests

95 %
HTTPS

61 %
IPv6

26
Domains

41
Subdomains

32
IPs

9
Countries

2610 kB
Transfer

5147 kB
Size

35
Cookies

147 HTTP transactions
4 data transactions